Eric Blake <ebl...@redhat.com> writes:
> On 02/23/2017 04:46 PM, Eric Blake wrote:
>> On 02/23/2017 03:44 PM, Markus Armbruster wrote:
>>> The value of key 'arguments' must be a JSON object. qemu-ga neglects
>>> to check, and crashes. To reproduce, send
>>>
>>> { 'execute': 'guest-sync', 'arguments': [] }
>>>
>>> to qemu-ga.
>>>
>>> do_qmp_dispatch() uses qdict_get_qdict() to get the arguments. When
>>> not a JSON object, this gets a null pointer, which flows through the
>>> generated marshalling function to qobject_input_visitor_new(), where
>>> it fails the assertion. qmp_dispatch_check_obj() needs to catch this
>>> error.
>>>
>>> QEMU isn't affected, because it runs qmp_check_input_obj() first,
>>> which basically duplicates qmp_check_input_obj()'s checks, plus the
>
> This sentence is weird (func A can't duplicate func A's checks; you're
> missing a func B, but I'm not sure which instance is wrong, nor what B
> should be).
B is qmp_dispatch_check_obj(). I'll fix it.
>>> missing one.
>>>
>>> Fix by copying the missing one from qmp_check_input_obj() to
>>> qmp_dispatch_check_obj().
>>>
>>> Signed-off-by: Markus Armbruster <arm...@redhat.com>
>>> Cc: Michael Roth <mdr...@linux.vnet.ibm.com>
>>> ---
>>> qapi/qmp-dispatch.c | 8 +++++++-
>>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> Reviewed-by: Eric Blake <ebl...@redhat.com>
Thanks!
