aboutsummaryrefslogtreecommitdiff
path: root/qapi
diff options
context:
space:
mode:
authorMarc-André Lureau <marcandre.lureau@redhat.com>2016-09-23 00:39:26 +0400
committerMarkus Armbruster <armbru@redhat.com>2016-10-06 14:47:41 +0200
commitc489780203f9b22aca5539ec7589b7140bdc951f (patch)
tree9df39b1c08c57577681221bbe04f043ba54a947e /qapi
parente64c75a9752c5d0fd64eb2e684c656a5ea7d03c6 (diff)
downloadqemu-c489780203f9b22aca5539ec7589b7140bdc951f.zip
qemu-c489780203f9b22aca5539ec7589b7140bdc951f.tar.gz
qemu-c489780203f9b22aca5539ec7589b7140bdc951f.tar.bz2
qapi: Fix crash when 'any' or 'null' parameter is missing
Unlike the other visit methods, visit_type_any() and visit_type_null() neglect to check whether qmp_input_get_object() succeeded. They crash when it fails. Reproducer: { "execute": "qom-set", "arguments": { "path": "/machine", "property": "rtc-time" } } Will crash with: qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err != !*obj' failed Broken in commit 5c678ee. Fix by adding the missing error checks. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20160922203927.28241-3-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Commit message rephrased] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Diffstat (limited to 'qapi')
-rw-r--r--qapi/qmp-input-visitor.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index 64dd392..fc91e74 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -338,6 +338,12 @@ static void qmp_input_type_any(Visitor *v, const char *name, QObject **obj,
QmpInputVisitor *qiv = to_qiv(v);
QObject *qobj = qmp_input_get_object(qiv, name, true);
+ if (!qobj) {
+ error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
+ *obj = NULL;
+ return;
+ }
+
qobject_incref(qobj);
*obj = qobj;
}
@@ -347,6 +353,11 @@ static void qmp_input_type_null(Visitor *v, const char *name, Error **errp)
QmpInputVisitor *qiv = to_qiv(v);
QObject *qobj = qmp_input_get_object(qiv, name, true);
+ if (!qobj) {
+ error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
+ return;
+ }
+
if (qobject_type(qobj) != QTYPE_QNULL) {
error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
"null");