From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45502)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1WQOJD-0003VH-Pn
	for qemu-devel@nongnu.org; Wed, 19 Mar 2014 17:46:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1WQOJ4-0001lD-Lo
	for qemu-devel@nongnu.org; Wed, 19 Mar 2014 17:45:59 -0400
Received: from cantor2.suse.de ([195.135.220.15]:58535 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <afaerber@suse.de>) id 1WQOJ4-0001l2-FO
	for qemu-devel@nongnu.org; Wed, 19 Mar 2014 17:45:50 -0400
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Date: Wed, 19 Mar 2014 22:45:39 +0100
Message-Id: <1395265542-384-5-git-send-email-afaerber@suse.de>
In-Reply-To: <1395265542-384-1-git-send-email-afaerber@suse.de>
References: <1395265542-384-1-git-send-email-afaerber@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] [PULL for-2.0 4/7] qom: Don't make link NULL on
	object_property_set_link() failure
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>, Stefan Hajnoczi <stefanha@redhat.com>

From: Stefan Hajnoczi <stefanha@redhat.com>

The error behavior of object_property_set_link() is dangerous.  It sets
the link property object to NULL if an error occurs.  A setter function
should either succeed or fail, it shouldn't leave the value NULL on
failure.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas F=C3=A4rber <afaerber@suse.de>
---
 qom/object.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/qom/object.c b/qom/object.c
index 2877a00..cc946d9 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1080,27 +1080,28 @@ static Object *object_resolve_link(Object *obj, c=
onst char *name,
 static void object_set_link_property(Object *obj, Visitor *v, void *opaq=
ue,
                                      const char *name, Error **errp)
 {
+    Error *local_err =3D NULL;
     Object **child =3D opaque;
-    Object *old_target;
-    char *path;
-
-    visit_type_str(v, &path, name, errp);
+    Object *old_target =3D *child;
+    Object *new_target =3D NULL;
+    char *path =3D NULL;
=20
-    old_target =3D *child;
-    *child =3D NULL;
+    visit_type_str(v, &path, name, &local_err);
=20
-    if (strcmp(path, "") !=3D 0) {
-        Object *target;
-
-        target =3D object_resolve_link(obj, name, path, errp);
-        if (target) {
-            object_ref(target);
-            *child =3D target;
-        }
+    if (!local_err && strcmp(path, "") !=3D 0) {
+        new_target =3D object_resolve_link(obj, name, path, &local_err);
     }
=20
     g_free(path);
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return;
+    }
=20
+    if (new_target) {
+        object_ref(new_target);
+    }
+    *child =3D new_target;
     if (old_target !=3D NULL) {
         object_unref(old_target);
     }
--=20
1.8.4.5