mirror of
https://github.com/qemu/qemu.git
synced 2024-12-05 01:33:41 +08:00
2a4794ba14
qobject_from_json() & friends use the consume_json() callback to receive either a value or an error from the parser. When they are fed a string that contains more than either one JSON value or one JSON syntax error, consume_json() gets called multiple times. When the last call receives a value, qobject_from_json() returns that value. Any other values are leaked. When any call receives an error, qobject_from_json() sets the first error received. Any other errors are thrown away. When values follow errors, qobject_from_json() returns both a value and sets an error. That's bad. Impact: * block.c's parse_json_protocol() ignores and leaks the value. It's used to to parse pseudo-filenames starting with "json:". The pseudo-filenames can come from the user or from image meta-data such as a QCOW2 image's backing file name. * vl.c's parse_display_qapi() ignores and leaks the error. It's used to parse the argument of command line option -display. * vl.c's main() case QEMU_OPTION_blockdev ignores the error and leaves it in @err. main() will then pass a pointer to a non-null Error * to net_init_clients(), which is forbidden. It can lead to assertion failure or other misbehavior. * check-qjson.c's multiple_values() demonstrates the badness. * The other callers are not affected since they only pass strings with exactly one JSON value or, in the case of negative tests, one error. The impact on the _nofail() functions is relatively harmless. They abort when any call receives an error. Else they return the last value, and leak the others, if any. Fix consume_json() as follows. On the first call, save value and error as before. On subsequent calls, if any, don't save them. If the first call saved a value, the next call, if any, replaces the value by an "Expecting at most one JSON value" error. Take care not to leak values or errors that aren't saved. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180823164025.12553-44-armbru@redhat.com>
341 lines
8.4 KiB
C
341 lines
8.4 KiB
C
/*
|
|
* QObject JSON integration
|
|
*
|
|
* Copyright IBM, Corp. 2009
|
|
*
|
|
* Authors:
|
|
* Anthony Liguori <aliguori@us.ibm.com>
|
|
*
|
|
* This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
|
|
* See the COPYING.LIB file in the top-level directory.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "qapi/error.h"
|
|
#include "qapi/qmp/json-streamer.h"
|
|
#include "qapi/qmp/qjson.h"
|
|
#include "qapi/qmp/qbool.h"
|
|
#include "qapi/qmp/qdict.h"
|
|
#include "qapi/qmp/qlist.h"
|
|
#include "qapi/qmp/qnum.h"
|
|
#include "qapi/qmp/qstring.h"
|
|
#include "qemu/unicode.h"
|
|
|
|
typedef struct JSONParsingState
|
|
{
|
|
JSONMessageParser parser;
|
|
QObject *result;
|
|
Error *err;
|
|
} JSONParsingState;
|
|
|
|
static void consume_json(void *opaque, QObject *json, Error *err)
|
|
{
|
|
JSONParsingState *s = opaque;
|
|
|
|
assert(!json != !err);
|
|
assert(!s->result || !s->err);
|
|
|
|
if (s->result) {
|
|
qobject_unref(s->result);
|
|
s->result = NULL;
|
|
error_setg(&s->err, "Expecting at most one JSON value");
|
|
}
|
|
if (s->err) {
|
|
qobject_unref(json);
|
|
error_free(err);
|
|
return;
|
|
}
|
|
s->result = json;
|
|
s->err = err;
|
|
}
|
|
|
|
/*
|
|
* Parse @string as JSON value.
|
|
* If @ap is non-null, interpolate %-escapes.
|
|
* Takes ownership of %p arguments.
|
|
* On success, return the JSON value.
|
|
* On failure, store an error through @errp and return NULL.
|
|
* Ownership of %p arguments becomes indeterminate then. To avoid
|
|
* leaks, callers passing %p must terminate on error, e.g. by passing
|
|
* &error_abort.
|
|
*/
|
|
static QObject *qobject_from_jsonv(const char *string, va_list *ap,
|
|
Error **errp)
|
|
{
|
|
JSONParsingState state = {};
|
|
|
|
json_message_parser_init(&state.parser, consume_json, &state, ap);
|
|
json_message_parser_feed(&state.parser, string, strlen(string));
|
|
json_message_parser_flush(&state.parser);
|
|
json_message_parser_destroy(&state.parser);
|
|
|
|
error_propagate(errp, state.err);
|
|
return state.result;
|
|
}
|
|
|
|
QObject *qobject_from_json(const char *string, Error **errp)
|
|
{
|
|
return qobject_from_jsonv(string, NULL, errp);
|
|
}
|
|
|
|
/*
|
|
* Parse @string as JSON value with %-escapes interpolated.
