[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [Qemu-devel] [PATCH v4 2/3] qapi: fix crash when a par
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-stable] [Qemu-devel] [PATCH v4 2/3] qapi: fix crash when a parameter is missing |
|
Date: |
Thu, 29 Sep 2016 17:42:38 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Marc-André Lureau <address@hidden> writes:
> Calling:
>
> { "execute": "qom-set",
> "arguments": { "path": "/machine", "property": "rtc-time" } }
>
> Will crash with:
>
> qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err != !*obj'
> failed
This is actually a recent regression. Let's add "Broken in commit
5c678ee." Can do on commit.
> Clear the obj and return an error.
>
> The patch also fixes a similar potential crash in qmp_input_type_null()
> by checking qmp_input_get_object() returned a valid qobj.
>
> Signed-off-by: Marc-André Lureau <address@hidden>
> Reviewed-by: Eric Blake <address@hidden>
> ---
> qapi/qmp-input-visitor.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
> index 64dd392..fc91e74 100644
> --- a/qapi/qmp-input-visitor.c
> +++ b/qapi/qmp-input-visitor.c
> @@ -338,6 +338,12 @@ static void qmp_input_type_any(Visitor *v, const char
> *name, QObject **obj,
> QmpInputVisitor *qiv = to_qiv(v);
> QObject *qobj = qmp_input_get_object(qiv, name, true);
>
> + if (!qobj) {
> + error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
> + *obj = NULL;
> + return;
> + }
> +
> qobject_incref(qobj);
> *obj = qobj;
> }
> @@ -347,6 +353,11 @@ static void qmp_input_type_null(Visitor *v, const char
> *name, Error **errp)
> QmpInputVisitor *qiv = to_qiv(v);
> QObject *qobj = qmp_input_get_object(qiv, name, true);
>
> + if (!qobj) {
> + error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
> + return;
> + }
> +
> if (qobject_type(qobj) != QTYPE_QNULL) {
> error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
> "null");