From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NdKFy-0001u3-Na
	for qemu-devel@nongnu.org; Fri, 05 Feb 2010 04:13:42 -0500
Received: from [199.232.76.173] (port=48601 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NdKFx-0001tp-AJ
	for qemu-devel@nongnu.org; Fri, 05 Feb 2010 04:13:41 -0500
Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <armbru@redhat.com>) id 1NdKFv-0002HO-Mx
	for qemu-devel@nongnu.org; Fri, 05 Feb 2010 04:13:40 -0500
Received: from mx1.redhat.com ([209.132.183.28]:26077)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <armbru@redhat.com>) id 1NdKFv-0002HK-AB
	for qemu-devel@nongnu.org; Fri, 05 Feb 2010 04:13:39 -0500
From: Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging
References: <1265314396-6583-1-git-send-email-lcapitulino@redhat.com>
	<1265314396-6583-2-git-send-email-lcapitulino@redhat.com>
	<4B6B4AD2.3060704@codemonkey.ws>
Date: Fri, 05 Feb 2010 10:13:33 +0100
In-Reply-To: <4B6B4AD2.3060704@codemonkey.ws> (Anthony Liguori's message of
	"Thu, 04 Feb 2010 16:31:46 -0600")
Message-ID: <m3pr4krqo2.fsf@blackfin.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org, Luiz Capitulino <lcapitulino@redhat.com>

Anthony Liguori <anthony@codemonkey.ws> writes:

> On 02/04/2010 02:13 PM, Luiz Capitulino wrote:
>> Add an assert() to qobject_from_jsonf() to assure that the returned
>> QObject is not NULL. Currently this is duplicated in the callers.
>>
>> Signed-off-by: Luiz Capitulino<lcapitulino@redhat.com>
>> ---
>>   qjson.c |    1 +
>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/qjson.c b/qjson.c
>> index 9ad8a91..0922c06 100644
>> --- a/qjson.c
>> +++ b/qjson.c
>> @@ -62,6 +62,7 @@ QObject *qobject_from_jsonf(const char *string, ...)
>>       obj = qobject_from_jsonv(string,&ap);
>>       va_end(ap);
>>
>> +    assert(obj != NULL);
>>    
>
> This is wrong.  We may get JSON from an untrusted source.  Callers
> need to deal with failure appropriately.
>
> It just so happens that we only parse JSON from an untrusted source
> via qobject_from_json(), but the trust relationship is not obvious
> given the two functions in their current form.

We have many uses of qobject_from_jsonf() with a literal argument, and
more to come.  Making them all deal with failure would be tedious and
clutter the code.  What about a wrapper function that cannot fail?