feat: caml_fatal_error on misuse of deserialize functions
#12635
Conversation
MisterDA
force-pushed
the
intern_state_refactor
branch
from
3a3e5a8
to
57023f0
Compare
runtime/intern.c
Outdated
| if (Caml_state->intern_state == NULL) | ||
| caml_fatal_error ( | ||
| "intern_state not initialized: " | ||
| "this function can only be called from a `caml_input_*` entrypoint." |
There was a problem hiding this comment.
I'm ok with the first line of the error message "intern_state not initialised". I don't know whether the rest of the message is clarifying the error more "this function can only be called from a caml_input_* entrypoint.".
When will this error occur? Is it that caml_deserialise_* was called directly without calling one of the caml_input_* functions?
There was a problem hiding this comment.
When will this error occur? Is it that
caml_deserialise_*was called directly without calling one of thecaml_input_*functions?
Exactly. In that case, before this PR, the field intern_src pointing to the source of the marshaled data won't have been populated, and would be accessed, leading to the nullptr dereference. By splitting initialization of the structure (in init_intern_state) and then access (with get_intern_state), we can check whether it has been provided a marshaled data source, and error if not (admittedly nicer than a segfault).
There was a problem hiding this comment.
May I request that you add a testcase for this under testsuite/tests/lib-marshal?
Also, the message can be more clear. Instead of
"this function can only be called from a
caml_input_*entrypoint."
How about
"It is likely that caml_deserialize_* function was called without going through
caml_input_*.
There was a problem hiding this comment.
May I request that you add a testcase for this under testsuite/tests/lib-marshal?
Maybe easier said than done? As the functions raise a fatal error, I can only test one of them by process. A failwith would allow to catch the exception and recover.
There was a problem hiding this comment.
Maybe easier said than done?
This is doable. See .run files in the test suite for how it is done. But it is not worth the trouble here as the bytecode and native code behaviours will diverge. Bytecode will perform an intern at
Line 566 in 225f2f3
before user code is run. This will cause any test to not cause a fatal error, which is different from native code.
These should only be called from within a `caml_input_*` entrypoint context. Otherwise, the field `intern_src` of `struct caml_intern_state` won't have been populated, and a null pointer dereference occurs.
Split out `init_extern_stack` into a separate function, so that the code for initializing and resetting the intern_state stack is not duplicated.
MisterDA
force-pushed
the
intern_state_refactor
branch
from
57023f0
to
0bd5c19
Compare
Mimicking #12171, this PR gets
intern.ccloser toextern.c. It fixes a problem with possible misuse of deserialize functions, as these should only be called from within acaml_input_*entrypoint context. Otherwise, the fieldintern_srcofstruct caml_intern_statewon't have been populated, and a null pointer dereference occurs.cc @askvortsov1 and @gasche who authored and reviewed the original PR.