From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48496)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bpdTw-0007Qp-8T
	for qemu-devel@nongnu.org; Thu, 29 Sep 2016 11:42:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bpdTt-0004IH-3l
	for qemu-devel@nongnu.org; Thu, 29 Sep 2016 11:42:44 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <20160922203927.28241-1-marcandre.lureau@redhat.com>
	<20160922203927.28241-3-marcandre.lureau@redhat.com>
Date: Thu, 29 Sep 2016 17:42:38 +0200
In-Reply-To: <20160922203927.28241-3-marcandre.lureau@redhat.com>
	(=?utf-8?Q?=22Marc-Andr=C3=A9?=
	Lureau"'s message of "Fri, 23 Sep 2016 00:39:26 +0400")
Message-ID: <87twcy4sr5.fsf@dusky.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH v4 2/3] qapi: fix crash when a parameter is
 missing
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: =?utf-8?Q?Marc-Andr=C3=A9?= Lureau <marcandre.lureau@redhat.com>
Cc: qemu-devel@nongnu.org, paolo.bonzini@gmail.com, qemu-stable@nongnu.org

Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com> writes:

> Calling:
>
> { "execute": "qom-set",
>   "arguments": { "path": "/machine", "property": "rtc-time" } }
>
> Will crash with:
>
> qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err !=3D !*obj'
> failed

This is actually a recent regression.  Let's add "Broken in commit
5c678ee."  Can do on commit.

> Clear the obj and return an error.
>
> The patch also fixes a similar potential crash in qmp_input_type_null()
> by checking qmp_input_get_object() returned a valid qobj.
>
> Signed-off-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
> Reviewed-by: Eric Blake <eblake@redhat.com>
> ---
>  qapi/qmp-input-visitor.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
> index 64dd392..fc91e74 100644
> --- a/qapi/qmp-input-visitor.c
> +++ b/qapi/qmp-input-visitor.c
> @@ -338,6 +338,12 @@ static void qmp_input_type_any(Visitor *v, const cha=
r *name, QObject **obj,
>      QmpInputVisitor *qiv =3D to_qiv(v);
>      QObject *qobj =3D qmp_input_get_object(qiv, name, true);
>=20=20
> +    if (!qobj) {
> +        error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
> +        *obj =3D NULL;
> +        return;
> +    }
> +
>      qobject_incref(qobj);
>      *obj =3D qobj;
>  }
> @@ -347,6 +353,11 @@ static void qmp_input_type_null(Visitor *v, const ch=
ar *name, Error **errp)
>      QmpInputVisitor *qiv =3D to_qiv(v);
>      QObject *qobj =3D qmp_input_get_object(qiv, name, true);
>=20=20
> +    if (!qobj) {
> +        error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
> +        return;
> +    }
> +
>      if (qobject_type(qobj) !=3D QTYPE_QNULL) {
>          error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "nul=
l",
>                     "null");