On 07/27/2018 10:13 AM, Markus Armbruster wrote:
When you build QMP input manually like this
cmd = g_strdup_printf("{ 'execute': 'migrate',"
"'arguments': { 'uri': '%s' } }",
uri);
rsp = qmp(cmd);
g_free(cmd);
you're responsible for escaping the interpolated values for JSON. Not
done here, and therefore works only for sufficiently nice @uri. For
instance, if @uri contained a single "'", qobject_from_vjsonf_nofail()
would abort. A sufficiently nasty @uri could even inject unwanted
members into the arguments object.
Leaving interpolation into JSON to qmp() is more robust:
rsp = qmp("{ 'execute': 'migrate', 'arguments': { 'uri': %s } }", uri);
It's also more concise.
Clean up the simple cases where we interpolate exactly a JSON value.
Bonus: gets rid of non-literal format strings. A step towards
compile-time format string checking without triggering
-Wformat-nonliteral.
Signed-off-by: Markus Armbruster <arm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
- cmd = g_strdup_printf("{ 'execute': 'migrate_set_downtime',"
- "'arguments': { 'value': %g } }", value);
- rsp = qtest_qmp(who, cmd);
- g_free(cmd);
+ rsp = qtest_qmp(who,
+ "{ 'execute': 'migrate_set_downtime',"
+ " 'arguments': { 'value': %f } }", value);
Looks a bit awkward changing %g to %f, but matches the limited subset
that our parser accepts and doesn't change the accuracy needed for the
test to pass.
Reviewed-by: Eric Blake <ebl...@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
