From b34c7bd463ef1453b8661a7b59146c462bb1c621 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marc-Andr=C3=A9=20Lureau?= Date: Fri, 23 Sep 2016 00:39:26 +0400 Subject: [PATCH] qapi: Fix crash when 'any' or 'null' parameter is missing MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Unlike the other visit methods, visit_type_any() and visit_type_null() neglect to check whether qmp_input_get_object() succeeded. They crash when it fails. Reproducer: { "execute": "qom-set", "arguments": { "path": "/machine", "property": "rtc-time" } } Will crash with: qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err != !*obj' failed Broken in commit 5c678ee. Fix by adding the missing error checks. Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake Message-Id: <20160922203927.28241-3-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster [Commit message rephrased] Signed-off-by: Markus Armbruster (cherry picked from commit c489780203f9b22aca5539ec7589b7140bdc951f) Signed-off-by: Michael Roth --- qapi/qmp-input-visitor.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c index 64dd392e6f..fc91e74894 100644 --- a/qapi/qmp-input-visitor.c +++ b/qapi/qmp-input-visitor.c @@ -338,6 +338,12 @@ static void qmp_input_type_any(Visitor *v, const char *name, QObject **obj, QmpInputVisitor *qiv = to_qiv(v); QObject *qobj = qmp_input_get_object(qiv, name, true); + if (!qobj) { + error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null"); + *obj = NULL; + return; + } + qobject_incref(qobj); *obj = qobj; } @@ -347,6 +353,11 @@ static void qmp_input_type_null(Visitor *v, const char *name, Error **errp) QmpInputVisitor *qiv = to_qiv(v); QObject *qobj = qmp_input_get_object(qiv, name, true); + if (!qobj) { + error_setg(errp, QERR_MISSING_PARAMETER, name ? name : "null"); + return; + } + if (qobject_type(qobj) != QTYPE_QNULL) { error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null", "null"); -- 2.39.2