[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 13/16] qmp: object-add: Validate class before creatin
|
From: |
Luiz Capitulino |
|
Subject: |
[Qemu-devel] [PULL 13/16] qmp: object-add: Validate class before creating object |
|
Date: |
Fri, 25 Apr 2014 14:29:44 -0400 |
From: Eduardo Habkost <address@hidden>
Currently it is very easy to crash QEMU by issuing an object-add command
using an abstract class or a class that doesn't support
TYPE_USER_CREATABLE as parameter.
Example: with the following QMP command:
(QEMU) object-add qom-type=cpu id=foo
QEMU aborts at:
ERROR:qom/object.c:335:object_initialize_with_type: assertion failed:
(type->abstract == false)
This patch moves the check for TYPE_USER_CREATABLE before object_new(),
and adds a check to prevent the code from trying to instantiate abstract
classes.
Signed-off-by: Eduardo Habkost <address@hidden>
Reviewed-by: Matthew Rosato <address@hidden>
Tested-by: Matthew Rosato <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
---
qmp.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/qmp.c b/qmp.c
index 5e2a66c..74107be 100644
--- a/qmp.c
+++ b/qmp.c
@@ -540,14 +540,27 @@ void object_add(const char *type, const char *id, const
QDict *qdict,
Visitor *v, Error **errp)
{
Object *obj;
+ ObjectClass *klass;
const QDictEntry *e;
Error *local_err = NULL;
- if (!object_class_by_name(type)) {
+ klass = object_class_by_name(type);
+ if (!klass) {
error_setg(errp, "invalid class name");
return;
}
+ if (!object_class_dynamic_cast(klass, TYPE_USER_CREATABLE)) {
+ error_setg(errp, "object type '%s' isn't supported by object-add",
+ type);
+ return;
+ }
+
+ if (object_class_is_abstract(klass)) {
+ error_setg(errp, "object type '%s' is abstract", type);
+ return;
+ }
+
obj = object_new(type);
if (qdict) {
for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) {
@@ -558,12 +571,6 @@ void object_add(const char *type, const char *id, const
QDict *qdict,
}
}
- if (!object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
- error_setg(&local_err, "object type '%s' isn't supported by
object-add",
- type);
- goto out;
- }
-
user_creatable_complete(obj, &local_err);
if (local_err) {
goto out;
--
1.9.0
- [Qemu-devel] [PULL 00/16] QMP queue, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 05/16] error: Print error_report() to stderr if using qmp, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 14/16] HMP: fix doc of dump-guest-memory, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 06/16] qerror.h: Remove unused error classes, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 07/16] qerror.h: Remove QERR defines that are only used once, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 15/16] HMP: support specifying dump format for dump-guest-memory, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 16/16] monitor: fix qmp_getfd() fd leak in error case, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 13/16] qmp: object-add: Validate class before creating object,
Luiz Capitulino <=
- [Qemu-devel] [PULL 08/16] qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 09/16] error: Remove some unused headers, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 12/16] monitor: Add device_add and device_del completion., Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 11/16] monitor: Add command_completion callback to mon_cmd_t., Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 02/16] vnc: Remove default_mon usage, Luiz Capitulino, 2014/04/25
- [Qemu-devel] [PULL 10/16] monitor: Fix drive_del id argument type completion., Luiz Capitulino, 2014/04/25
- Re: [Qemu-devel] [PULL 00/16] QMP queue, Peter Maydell, 2014/04/28