Message ID | 1267024678-17225-1-git-send-email-kwolf@redhat.com |
---|---|
State | New |
Headers | show |
On Wed, Feb 24, 2010 at 04:17:58PM +0100, Kevin Wolf wrote: > If the parser fails to parse the key in parse_pair, it will access a NULL > pointer. A simple way to trigger this is sending {foo} via QMP. This patch > turns the segfault into a syntax error reply. > > Signed-off-by: Kevin Wolf <kwolf@redhat.com> Thanks, applied. > --- > json-parser.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/json-parser.c b/json-parser.c > index f3debcb..579928f 100644 > --- a/json-parser.c > +++ b/json-parser.c > @@ -264,7 +264,7 @@ static int parse_pair(JSONParserContext *ctxt, QDict *dict, QList **tokens, va_l > > peek = qlist_peek(working); > key = parse_value(ctxt, &working, ap); > - if (qobject_type(key) != QTYPE_QSTRING) { > + if (!key || qobject_type(key) != QTYPE_QSTRING) { > parse_error(ctxt, peek, "key is not a string in object"); > goto out; > } > -- > 1.6.6.1 > > > >
diff --git a/json-parser.c b/json-parser.c index f3debcb..579928f 100644 --- a/json-parser.c +++ b/json-parser.c @@ -264,7 +264,7 @@ static int parse_pair(JSONParserContext *ctxt, QDict *dict, QList **tokens, va_l peek = qlist_peek(working); key = parse_value(ctxt, &working, ap); - if (qobject_type(key) != QTYPE_QSTRING) { + if (!key || qobject_type(key) != QTYPE_QSTRING) { parse_error(ctxt, peek, "key is not a string in object"); goto out; }
If the parser fails to parse the key in parse_pair, it will access a NULL pointer. A simple way to trigger this is sending {foo} via QMP. This patch turns the segfault into a syntax error reply. Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- json-parser.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)