qobject_to_qfloat() and qobject_to_qint() crash on null, which is a
trap for the unwary. Return null instead, and simplify a few callers.
Signed-off-by: Markus Armbruster <arm...@redhat.com>
---
qapi/qmp-input-visitor.c | 28 ++++++++++++++++------------
qobject/qdict.c | 11 +++--------
qobject/qfloat.c | 4 ++--
qobject/qint.c | 4 ++--
4 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index f32ce81..267783c 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -225,15 +225,15 @@ static void qmp_input_type_int(Visitor *v, int64_t *obj,
const char *name,
Error **errp)
{
QmpInputVisitor *qiv = to_qiv(v);
- QObject *qobj = qmp_input_get_object(qiv, name, true);
+ QInt *qint = qobject_to_qint(qmp_input_get_object(qiv, name, true));
- if (!qobj || qobject_type(qobj) != QTYPE_QINT) {
+ if (!qint) {
error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
"integer");
return;
}
- *obj = qint_get_int(qobject_to_qint(qobj));
+ *obj = qint_get_int(qint);
}
static void qmp_input_type_bool(Visitor *v, bool *obj, const char *name,
@@ -271,19 +271,23 @@ static void qmp_input_type_number(Visitor *v, double
*obj, const char *name,
{
QmpInputVisitor *qiv = to_qiv(v);
QObject *qobj = qmp_input_get_object(qiv, name, true);
+ QInt *qint;
+ QFloat *qfloat;
- if (!qobj || (qobject_type(qobj) != QTYPE_QFLOAT &&
- qobject_type(qobj) != QTYPE_QINT)) {
- error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
- "number");
- return;
- }
-
- if (qobject_type(qobj) == QTYPE_QINT) {
+ qint = qobject_to_qint(qobj);
+ if (qint) {
*obj = qint_get_int(qobject_to_qint(qobj));
- } else {
+ return;
+ }
+
+ qfloat = qobject_to_qfloat(qobj);
+ if (qfloat) {
*obj = qfloat_get_double(qobject_to_qfloat(qobj));
+ return;
}
+
+ error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
+ "number");
}
static void qmp_input_type_any(Visitor *v, QObject **obj, const char *name,
diff --git a/qobject/qdict.c b/qobject/qdict.c
index 6b32285..97e881b 100644
--- a/qobject/qdict.c
+++ b/qobject/qdict.c
@@ -229,8 +229,7 @@ double qdict_get_double(const QDict *qdict, const char *key)
*/
int64_t qdict_get_int(const QDict *qdict, const char *key)
{
- QObject *obj = qdict_get_obj(qdict, key, QTYPE_QINT);
- return qint_get_int(qobject_to_qint(obj));
+ return qint_get_int(qobject_to_qint(qdict_get(qdict, key)));
}
/**
@@ -297,13 +296,9 @@ const char *qdict_get_str(const QDict *qdict, const char
*key)
int64_t qdict_get_try_int(const QDict *qdict, const char *key,
int64_t def_value)
{
- QObject *obj;
+ QInt *qint = qobject_to_qint(qdict_get(qdict, key));
- obj = qdict_get(qdict, key);
- if (!obj || qobject_type(obj) != QTYPE_QINT)
- return def_value;
-
- return qint_get_int(qobject_to_qint(obj));
+ return qint ? qint_get_int(qint) : def_value;
}
/**
diff --git a/qobject/qfloat.c b/qobject/qfloat.c
index 7de0992..c865163 100644
--- a/qobject/qfloat.c
+++ b/qobject/qfloat.c
@@ -51,9 +51,9 @@ double qfloat_get_double(const QFloat *qf)
*/
QFloat *qobject_to_qfloat(const QObject *obj)
{
- if (qobject_type(obj) != QTYPE_QFLOAT)
+ if (!obj || qobject_type(obj) != QTYPE_QFLOAT) {
return NULL;
-
+ }
return container_of(obj, QFloat, base);
}
diff --git a/qobject/qint.c b/qobject/qint.c
index 86b9b04..999688e 100644
--- a/qobject/qint.c
+++ b/qobject/qint.c
@@ -50,9 +50,9 @@ int64_t qint_get_int(const QInt *qi)
*/
QInt *qobject_to_qint(const QObject *obj)
{
- if (qobject_type(obj) != QTYPE_QINT)
+ if (!obj || qobject_type(obj) != QTYPE_QINT) {
return NULL;
-
+ }
return container_of(obj, QInt, base);
}
--
2.4.3
