qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging
Date: Fri, 05 Feb 2010 09:54:39 -0600
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Lightning/1.0pre Thunderbird/3.0 
On 02/05/2010 06:12 AM, Luiz Capitulino wrote:

On Thu, 04 Feb 2010 16:31:46 -0600
Anthony Liguori<address@hidden>  wrote:


On 02/04/2010 02:13 PM, Luiz Capitulino wrote:

Add an assert() to qobject_from_jsonf() to assure that the returned
QObject is not NULL. Currently this is duplicated in the callers.

Signed-off-by: Luiz Capitulino<address@hidden>
---
   qjson.c |    1 +
   1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/qjson.c b/qjson.c
index 9ad8a91..0922c06 100644
--- a/qjson.c
+++ b/qjson.c
@@ -62,6 +62,7 @@ QObject *qobject_from_jsonf(const char *string, ...)
       obj = qobject_from_jsonv(string,&ap);
       va_end(ap);

+    assert(obj != NULL);


This is wrong.  We may get JSON from an untrusted source.  Callers need
to deal with failure appropriately.

  What kind of untrusted source? This function is only used by handlers
and assuming that the only possible error here is bad syntax, not having
this check in the source will only duplicate it in the users.
I don't know yet, but there's nothing about this function that indicates that it cannot handle malformed JSON. I don't think it's a reasonable expectation either.
There are absolutely ways to mitigate this. You can use GCC macros to enforce at compile time that the string argument is always a literal and never a user supplied string. 

Run time asserts are a terrible way to deal with reasonably expected errors.

Regards,

Anthony Liguori
reply via email to
[Prev in Thread] Current Thread [Next in Thread]