On 02/23/2017 03:44 PM, Markus Armbruster wrote:
> The value of key 'arguments' must be a JSON object. qemu-ga neglects
> to check, and crashes. To reproduce, send
>
> { 'execute': 'guest-sync', 'arguments': [] }
>
> to qemu-ga.
>
> do_qmp_dispatch() uses qdict_get_qdict() to get the arguments. When
> not a JSON object, this gets a null pointer, which flows through the
> generated marshalling function to qobject_input_visitor_new(), where
> it fails the assertion. qmp_dispatch_check_obj() needs to catch this
> error.
>
> QEMU isn't affected, because it runs qmp_check_input_obj() first,
> which basically duplicates qmp_check_input_obj()'s checks, plus the
> missing one.
>
> Fix by copying the missing one from qmp_check_input_obj() to
> qmp_dispatch_check_obj().
>
> Signed-off-by: Markus Armbruster <arm...@redhat.com>
> Cc: Michael Roth <mdr...@linux.vnet.ibm.com>
> ---
> qapi/qmp-dispatch.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
