From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36301)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZrqCG-0004LH-4t
	for qemu-devel@nongnu.org; Thu, 29 Oct 2015 12:37:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZrqCC-0002ls-UK
	for qemu-devel@nongnu.org; Thu, 29 Oct 2015 12:37:04 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36909)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZrqCC-0002lm-MQ
	for qemu-devel@nongnu.org; Thu, 29 Oct 2015 12:37:00 -0400
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (Postfix) with ESMTPS id 2408FC0A5244
	for <qemu-devel@nongnu.org>; Thu, 29 Oct 2015 16:37:00 +0000 (UTC)
References: <1446122683-2355-1-git-send-email-armbru@redhat.com>
	<1446122683-2355-4-git-send-email-armbru@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <56324B26.50104@redhat.com>
Date: Thu, 29 Oct 2015 10:36:54 -0600
MIME-Version: 1.0
In-Reply-To: <1446122683-2355-4-git-send-email-armbru@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="QCfDWoUIJbVr2cLuH3VJ3u3UU2BV3E4N8"
Subject: Re: [Qemu-devel] [PATCH 3/4] check-qjson: Add test for JSON nesting
 depth limit
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org
Cc: lcapitulino@redhat.com

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--QCfDWoUIJbVr2cLuH3VJ3u3UU2BV3E4N8
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 10/29/2015 06:44 AM, Markus Armbruster wrote:
> This would have prevented the regression mentioned in the previous
> commit.
>=20
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
>  tests/check-qjson.c | 29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)

Better late than never.

> +++ b/tests/check-qjson.c
> @@ -1484,6 +1484,34 @@ static void unterminated_literal(void)
>      g_assert(obj =3D=3D NULL);
>  }
> =20
> +static char *make_nest(char *buf, size_t cnt)
> +{
> +    int i;
> +
> +    for (i =3D 0; i < cnt - 1; i++) {
> +        buf[i] =3D '[';
> +        buf[2 * cnt - i - 1] =3D ']';
> +    }
> +    buf[cnt - 1] =3D '{';
> +    buf[cnt] =3D '}';
> +    buf[2 * cnt] =3D 0;
> +    return buf;
> +}

So buf must be at least 2*cnt+1 bytes long.  (Function is static, so
lack of comments don't hurt too badly).  For a cnt of 3 (buffer size at
least 7), this creates "[[{}]]".  Larger cnt adds more outer [] pairs.
The mixed content proves that patch 1/4 covers the combined limit of []
and {} when counting nesting.

Minor optimization - make the for loop bound be 'i < cnt - 2', so you
aren't writing [] in the middle just to rewrite it to {} after the loop
(works as long as caller never passes cnt =3D=3D 1, which happens to be t=
he
case).

> +
> +static void limits_nesting(void)
> +{
> +    enum { max_nesting =3D 1024 }; /* see qobject/json-streamer.c */
> +    char buf[2 * (max_nesting + 1) + 1];
> +    QObject *obj;
> +
> +    obj =3D qobject_from_json(make_nest(buf, max_nesting));
> +    g_assert(obj !=3D NULL);
> +    qobject_decref(obj);

Proves that we can hit our max,

> +
> +    obj =3D qobject_from_json(make_nest(buf, max_nesting + 1));
> +    g_assert(obj =3D=3D NULL);

and that we gracefully diagnose one beyond max.

> +}
> +
>  int main(int argc, char **argv)
>  {
>      g_test_init(&argc, &argv, NULL);
> @@ -1519,6 +1547,7 @@ int main(int argc, char **argv)
>      g_test_add_func("/errors/invalid_array_comma", invalid_array_comma=
);
>      g_test_add_func("/errors/invalid_dict_comma", invalid_dict_comma);=

>      g_test_add_func("/errors/unterminated/literal", unterminated_liter=
al);
> +    g_test_add_func("/errors/limits/nesting", limits_nesting);
> =20
>      return g_test_run();
>  }
>=20

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--QCfDWoUIJbVr2cLuH3VJ3u3UU2BV3E4N8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWMksnAAoJEKeha0olJ0NqDK4IAJinRdL6j2C1LLEp6TvOHq4h
yn+5eh9O+F4dTG4O3f0pinuIf6KVgsjRlBzaNFoyGNPZqj29jMwTBmJwvcduJ+Qw
PJDkh0ujQnVZUEa0O6pCjZBOi/hNs+b6fAEsmL3W6OmlRgPZ9Rhn8g99zA4CxKlP
5wsGealutxf3jWYRe9gQjH4NxeSLwoxokdcU4FHvHSdxBVYX9ooVj3F34L9ObSuI
SqqXtgpFT0pPJGhQ5/c1ppVKVYRu0pscDDNB9jc+WXl+UFLVHbiw+6M2JLS0lV6N
bbslRlC6VIZyuY9P0NFY+mN1Qe+KOV7PWlneQeiHtktcTlC++5Moy6IPe7uh+fQ=
=W/j2
-----END PGP SIGNATURE-----

--QCfDWoUIJbVr2cLuH3VJ3u3UU2BV3E4N8--