|
|
* Abort on error. Do not use with untrusted @string.
|
|
* Return the resulting QObject. It is never null.
|
|
*/
|
|
QObject *qobject_from_vjsonf_nofail(const char *string, va_list ap)
|
|
{
|
|
va_list ap_copy;
|
|
QObject *obj;
|
|
|
|
/* va_copy() is needed when va_list is an array type */
|
|
va_copy(ap_copy, ap);
|
|
obj = qobject_from_jsonv(string, &ap_copy, &error_abort);
|
|
va_end(ap_copy);
|
|
|
|
assert(obj);
|
|
return obj;
|
|
}
|
|
|
|
/*
|
|
* Parse @string as JSON value with %-escapes interpolated.
|
|
* Abort on error. Do not use with untrusted @string.
|
|
* Return the resulting QObject. It is never null.
|
|
*/
|
|
QObject *qobject_from_jsonf_nofail(const char *string, ...)
|
|
{
|
|
QObject *obj;
|
|
va_list ap;
|
|
|
|
va_start(ap, string);
|
|
obj = qobject_from_vjsonf_nofail(string, ap);
|
|
va_end(ap);
|
|
|
|
return obj;
|
|
}
|
|
|
|
/*
|
|
* Parse @string as JSON object with %-escapes interpolated.
|
|
* Abort on error. Do not use with untrusted @string.
|
|
* Return the resulting QDict. It is never null.
|
|
*/
|
|
QDict *qdict_from_vjsonf_nofail(const char *string, va_list ap)
|
|
{
|
|
QDict *qdict;
|
|
|
|
qdict = qobject_to(QDict, qobject_from_vjsonf_nofail(string, ap));
|
|
assert(qdict);
|
|
return qdict;
|
|
}
|
|
|
|
/*
|
|
* Parse @string as JSON object with %-escapes interpolated.
|
|
* Abort on error. Do not use with untrusted @string.
|
|
* Return the resulting QDict. It is never null.
|
|
*/
|
|
QDict *qdict_from_jsonf_nofail(const char *string, ...)
|
|
{
|
|
QDict *qdict;
|
|
va_list ap;
|
|
|
|
va_start(ap, string);
|
|
qdict = qdict_from_vjsonf_nofail(string, ap);
|
|
va_end(ap);
|
|
return qdict;
|
|
}
|
|
|
|
typedef struct ToJsonIterState
|
|
{
|
|
int indent;
|
|
int pretty;
|
|
int count;
|
|
QString *str;
|
|
} ToJsonIterState;
|
|
|
|
static void to_json(const QObject *obj, QString *str, int pretty, int indent);
|
|
|
|
static void to_json_dict_iter(const char *key, QObject *obj, void *opaque)
|
|
{
|
|
ToJsonIterState *s = opaque;
|
|
QString *qkey;
|
|
int j;
|
|
|
|
if (s->count) {
|
|
qstring_append(s->str, s->pretty ? "," : ", ");
|
|
}
|
|
|
|
if (s->pretty) {
|
|
qstring_append(s->str, "\n");
|
|
for (j = 0 ; j < s->indent ; j++)
|
|
qstring_append(s->str, " ");
|
|
}
|
|
|
|
qkey = qstring_from_str(key);
|
|
to_json(QOBJECT(qkey), s->str, s->pretty, s->indent);
|
|
qobject_unref(qkey);
|
|
|
|
qstring_append(s->str, ": ");
|
|
to_json(obj, s->str, s->pretty, s->indent);
|
|
s->count++;
|
|
}
|
|
|
|
static void to_json_list_iter(QObject *obj, void *opaque)
|
|
{
|
|
ToJsonIterState *s = opaque;
|
|
int j;
|
|
|
|
if (s->count) {
|
|
qstring_append(s->str, s->pretty ? "," : ", ");
|
|
}
|
|
|
|
if (s->pretty) {
|
|
qstring_append(s->str, "\n");
|
|
for (j = 0 ; j < s->indent ; j++)
|
|
qstring_append(s->str, " ");
|
|
}
|
|
|
|
to_json(obj, s->str, s->pretty, s->indent);
|
|
s->count++;
|
|
}
|
|
|
|
