[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging
From: |
Markus Armbruster |
Subject: |
Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging |
Date: |
Fri, 05 Feb 2010 10:13:33 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) |
Anthony Liguori <address@hidden> writes:
> On 02/04/2010 02:13 PM, Luiz Capitulino wrote:
>> Add an assert() to qobject_from_jsonf() to assure that the returned
>> QObject is not NULL. Currently this is duplicated in the callers.
>>
>> Signed-off-by: Luiz Capitulino<address@hidden>
>> ---
>> qjson.c | 1 +
>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/qjson.c b/qjson.c
>> index 9ad8a91..0922c06 100644
>> --- a/qjson.c
>> +++ b/qjson.c
>> @@ -62,6 +62,7 @@ QObject *qobject_from_jsonf(const char *string, ...)
>> obj = qobject_from_jsonv(string,&ap);
>> va_end(ap);
>>
>> + assert(obj != NULL);
>>
>
> This is wrong. We may get JSON from an untrusted source. Callers
> need to deal with failure appropriately.
>
> It just so happens that we only parse JSON from an untrusted source
> via qobject_from_json(), but the trust relationship is not obvious
> given the two functions in their current form.
We have many uses of qobject_from_jsonf() with a literal argument, and
more to come. Making them all deal with failure would be tedious and
clutter the code. What about a wrapper function that cannot fail?
- [Qemu-devel] [PATCH v0 0/4]: QMP related fixes, Luiz Capitulino, 2010/02/04
- [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Luiz Capitulino, 2010/02/04
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Anthony Liguori, 2010/02/04
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Luiz Capitulino, 2010/02/05
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Anthony Liguori, 2010/02/05
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Markus Armbruster, 2010/02/05
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Luiz Capitulino, 2010/02/08
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Anthony Liguori, 2010/02/08
- Re: [Qemu-devel] [PATCH 1/4] qjson: Improve debugging, Luiz Capitulino, 2010/02/08
[Qemu-devel] [PATCH 4/4] QMP: Don't leak on connection close, Luiz Capitulino, 2010/02/04
[Qemu-devel] [PATCH 2/4] Monitor: remove unneeded checks, Luiz Capitulino, 2010/02/04
[Qemu-devel] [PATCH 3/4] QError: Don't abort on multiple faults, Luiz Capitulino, 2010/02/04