From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53099) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmk4c-0002ro-LJ for qemu-devel@nongnu.org; Wed, 21 Sep 2016 12:08:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bmk4X-0002yc-Gz for qemu-devel@nongnu.org; Wed, 21 Sep 2016 12:08:37 -0400 Received: from mx6-phx2.redhat.com ([209.132.183.39]:42046) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmk4X-0002yJ-5Q for qemu-devel@nongnu.org; Wed, 21 Sep 2016 12:08:33 -0400 Date: Wed, 21 Sep 2016 12:07:52 -0400 (EDT) From: =?utf-8?Q?Marc-Andr=C3=A9?= Lureau Message-ID: <1730633132.491556.1474474072544.JavaMail.zimbra@redhat.com> In-Reply-To: <87bmzhz5jx.fsf@dusky.pond.sub.org> References: <20160921103629.6410-1-marcandre.lureau@redhat.com> <20160921103629.6410-2-marcandre.lureau@redhat.com> <87bmzhz5jx.fsf@dusky.pond.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 1/3] qapi: return a 'missing parameter' error List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: =?utf-8?Q?Marc-Andr=C3=A9?= Lureau , qemu-devel@nongnu.org, berto@igalia.com Hi ----- Original Message ----- > Aha, we got a different bug fix! The old code fails to fail when the > parameter doesn't exist. Instead, it sets *obj = NULL, which seems very > likely to crash QEMU. Let me try... yup: > > { "execute": "object-add", > "arguments": { "qom-type": "memory-backend-file", "id": "foo" } } > > Kills QEMU with "qemu/qom/object_interfaces.c:115: user_creatable_add_type: > Assertion `qdict' failed." > > Either fix this in a separate patch before this one, or cover it in this > one's commit message. Your choice. > > A separate patch might be usable for qemu-stable. It looks to me that this is a different bug. visit_type_q_obj_object_add_arg_members() doesn't call visit_type_any() if "props" is missing (it's optionnal). And arg is zero'ed in qmp-marshal, and the assert() was added in ad739706bbadee49. I am trying to fix that regression. > > > @@ -345,8 +379,11 @@ static void qmp_input_type_any(Visitor *v, const char > > *name, QObject **obj, > > static void qmp_input_type_null(Visitor *v, const char *name, Error > > **errp) > > { > > QmpInputVisitor *qiv = to_qiv(v); > > - QObject *qobj = qmp_input_get_object(qiv, name, true); > > + QObject *qobj = qmp_input_get_object(qiv, name, true, errp); > > > > + if (!qobj) { > > + return; > > + } > > if (qobject_type(qobj) != QTYPE_QNULL) { > > error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : > > "null", > > "null"); > > Same bug, I think, but I don't have a reproducer handy. > > > @@ -356,7 +393,7 @@ static void qmp_input_type_null(Visitor *v, const char > > *name, Error **errp) > > static void qmp_input_optional(Visitor *v, const char *name, bool > > *present) > > { > > QmpInputVisitor *qiv = to_qiv(v); > > - QObject *qobj = qmp_input_get_object(qiv, name, false); > > + QObject *qobj = qmp_input_get_object(qiv, name, false, NULL); > > > > if (!qobj) { > > *present = false; > > Thanks for following my suggestion to move the "Parameter FOO is > missing" error into qmp_input_get_object()! You fixed two crash bugs > that way :) >