qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/3] qapi: return a 'missing parameter' error

From: Marc-André Lureau
Subject: Re: [Qemu-devel] [PATCH 1/3] qapi: return a 'missing parameter' error
Date: Wed, 21 Sep 2016 12:07:52 -0400 (EDT) 
Hi

----- Original Message -----
> Aha, we got a different bug fix!  The old code fails to fail when the
> parameter doesn't exist.  Instead, it sets *obj = NULL, which seems very
> likely to crash QEMU.  Let me try... yup:
> 
>     { "execute": "object-add",
>       "arguments": { "qom-type": "memory-backend-file", "id": "foo" } }
> 
> Kills QEMU with "qemu/qom/object_interfaces.c:115: user_creatable_add_type:
> Assertion `qdict' failed."
> 
> Either fix this in a separate patch before this one, or cover it in this
> one's commit message.  Your choice.
> 
> A separate patch might be usable for qemu-stable.

It looks to me that this is a different bug. 

visit_type_q_obj_object_add_arg_members() doesn't call visit_type_any() if 
"props" is missing (it's optionnal).

And arg is zero'ed in qmp-marshal, and the assert() was added in 
ad739706bbadee49. I am trying to fix that regression.

> 
> > @@ -345,8 +379,11 @@ static void qmp_input_type_any(Visitor *v, const char
> > *name, QObject **obj,
> >  static void qmp_input_type_null(Visitor *v, const char *name, Error
> >  **errp)
> >  {
> >      QmpInputVisitor *qiv = to_qiv(v);
> > -    QObject *qobj = qmp_input_get_object(qiv, name, true);
> > +    QObject *qobj = qmp_input_get_object(qiv, name, true, errp);
> >  
> > +    if (!qobj) {
> > +        return;
> > +    }
> >      if (qobject_type(qobj) != QTYPE_QNULL) {
> >          error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name :
> >          "null",
> >                     "null");
> 
> Same bug, I think, but I don't have a reproducer handy.
> 
> > @@ -356,7 +393,7 @@ static void qmp_input_type_null(Visitor *v, const char
> > *name, Error **errp)
> >  static void qmp_input_optional(Visitor *v, const char *name, bool
> >  *present)
> >  {
> >      QmpInputVisitor *qiv = to_qiv(v);
> > -    QObject *qobj = qmp_input_get_object(qiv, name, false);
> > +    QObject *qobj = qmp_input_get_object(qiv, name, false, NULL);
> >  
> >      if (!qobj) {
> >          *present = false;
> 
> Thanks for following my suggestion to move the "Parameter FOO is
> missing" error into qmp_input_get_object()!  You fixed two crash bugs
> that way :)
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]