Re: [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_j

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_jsonf_nofail() & friends
Date:	Fri, 17 Aug 2018 13:14:28 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 08/17/2018 10:05 AM, Markus Armbruster wrote:

The JSON parser optionally supports interpolation.  This is used to
build QObjects by parsing string templates.  The templates are C
literals, so parse errors (such as invalid interpolation
specifications) are actually programming errors.  Consequently, the
functions providing parsing with interpolation
(qobject_from_jsonf_nofail(), qobject_from_vjsonf_nofail(),
qdict_from_jsonf_nofail(), qdict_from_vjsonf_nofail()) pass
&error_abort to the parser.

Avoid undefined behavior by catching the programming error at run
time: have the parser recognize and reject '%' in JSON strings.

Signed-off-by: Markus Armbruster <address@hidden>
---

@@ -205,7 +206,14 @@ static QString *parse_string(JSONParserContext *ctxt, 
JSONToken *token)
                  parse_error(ctxt, token, "invalid escape sequence in string");
                  goto out;
              }
-        } else {
+            break;
+        case '%':
+            if (ctxt->ap) {
+                parse_error(ctxt, token, "can't interpolate into string");

Do we want to abort() here, to match the fact that all our otherinterpolation functions abort on programmer errors?

+++ b/tests/check-qjson.c
@@ -1037,16 +1037,13 @@ static void interpolation_unknown(void)

static void interpolation_string(void)

  {
-    QLitObject decoded = QLIT_QLIST(((QLitObject[]){
-            QLIT_QSTR("%s"),
-            QLIT_QSTR("eins"),
-            {}}));
-    QObject *qobj;
-
-    /* Dangerous misfeature: % is silently ignored in strings */
-    qobj = qobject_from_jsonf_nofail("['%s', %s]", "eins", "zwei");
-    g_assert(qlit_equal_qobject(&decoded, qobj));
-    qobject_unref(qobj);
+    if (g_test_subprocess()) {
+        qobject_from_jsonf_nofail("['%s', %s]", "eins", "zwei");
+    }
+    g_test_trap_subprocess(NULL, 0, 0);
+    g_test_trap_assert_failed();
+    g_test_trap_assert_stderr("*Unexpected error*"
+                              "can't interpolate into string*");


Oh, we still abort, but later on in the caller function.

Okay, looks like reasonable handling.
Reviewed-by: Eric Blake <address@hidden>

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v2 58/60] json: Keep interpolation state in JSONParserContext, (continued)
- [Qemu-devel] [PATCH v2 60/60] json: Support %% in JSON strings when interpolating, Markus Armbruster, 2018/08/17
  - Re: [Qemu-devel] [PATCH v2 60/60] json: Support %% in JSON strings when interpolating, Eric Blake, 2018/08/17
- [Qemu-devel] [PATCH v2 26/60] json: Simplify parse_string(), Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 33/60] json: Redesign the callback to consume JSON values, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 11/60] check-qjson: Cover UTF-8 in single quoted strings, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 50/60] json: Unbox tokens queue in JSONMessageParser, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 32/60] json: Have lexer call streamer directly, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 53/60] json: Make JSONToken opaque outside json-parser.c, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_jsonf_nofail() & friends, Markus Armbruster, 2018/08/17
  - Re: [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_jsonf_nofail() & friends, Eric Blake <=
- [Qemu-devel] [PATCH v2 46/60] json: Assert json_parser_parse() consumes all tokens on success, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 45/60] json: Fix streamer not to ignore trailing unterminated structures, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero, Markus Armbruster, 2018/08/17
  - Re: [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero, Eric Blake, 2018/08/17
    - Re: [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero, Markus Armbruster, 2018/08/20
    - Re: [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero, Eric Blake, 2018/08/20
    - Re: [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero, Markus Armbruster, 2018/08/21
- [Qemu-devel] [PATCH v2 40/60] json: Replace %I64d, %I64u by %PRId64, %PRIu64, Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 49/60] json: Streamline json_message_process_token(), Markus Armbruster, 2018/08/17
- [Qemu-devel] [PATCH v2 39/60] json: Leave rejecting invalid interpolation to parser, Markus Armbruster, 2018/08/17

Prev by Date: Re: [Qemu-devel] X86CPU "feature-words" property on QEMU (was Re: [PATCH v3 1/3] x86: Data structure changes to support MSR based) features
Next by Date: Re: [Qemu-devel] [PATCH v2 60/60] json: Support %% in JSON strings when interpolating
Previous by thread: [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_jsonf_nofail() & friends
Next by thread: [Qemu-devel] [PATCH v2 46/60] json: Assert json_parser_parse() consumes all tokens on success
Index(es):
- Date
- Thread