[v7,30/38] qtest: Avoid passing raw strings through hmp()

Message ID	20170911172022.4738-31-eblake@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3BCF416483E From: Eric Blake <eblake@redhat.com> To: qemu-devel@nongnu.org Date: Mon, 11 Sep 2017 12:20:14 -0500 Message-Id: <20170911172022.4738-31-eblake@redhat.com> In-Reply-To: <20170911172022.4738-1-eblake@redhat.com> References: <20170911172022.4738-1-eblake@redhat.com> Subject: [Qemu-devel] [PATCH v7 30/38] qtest: Avoid passing raw strings through hmp() Precedence: list Cc: pbonzini@redhat.com, thuth@redhat.com, armbru@redhat.com, "Dr. David Alan Gilbert" <dgilbert@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	Preliminary libqtest cleanups \| expand [v7,00/38] Preliminary libqtest cleanups [v7,01/38] test-qga: Kill broken and dead QGA_TEST_SIDE_EFFECTING code [v7,02/38] qtest: Don't perform side effects inside assertion [v7,03/38] numa-test: Use hmp() [v7,04/38] tests: Clean up wait for event [v7,05/38] libqtest: Remove dead qtest_instances variable [v7,06/38] libqtest: Use qemu_strtoul() [v7,07/38] libqtest: Inline qtest_query_target_endianness() [v7,08/38] libqos: Track QTestState with QPCIBus [v7,09/38] libqos: Track QTestState with QVirtioBus [v7,10/38] libqos: Move/rename qpci_unplug_acpi_device_test() to pci.c [v7,11/38] libqos: Use explicit QTestState for pci operations [v7,12/38] libqos: Use explicit QTestState for virtio operations [v7,13/38] libqos: Use explicit QTestState for fw_cfg operations [v7,14/38] libqos: Use explicit QTestState for rtas operations [v7,15/38] libqos: Use explicit QTestState for i2c operations [v7,16/38] libqos: Use explicit QTestState for ahci operations [v7,17/38] libqos: Use explicit QTestState for remaining libqos operations [v7,18/38] ahci-test: Drop dependence on global_qtest [v7,19/38] ivshmem-test: Drop dependence on global_qtest [v7,20/38] postcopy-test: Drop dependence on global_qtest [v7,21/38] vhost-user-test: Drop dependence on global_qtest [v7,22/38] qmp-test: Drop dependence on global_qtest [v7,23/38] tests/boot-sector: Drop dependence on global_qtest [v7,24/38] tests/acpi-utils: Drop dependence on global_qtest [v7,25/38] wdt_ib700-test: Drop dependence on global_qtest [v7,26/38] libqtest: Merge qtest_end() into qtest_quit() [v7,27/38] libqtest: Swap order of qtest_init() and qtest_start() [v7,28/38] libqtest: Add qtest_[v]startf() [v7,29/38] libqtest: Merge qtest_init() into qtest_start() [v7,30/38] qtest: Avoid passing raw strings through hmp() [v7,31/38] libqtest: Merge qtest_clock_() with clock_() [v7,32/38] libqtest: Merge qtest_irq() with irq() [v7,33/38] libqtest: Merge qtest_{in, out}[bwl]() with {in, out}[bwl]() [v7,34/38] libqtest: Merge qtest_{read, write}[bwlq]() with {read, write}[bwlq]() [v7,35/38] libqtest: Merge qtest_{mem, buf}{read, write}() with {mem, buf}{read, write}() [v7,36/38] libqtest: Merge qtest_memset() with qmemset() [v7,37/38] libqtest: Separate qmp_discard_response() from command [v7,38/38] libqtest: Merge qtest_hmp() with hmp()

Message ID

20170911172022.4738-31-eblake@redhat.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3BCF416483E
From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Date: Mon, 11 Sep 2017 12:20:14 -0500
Message-Id: <20170911172022.4738-31-eblake@redhat.com>
In-Reply-To: <20170911172022.4738-1-eblake@redhat.com>
References: <20170911172022.4738-1-eblake@redhat.com>
Subject: [Qemu-devel] [PATCH v7 30/38] qtest: Avoid passing raw strings
	through hmp()
Precedence: list
Cc: pbonzini@redhat.com, thuth@redhat.com, armbru@redhat.com,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

Preliminary libqtest cleanups | expand

Commit Message

Eric Blake Sept. 11, 2017, 5:20 p.m. UTC

hmp() passes its string argument through the sprintf() family;
with a proper attribute, gcc -Wformat warns us when we do something
dangerous like passing a non-constant format string.  Fortunately,
all our strings were safe, but checking whether the string can
contain an unintended % is easy to avoid and therefore worth doing.

Signed-off-by: Eric Blake <eblake@redhat.com>

---
v7: add GCC_FMT_ATTR here, drop R-b
---
 tests/libqtest.h | 8 ++++----
 tests/test-hmp.c | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

Comments

Dr. David Alan Gilbert Sept. 11, 2017, 5:42 p.m. UTC | #1

* Eric Blake (eblake@redhat.com) wrote:
> hmp() passes its string argument through the sprintf() family;
> with a proper attribute, gcc -Wformat warns us when we do something
> dangerous like passing a non-constant format string.  Fortunately,
> all our strings were safe, but checking whether the string can
> contain an unintended % is easy to avoid and therefore worth doing.
> 
> Signed-off-by: Eric Blake <eblake@redhat.com>
> 

