qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 02/10] qapi: fail hard on stack imbalance

From: Luiz Capitulino
Subject: Re: [Qemu-devel] [PATCH 02/10] qapi: fail hard on stack imbalance
Date: Mon, 26 Mar 2012 11:15:46 -0300 
On Thu, 22 Mar 2012 12:51:04 +0100
Paolo Bonzini <address@hidden> wrote:

> QmpOutputVisitor will segfault if an imbalanced end function is
> called.  So we can abort in QmpInputVisitor too.
> 
> Signed-off-by: Paolo Bonzini <address@hidden>
> ---
>  qapi/qmp-input-visitor.c |    5 +----
>  1 files changed, 1 insertions(+), 4 deletions(-)
> 
> diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
> index e6b6152..b4013cc 100644
> --- a/qapi/qmp-input-visitor.c
> +++ b/qapi/qmp-input-visitor.c
> @@ -77,11 +77,8 @@ static void qmp_input_push(QmpInputVisitor *qiv, const 
> QObject *obj, Error **err
>  
>  static void qmp_input_pop(QmpInputVisitor *qiv, Error **errp)
>  {
> +    assert(qiv->nb_stack > 0);
>      qiv->nb_stack--;
> -    if (qiv->nb_stack < 0) {
> -        error_set(errp, QERR_BUFFER_OVERRUN);
> -        return;
> -    }
>  }

Just to confirm: this can't be triggered by malicious clients, right?

The original series submitted by Michael had this, but I asked him to
change because I thought clients could trigger it. But by reading the code
now it seems to me that the end_struct() function is only generated by types
we know about.

>  
>  static void qmp_input_start_struct(Visitor *v, void **obj, const char *kind,
reply via email to
[Prev in Thread] Current Thread [Next in Thread]