From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NdQW5-0006T3-V4 for qemu-devel@nongnu.org; Fri, 05 Feb 2010 10:54:46 -0500 Received: from [199.232.76.173] (port=39737 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NdQW5-0006Sk-9G for qemu-devel@nongnu.org; Fri, 05 Feb 2010 10:54:45 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NdQW3-0008Fi-5j for qemu-devel@nongnu.org; Fri, 05 Feb 2010 10:54:44 -0500 Received: from mail-iw0-f187.google.com ([209.85.223.187]:59015) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NdQW2-0008FY-Ra for qemu-devel@nongnu.org; Fri, 05 Feb 2010 10:54:43 -0500 Received: by iwn17 with SMTP id 17so4236002iwn.18 for ; Fri, 05 Feb 2010 07:54:42 -0800 (PST) Message-ID: <4B6C3F3F.7010701@codemonkey.ws> Date: Fri, 05 Feb 2010 09:54:39 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging References: <1265314396-6583-1-git-send-email-lcapitulino@redhat.com> <1265314396-6583-2-git-send-email-lcapitulino@redhat.com> <4B6B4AD2.3060704@codemonkey.ws> <20100205101217.7ec97899@doriath> In-Reply-To: <20100205101217.7ec97899@doriath> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Luiz Capitulino Cc: qemu-devel@nongnu.org On 02/05/2010 06:12 AM, Luiz Capitulino wrote: > On Thu, 04 Feb 2010 16:31:46 -0600 > Anthony Liguori wrote: > > >> On 02/04/2010 02:13 PM, Luiz Capitulino wrote: >> >>> Add an assert() to qobject_from_jsonf() to assure that the returned >>> QObject is not NULL. Currently this is duplicated in the callers. >>> >>> Signed-off-by: Luiz Capitulino >>> --- >>> qjson.c | 1 + >>> 1 files changed, 1 insertions(+), 0 deletions(-) >>> >>> diff --git a/qjson.c b/qjson.c >>> index 9ad8a91..0922c06 100644 >>> --- a/qjson.c >>> +++ b/qjson.c >>> @@ -62,6 +62,7 @@ QObject *qobject_from_jsonf(const char *string, ...) >>> obj = qobject_from_jsonv(string,&ap); >>> va_end(ap); >>> >>> + assert(obj != NULL); >>> >>> >> This is wrong. We may get JSON from an untrusted source. Callers need >> to deal with failure appropriately. >> > What kind of untrusted source? This function is only used by handlers > and assuming that the only possible error here is bad syntax, not having > this check in the source will only duplicate it in the users. > I don't know yet, but there's nothing about this function that indicates that it cannot handle malformed JSON. I don't think it's a reasonable expectation either. There are absolutely ways to mitigate this. You can use GCC macros to enforce at compile time that the string argument is always a literal and never a user supplied string. Run time asserts are a terrible way to deal with reasonably expected errors. Regards, Anthony Liguori