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

> ---
> v7: add GCC_FMT_ATTR here, drop R-b
> ---
>  tests/libqtest.h | 8 ++++----
>  tests/test-hmp.c | 4 ++--
>  2 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/tests/libqtest.h b/tests/libqtest.h
> index 2a21bf4605..5651b77d2f 100644
> --- a/tests/libqtest.h
> +++ b/tests/libqtest.h
> @@ -153,14 +153,14 @@ QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event);
>  /**
>   * qtest_hmp:
>   * @s: #QTestState instance to operate on.
> - * @fmt...: HMP command to send to QEMU
> + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf().
>   *
>   * Send HMP command to QEMU via QMP's human-monitor-command.
>   * QMP events are discarded.
>   *
>   * Returns: the command's output.  The caller should g_free() it.
>   */
> -char *qtest_hmp(QTestState *s, const char *fmt, ...);
> +char *qtest_hmp(QTestState *s, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
> 
>  /**
>   * qtest_hmpv:
> @@ -585,13 +585,13 @@ static inline QDict *qmp_eventwait_ref(const char *event)
> 
>  /**
>   * hmp:
> - * @fmt...: HMP command to send to QEMU
> + * @fmt...: HMP command to send to QEMU, formats arguments like sprintf().
>   *
>   * Send HMP command to QEMU via QMP's human-monitor-command.
>   *
>   * Returns: the command's output.  The caller should g_free() it.
>   */
> -char *hmp(const char *fmt, ...);
> +char *hmp(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
> 
>  /**
>   * get_irq:
> diff --git a/tests/test-hmp.c b/tests/test-hmp.c
> index 7ff47eda13..b3102daea1 100644
> --- a/tests/test-hmp.c
> +++ b/tests/test-hmp.c
> @@ -80,7 +80,7 @@ static void test_commands(void)
>          if (verbose) {
>              fprintf(stderr, "\t%s\n", hmp_cmds[i]);
>          }
> -        response = hmp(hmp_cmds[i]);
> +        response = hmp("%s", hmp_cmds[i]);
>          g_free(response);
>      }
> 
> @@ -103,7 +103,7 @@ static void test_info_commands(void)
>          if (verbose) {
>              fprintf(stderr, "\t%s\n", info);
>          }
> -        resp = hmp(info);
> +        resp = hmp("%s", info);
>          g_free(resp);
>          /* And move forward to the next line */
>          info = strchr(endp + 1, '\n');
> -- 
> 2.13.5
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Thomas Huth Sept. 12, 2017, 10:40 a.m. UTC | #2

On 11.09.2017 19:20, Eric Blake wrote:
> hmp() passes its string argument through the sprintf() family;
> with a proper attribute, gcc -Wformat warns us when we do something
> dangerous like passing a non-constant format string.  Fortunately,
> all our strings were safe, but checking whether the string can
> contain an unintended % is easy to avoid and therefore worth doing.
> 
> Signed-off-by: Eric Blake <eblake@redhat.com>
> 
> ---
> v7: add GCC_FMT_ATTR here, drop R-b
> ---
>  tests/libqtest.h | 8 ++++----
>  tests/test-hmp.c | 4 ++--
>  2 files changed, 6 insertions(+), 6 deletions(-)

Reviewed-by: Thomas Huth <thuth@redhat.com>

diff --git a/tests/libqtest.h b/tests/libqtest.h
index 2a21bf4605..5651b77d2f 100644
--- a/tests/libqtest.h
+++ b/tests/libqtest.h
@@ -153,14 +153,14 @@  QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event);
 /**
  * qtest_hmp:
  * @s: #QTestState instance to operate on.
- * @fmt...: HMP command to send to QEMU
+ * @fmt...: HMP command to send to QEMU, formats arguments like sprintf().
  *
  * Send HMP command to QEMU via QMP's human-monitor-command.
  * QMP events are discarded.
  *
  * Returns: the command's output.  The caller should g_free() it.
  */
-char *qtest_hmp(QTestState *s, const char *fmt, ...);
+char *qtest_hmp(QTestState *s, const char *fmt, ...) GCC_FMT_ATTR(2, 3);

 /**
  * qtest_hmpv:
@@ -585,13 +585,13 @@  static inline QDict *qmp_eventwait_ref(const char *event)

 /**
  * hmp:
- * @fmt...: HMP command to send to QEMU
+ * @fmt...: HMP command to send to QEMU, formats arguments like sprintf().
  *
  * Send HMP command to QEMU via QMP's human-monitor-command.
  *
  * Returns: the command's output.  The caller should g_free() it.
  */
-char *hmp(const char *fmt, ...);
+char *hmp(const char *fmt, ...) GCC_FMT_ATTR(1, 2);

 /**
  * get_irq:
diff --git a/tests/test-hmp.c b/tests/test-hmp.c
index 7ff47eda13..b3102daea1 100644
--- a/tests/test-hmp.c
+++ b/tests/test-hmp.c
@@ -80,7 +80,7 @@  static void test_commands(void)
         if (verbose) {
             fprintf(stderr, "\t%s\n", hmp_cmds[i]);
         }
-        response = hmp(hmp_cmds[i]);
+        response = hmp("%s", hmp_cmds[i]);
         g_free(response);
     }

@@ -103,7 +103,7 @@  static void test_info_commands(void)
         if (verbose) {
             fprintf(stderr, "\t%s\n", info);
         }
-        resp = hmp(info);
+        resp = hmp("%s", info);
         g_free(resp);
         /* And move forward to the next line */
         info = strchr(endp + 1, '\n');

[v7,30/38] qtest: Avoid passing raw strings through hmp()

Commit Message

Comments

Patch