Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74, this patch omits the upstream changes to 'Changes' and 'VERSION'. http://seclists.org/oss-sec/2016/q2/170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74 --- byterun/alloc.c | 4 ++-- byterun/intern.c | 2 +- byterun/str.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/byterun/alloc.c b/byterun/alloc.c index 96a21bf..0db9947 100644 --- a/byterun/alloc.c +++ b/byterun/alloc.c @@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags) /* [size] is a [value] representing number of words (fields) */ CAMLprim value caml_alloc_dummy(value size) { - mlsize_t wosize = Int_val(size); + mlsize_t wosize = Long_val(size); if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); @@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity) /* [size] is a [value] representing number of floats. */ CAMLprim value caml_alloc_dummy_float (value size) { - mlsize_t wosize = Int_val(size) * Double_wosize; + mlsize_t wosize = Long_val(size) * Double_wosize; if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); diff --git a/byterun/intern.c b/byterun/intern.c index 89d13d1..7b8d049 100644 --- a/byterun/intern.c +++ b/byterun/intern.c @@ -291,7 +291,7 @@ static void intern_rec(value *dest) case OFreshOID: /* Refresh the object ID */ /* but do not do it for predefined exception slots */ - if (Int_val(Field((value)dest, 1)) >= 0) + if (Long_val(Field((value)dest, 1)) >= 0) caml_set_oo_id((value)dest); /* Pop item and iterate */ sp--; diff --git a/byterun/str.c b/byterun/str.c index 5ad4e29..885772f 100644 --- a/byterun/str.c +++ b/byterun/str.c @@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2) CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2, value n) { - memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n)); + memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n)); return Val_unit; } @@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init) CAMLprim value caml_bitvect_test(value bv, value n) { - int pos = Int_val(n); + intnat pos = Long_val(n); return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7))); } -- 2.7.4 mmit message (Expand)