OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

qmp: object-add: Validate class before creating object

Browse Source 
Currently it is very easy to crash QEMU by issuing an object-add command
using an abstract class or a class that doesn't support
TYPE_USER_CREATABLE as parameter.

Example: with the following QMP command:

    (QEMU) object-add qom-type=cpu id=foo

QEMU aborts at:

    ERROR:qom/object.c:335:object_initialize_with_type: assertion failed: (type->abstract == false)

This patch moves the check for TYPE_USER_CREATABLE before object_new(),
and adds a check to prevent the code from trying to instantiate abstract
classes.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Tested-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This commit is contained in:
Eduardo Habkost 2014-04-16 14:39:38 -03:00 committed by Luiz Capitulino
parent 2da1b3abbc
commit c3481247e5
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
qmp.c
View File

@ -540,14 +540,27 @@ void object_add(const char *type, const char *id, const QDict *qdict,
Visitor *v, Error **errp)
{
Object *obj;
ObjectClass *klass;
const QDictEntry *e;
Error *local_err = NULL;
if (!object_class_by_name(type)) {
klass = object_class_by_name(type);
if (!klass) {
error_setg(errp, "invalid class name");
return;
}
if (!object_class_dynamic_cast(klass, TYPE_USER_CREATABLE)) {
error_setg(errp, "object type '%s' isn't supported by object-add",
type);
return;
}
if (object_class_is_abstract(klass)) {
error_setg(errp, "object type '%s' is abstract", type);
return;
}
obj = object_new(type);
if (qdict) {
for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) {
@ -558,12 +571,6 @@ void object_add(const char *type, const char *id, const QDict *qdict,
}
}
if (!object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
error_setg(&local_err, "object type '%s' isn't supported by object-add",
type);
goto out;
}
user_creatable_complete(obj, &local_err);
if (local_err) {
goto out;