Re: [Qemu-devel] [PATCH] qemu: json: Fix parsing of integers >= 0x8000000000000000

[Markus Armbruster]

Anthony Liguori <address@hidden> writes:

> On 05/23/2011 08:40 AM, Daniel P. Berrange wrote:
>> On Mon, May 23, 2011 at 08:33:03AM -0500, Anthony Liguori wrote:
>>> On 05/23/2011 08:04 AM, Daniel P. Berrange wrote:
>>>> On Fri, May 20, 2011 at 01:11:05PM -0500, Anthony Liguori wrote:
>>>>> On 05/20/2011 01:03 PM, Richard W.M. Jones wrote:
>>>>>>
>>>>>> There seem to be a few unsafe uses of strto* functions.  This patch
>>>>>> just fixes the one that affects me :-)
>>>>>
>>>>> Sending an integer of this size is not valid JSON.
>>>>>
>>>>> Your patch won't accept negative numbers, correct?
>>>>>
>>>>> JSON only supports int64_t.
>>>>
>>>> That's not really true. JSON supports arbitrarily large numbers
>>>> &   integers.
>>>
>>> Try the following snippet in your browser:
>>>
>>> <html>
>>> <head>
>>> <script type="text/javascript">
>>> alert(9223372036854775807);
>>> </script>
>>> </head>
>>> </html>
>>>
>>> The actual value of the alert will surprise you :-)
>>>
>>> Integers in Javascript are actually represented as doubles
>>> internally which means that integer constants are only accurate up
>>> to 52 bits.
>>>
>>> So really, we should cap integers at 32-bit :-/
>>>
>>> Have I mentioned recently that I really dislike JSON...
>>
>> NB, I am distinguishing between JSON the generic specification and
>> JSON as implemented in web browsers. JSON the specification has *no*
>> limitation on integers. Any limitation, like the one you demonstrate,
>> is inherantly just specific to the implementation.
>
> No, EMCA is very specific in how integers are handled in
> JavaScript. Every implementation of JavaScript is going to exhibit
> this behavior.

What about other implementations of JSON?

> The JSON specification lack of specificity here I think has to be
> interpreted as a deferral to the EMCA specification.

That's debatable.

RFC4627 says "Numeric values that cannot be represented as sequences of
digits (such as Infinity and NaN) are not permitted" (section 2.4) and
"An implementation may set limits on the range of numbers" (section 4).

The latter clearly suggests that an implementation may also do the
opposite, i.e. set no limits on the range on numbers.

For me, that carries at least as much weight as the rather vague "JSON's
design goals were for it to be [...] a subset of JavaScript" (section 1)
and "JSON is a subset of JavaScript" (section 10).

> But to the point, I don't see what the point of using JSON is if our
> interpretation doesn't actually work with JavaScript.

Why?

>> We have no need to
>> limit ourselves to what web browsers currently support for integers in
>> JSON.
>
> It's not web browsers.  This behavior is well specified in the EMCA
> specification.
>
>> Indeed, limiting ourselves to what browsers support will make the
>> JSON monitor mode essentially useless, requiring yet another new mode
>> with a format which can actually represent the data we need to use.
>>
>> What I suggested is in compliance with the JSON specification and allows
>> us to support uint64 which we need for commands which take disk or memory
>> offsets.
>
> At the end of the day, we need to worry about supporting clients.  I
> think clients are going to refer to the behavior of JavaScript for
> guidance.

Not if we clearly communicate the numerical limits our implementation of
JSON sets, and the consequences of clients ignoring them.

>            So if we expect a client to not round integers, we can't
> send ones that are greater than 52-bit.
>
> This is an extremely nasty silent failure mode.
>
> Or, we need to just say that we're not JSON compatible.

For one particular interpretation of the RFC.