Commit c4897802 authored Sep 23, 2016 by Marc-André Lureau Committed by Markus Armbruster Oct 06, 2016

qapi: Fix crash when 'any' or 'null' parameter is missing



Unlike the other visit methods, visit_type_any() and visit_type_null()
neglect to check whether qmp_input_get_object() succeeded.  They crash
when it fails.  Reproducer:

{ "execute": "qom-set",
  "arguments": { "path": "/machine", "property": "rtc-time" } }

Will crash with:

qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err != !*obj'
failed

Broken in commit 5c678ee8.  Fix by adding the missing error checks.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20160922203927.28241-3-marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message rephrased]
Signed-off-by: Markus Armbruster <armbru@redhat.com>

parent e64c75a9

qapi/qmp-input-visitor.c

+11 −0

Original line number	Diff line number	Diff line
		@@ -338,6 +338,12 @@ static void qmp_input_type_any(Visitor v, const char name, QObject **obj,
		QmpInputVisitor *qiv = to_qiv(v);
		QObject *qobj = qmp_input_get_object(qiv, name, true);

		if (!qobj) {
		error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
		*obj = NULL;
		return;
		}

		qobject_incref(qobj);
		*obj = qobj;
		}
		@@ -347,6 +353,11 @@ static void qmp_input_type_null(Visitor v, const char name, Error **errp)
		QmpInputVisitor *qiv = to_qiv(v);
		QObject *qobj = qmp_input_get_object(qiv, name, true);

		if (!qobj) {
		error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null");
		return;
		}

		if (qobject_type(qobj) != QTYPE_QNULL) {
		error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
		"null");