Markus Armbruster <arm...@redhat.com> writes:
> Eric Blake <ebl...@redhat.com> writes:
>
>> Just noticed this core dump (I was actually trying to exceed the 1024
>> hard-baked limit in qmp-input-visitor.c which tries to set an Error
>> object, but it looks like that limit was unreachable due to this earlier
>> assertion):
>>
>> $ printf '{"execute":"qmp_capabilities","id":%1025s' " " | tr ' ' { |
>> ./x86_64-softmmu/qemu-system-x86_64 -nodefaults -qmp stdio
>> {"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2},
>> "package": ""}, "capabilities": []}}
>> main-loop: WARNING: I/O thread spun for 1000 iterations
>> **
>> ERROR:qobject/json-parser.c:294:parser_context_peek_token: assertion
>> failed: (ctxt->tokens.pos < ctxt->tokens.count)
>> Aborted (core dumped)
>>
>> I don't know the best way to deal with a client that abuses QMP
>> protocol, but it would at least be nice to not abort.
>
> Handwritten parser crashes, surprise, surprise.
>
> 1023 works, 1024 crashes. Need to dig to find out why.
Regressed in commit 65c0f1e "json-parser: don't replicate tokens at each
level of recursion", v1.2.0. Until then, we got a clean "{"error":
{"class": "GenericError", "desc": "Invalid JSON syntax"}}".
