[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] qmp: object-add: Validate class before creat
From: |
Andreas Färber |
Subject: |
Re: [Qemu-devel] [PATCH v2] qmp: object-add: Validate class before creating object |
Date: |
Fri, 25 Apr 2014 17:57:12 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 |
Am 25.04.2014 17:12, schrieb Luiz Capitulino:
> On Wed, 16 Apr 2014 14:39:38 -0300
> Eduardo Habkost <address@hidden> wrote:
>
>> Currently it is very easy to crash QEMU by issuing an object-add command
>> using an abstract class or a class that doesn't support
>> TYPE_USER_CREATABLE as parameter.
>>
>> Example: with the following QMP command:
>>
>> (QEMU) object-add qom-type=cpu id=foo
>>
>> QEMU aborts at:
>>
>> ERROR:qom/object.c:335:object_initialize_with_type: assertion failed:
>> (type->abstract == false)
>>
>> This patch moves the check for TYPE_USER_CREATABLE before object_new(),
>> and adds a check to prevent the code from trying to instantiate abstract
>> classes.
>>
>> Signed-off-by: Eduardo Habkost <address@hidden>
>
> Applied to the qmp branch, thanks Eduardo.
>
>> ---
>> Changes v2:
>> * Change ordering: first check for TYPE_USER_CREATABLE and then check
>> if class is abstract. This makes the ordering of checks closer to
>> what's already done on device_add.
>> ---
>> qmp.c | 21 ++++++++++++++-------
>> 1 file changed, 14 insertions(+), 7 deletions(-)
>>
>> diff --git a/qmp.c b/qmp.c
>> index 87a28f7..9a93ab1 100644
>> --- a/qmp.c
>> +++ b/qmp.c
>> @@ -540,14 +540,27 @@ void object_add(const char *type, const char *id,
>> const QDict *qdict,
>> Visitor *v, Error **errp)
>> {
>> Object *obj;
>> + ObjectClass *klass;
Luiz, can you rename klass to oc please?
Thanks,
Andreas
>> const QDictEntry *e;
>> Error *local_err = NULL;
>>
>> - if (!object_class_by_name(type)) {
>> + klass = object_class_by_name(type);
>> + if (!klass) {
>> error_setg(errp, "invalid class name");
>> return;
>> }
>>
>> + if (!object_class_dynamic_cast(klass, TYPE_USER_CREATABLE)) {
>> + error_setg(errp, "object type '%s' isn't supported by object-add",
>> + type);
>> + return;
>> + }
>> +
>> + if (object_class_is_abstract(klass)) {
>> + error_setg(errp, "object type '%s' is abstract", type);
>> + return;
>> + }
>> +
>> obj = object_new(type);
>> if (qdict) {
>> for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) {
>> @@ -558,12 +571,6 @@ void object_add(const char *type, const char *id, const
>> QDict *qdict,
>> }
>> }
>>
>> - if (!object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
>> - error_setg(&local_err, "object type '%s' isn't supported by
>> object-add",
>> - type);
>> - goto out;
>> - }
>> -
>> user_creatable_complete(obj, &local_err);
>> if (local_err) {
>> goto out;
>
>
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg