mirror of
https://github.com/Motorhead1991/qemu.git
synced 2026-01-18 05:45:29 -07:00
74d8c9d99d
The value of key 'arguments' must be a JSON object. qemu-ga neglects
to check, and crashes. To reproduce, send
{ 'execute': 'guest-sync', 'arguments': [] }
to qemu-ga.
do_qmp_dispatch() uses qdict_get_qdict() to get the arguments. When
not a JSON object, this gets a null pointer, which flows through the
generated marshalling function to qobject_input_visitor_new(), where
it fails the assertion. qmp_dispatch_check_obj() needs to catch this
error.
QEMU isn't affected, because it runs qmp_check_input_obj() first,
which basically duplicates qmp_dispatch_check_obj()'s checks, plus the
missing one.
Fix by copying the missing one from qmp_check_input_obj() to
qmp_dispatch_check_obj().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1488544368-30622-2-git-send-email-armbru@redhat.com>
|
||
|---|---|---|
| .. | ||
| block-core.json | ||
| block.json | ||
| common.json | ||
| crypto.json | ||
| event.json | ||
| introspect.json | ||
| Makefile.objs | ||
| opts-visitor.c | ||
| qapi-clone-visitor.c | ||
| qapi-dealloc-visitor.c | ||
| qapi-util.c | ||
| qapi-visit-core.c | ||
| qmp-dispatch.c | ||
| qmp-event.c | ||
| qmp-registry.c | ||
| qobject-input-visitor.c | ||
| qobject-output-visitor.c | ||
| rocker.json | ||
| string-input-visitor.c | ||
| string-output-visitor.c | ||
| trace-events | ||
| trace.json | ||