On 02/05/2013 09:22 AM, Markus Armbruster wrote: > Command memchar-write takes data and size parameter. Begs the > question what happens when data doesn't match size. > > With format base64, qmp_memchar_write() copies the full data argument, > regardless of size argument. > > With format utf8, qmp_memchar_write() copies size bytes from data, > happily reading beyond data. Copies crap from the heap or even > crashes. > > Drop the size parameter, and always copy the full data argument. > > Signed-off-by: Markus Armbruster <arm...@redhat.com> > --- > hmp.c | 4 +--- > qapi-schema.json | 4 +--- > qemu-char.c | 8 +++----- > qmp-commands.hx | 4 +--- > 4 files changed, 6 insertions(+), 14 deletions(-)
> if (has_format && (format == DATA_FORMAT_BASE64)) {
> write_data = g_base64_decode(data, &write_count);
> } else {
> write_data = (uint8_t *)data;
> + write_count = strlen(data);
> }
Obviously, base64 is the only way to write an embedded NUL. But what
happens if the user requests base64 encoding, but the utf8 string that
got passed in through JSON is not a valid base64-encoded string? Does
g_base64_decode report an error in that case, and should you be handling
the error here?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
