On Fri, Apr 25, 2014 at 08:42:59PM +0200, Andreas Färber wrote:
> Am 25.04.2014 20:02, schrieb Luiz Capitulino:
> > On Fri, 25 Apr 2014 17:57:12 +0200
> > Andreas Färber <afaer...@suse.de> wrote:
> >> Am 25.04.2014 17:12, schrieb Luiz Capitulino:
> >>> On Wed, 16 Apr 2014 14:39:38 -0300
> >>> Eduardo Habkost <ehabk...@redhat.com> wrote:
> >>>
> >>>> Currently it is very easy to crash QEMU by issuing an object-add command
> >>>> using an abstract class or a class that doesn't support
> >>>> TYPE_USER_CREATABLE as parameter.
> >>>>
> >>>> Example: with the following QMP command:
> >>>>
> >>>> (QEMU) object-add qom-type=cpu id=foo
> >>>>
> >>>> QEMU aborts at:
> >>>>
> >>>> ERROR:qom/object.c:335:object_initialize_with_type: assertion
> >>>> failed: (type->abstract == false)
> >>>>
> >>>> This patch moves the check for TYPE_USER_CREATABLE before object_new(),
> >>>> and adds a check to prevent the code from trying to instantiate abstract
> >>>> classes.
> >>>>
> >>>> Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>
> >>>
> >>> Applied to the qmp branch, thanks Eduardo.
> [...]
> >>>> diff --git a/qmp.c b/qmp.c
> >>>> index 87a28f7..9a93ab1 100644
> >>>> --- a/qmp.c
> >>>> +++ b/qmp.c
> >>>> @@ -540,14 +540,27 @@ void object_add(const char *type, const char *id,
> >>>> const QDict *qdict,
> >>>> Visitor *v, Error **errp)
> >>>> {
> >>>> Object *obj;
> >>>> + ObjectClass *klass;
> >>
> >> Luiz, can you rename klass to oc please?
> >
> > My pull request is almost ready (finishing last few tests), so I think
> > it's a bit late for a style change.
>
> Then either one of you please follow-up with a fix before you forget.
> I've been asked to change patches that way, so I expect others do, too.
Could you explain why this is a bug? The patch matches the existing
style in qmp.c, and if I grep the whole tree I see 482 matches for
'ObjectClass *klass' and 165 for 'ObjectClass *oc'.
--
Eduardo
