OCaml's fixed-width integers only come in signed flavor (int32, int64).
Because of this, we currently map C's uint32_t and uint64_t types to
OCaml's int32 and int64 types, respectively.

Unfortunately, this can be considered a security bug: when the most
significant bit of a C-language uint32_t or uint64_t value is set, it is
reinterpreted (in two's complement representation) as a negative value in
OCaml. This can cause various issues; it can for example make OCaml loops
that should be strictly progressing go backwards (and run infinitely).

Try to mitigate this issue at least for uint32_t: widen it to OCaml's
int64 type. In the inverse direction (i.e., narrowing int64 to uint32_t),
raise an OCaml Invalid_argument exception upon a range error.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2040610


Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220114133833.24835-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>