Patchwork [2/8] qapi: protect against NULL QObject in qmp_input_get_object

login
register
mail settings
Submitter Paolo Bonzini
Date Dec. 16, 2011, 12:01 p.m.
Message ID <1324036918-2405-3-git-send-email-pbonzini@redhat.com>
Download mbox | patch
Permalink /patch/131817/
State New
Headers show

Comments

Paolo Bonzini - Dec. 16, 2011, 12:01 p.m.
A NULL qobj can occur when a parameter is fetched via qdict_get, but
the parameter is not in the command.  By returning NULL, the caller can
choose whether to raise a missing parameter error, an invalid parameter
type error, or use a default value.  For example, qom-set could can
use this to reset a property to its default value, though at this time
it will fail with "Invalid parameter type".  In any case, anything is
better than crashing!

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 qapi/qmp-input-visitor.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)
Anthony Liguori - Dec. 16, 2011, 1:56 p.m.
On 12/16/2011 06:01 AM, Paolo Bonzini wrote:
> A NULL qobj can occur when a parameter is fetched via qdict_get, but
> the parameter is not in the command.  By returning NULL, the caller can
> choose whether to raise a missing parameter error, an invalid parameter
> type error, or use a default value.  For example, qom-set could can
> use this to reset a property to its default value, though at this time
> it will fail with "Invalid parameter type".  In any case, anything is
> better than crashing!

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

Regards,

Anthony Liguori

>
> Signed-off-by: Paolo Bonzini<pbonzini@redhat.com>
> ---
>   qapi/qmp-input-visitor.c |   10 ++++++----
>   1 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
> index 8cbc0ab..c78022b 100644
> --- a/qapi/qmp-input-visitor.c
> +++ b/qapi/qmp-input-visitor.c
> @@ -49,10 +49,12 @@ static const QObject *qmp_input_get_object(QmpInputVisitor *qiv,
>           qobj = qiv->stack[qiv->nb_stack - 1].obj;
>       }
>
> -    if (name&&  qobject_type(qobj) == QTYPE_QDICT) {
> -        return qdict_get(qobject_to_qdict(qobj), name);
> -    } else if (qiv->nb_stack>  0&&  qobject_type(qobj) == QTYPE_QLIST) {
> -        return qlist_entry_obj(qiv->stack[qiv->nb_stack - 1].entry);
> +    if (qobj) {
> +        if (name&&  qobject_type(qobj) == QTYPE_QDICT) {
> +            return qdict_get(qobject_to_qdict(qobj), name);
> +        } else if (qiv->nb_stack>  0&&  qobject_type(qobj) == QTYPE_QLIST) {
> +            return qlist_entry_obj(qiv->stack[qiv->nb_stack - 1].entry);
> +        }
>       }
>
>       return qobj;

Patch

diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index 8cbc0ab..c78022b 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -49,10 +49,12 @@  static const QObject *qmp_input_get_object(QmpInputVisitor *qiv,
         qobj = qiv->stack[qiv->nb_stack - 1].obj;
     }
 
-    if (name && qobject_type(qobj) == QTYPE_QDICT) {
-        return qdict_get(qobject_to_qdict(qobj), name);
-    } else if (qiv->nb_stack > 0 && qobject_type(qobj) == QTYPE_QLIST) {
-        return qlist_entry_obj(qiv->stack[qiv->nb_stack - 1].entry);
+    if (qobj) {
+        if (name && qobject_type(qobj) == QTYPE_QDICT) {
+            return qdict_get(qobject_to_qdict(qobj), name);
+        } else if (qiv->nb_stack > 0 && qobject_type(qobj) == QTYPE_QLIST) {
+            return qlist_entry_obj(qiv->stack[qiv->nb_stack - 1].entry);
+        }
     }
 
     return qobj;