static void to_json(const QObject *obj, QString *str, int pretty, int indent)
|
|
{
|
|
switch (qobject_type(obj)) {
|
|
case QTYPE_QNULL:
|
|
qstring_append(str, "null");
|
|
break;
|
|
case QTYPE_QNUM: {
|
|
QNum *val = qobject_to(QNum, obj);
|
|
char *buffer = qnum_to_string(val);
|
|
qstring_append(str, buffer);
|
|
g_free(buffer);
|
|
break;
|
|
}
|
|
case QTYPE_QSTRING: {
|
|
QString *val = qobject_to(QString, obj);
|
|
const char *ptr;
|
|
int cp;
|
|
char buf[16];
|
|
char *end;
|
|
|
|
ptr = qstring_get_str(val);
|
|
qstring_append(str, "\"");
|
|
|
|
for (; *ptr; ptr = end) {
|
|
cp = mod_utf8_codepoint(ptr, 6, &end);
|
|
switch (cp) {
|
|
case '\"':
|
|
qstring_append(str, "\\\"");
|
|
break;
|
|
case '\\':
|
|
qstring_append(str, "\\\\");
|
|
break;
|
|
case '\b':
|
|
qstring_append(str, "\\b");
|
|
break;
|
|
case '\f':
|
|
qstring_append(str, "\\f");
|
|
break;
|
|
case '\n':
|
|
qstring_append(str, "\\n");
|
|
break;
|
|
case '\r':
|
|
qstring_append(str, "\\r");
|
|
break;
|
|
case '\t':
|
|
qstring_append(str, "\\t");
|
|
break;
|
|
default:
|
|
if (cp < 0) {
|
|
cp = 0xFFFD; /* replacement character */
|
|
}
|
|
if (cp > 0xFFFF) {
|
|
/* beyond BMP; need a surrogate pair */
|
|
snprintf(buf, sizeof(buf), "\\u%04X\\u%04X",
|
|
0xD800 + ((cp - 0x10000) >> 10),
|
|
0xDC00 + ((cp - 0x10000) & 0x3FF));
|
|
} else if (cp < 0x20 || cp >= 0x7F) {
|
|
snprintf(buf, sizeof(buf), "\\u%04X", cp);
|
|
} else {
|
|
buf[0] = cp;
|
|
buf[1] = 0;
|
|
}
|
|
qstring_append(str, buf);
|
|
}
|
|
};
|
|
|
|
qstring_append(str, "\"");
|
|
break;
|
|
}
|
|
case QTYPE_QDICT: {
|
|
ToJsonIterState s;
|
|
QDict *val = qobject_to(QDict, obj);
|
|
|
|
s.count = 0;
|
|
s.str = str;
|
|
s.indent = indent + 1;
|
|
s.pretty = pretty;
|
|
qstring_append(str, "{");
|
|
qdict_iter(val, to_json_dict_iter, &s);
|
|
if (pretty) {
|
|
int j;
|
|
qstring_append(str, "\n");
|
|
for (j = 0 ; j < indent ; j++)
|
|
qstring_append(str, " ");
|
|
}
|
|
qstring_append(str, "}");
|
|
break;
|
|
}
|
|
case QTYPE_QLIST: {
|
|
ToJsonIterState s;
|
|
QList *val = qobject_to(QList, obj);
|
|
|
|
s.count = 0;
|
|
s.str = str;
|
|
s.indent = indent + 1;
|
|
s.pretty = pretty;
|
|
qstring_append(str, "[");
|
|
qlist_iter(val, (void *)to_json_list_iter, &s);
|
|
if (pretty) {
|
|
int j;
|
|
qstring_append(str, "\n");
|
|
for (j = 0 ; j < indent ; j++)
|
|
qstring_append(str, " ");
|
|
}
|
|
qstring_append(str, "]");
|
|
break;
|
|
}
|
|
case QTYPE_QBOOL: {
|
|
QBool *val = qobject_to(QBool, obj);
|
|
|
|
if (qbool_get_bool(val)) {
|
|
qstring_append(str, "true");
|
|
} else {
|
|
qstring_append(str, "false");
|
|
}
|
|
break;
|
|
}
|
|
default:
|
|
abort();
|
|
}
|
|
}
|
|
|
|
QString *qobject_to_json(const QObject *obj)
|
|
{
|
|
QString *str = qstring_new();
|
|
|
|
to_json(obj, str, 0, 0);
|
|
|
|
return str;
|
|
}
|
|
|
|
QString *qobject_to_json_pretty(const QObject *obj)
|
|
{
|
|
QString *str = qstring_new();
|
|
|
|
to_json(obj, str, 1, 0);
|
|
|
|
return str;
|
|
}
|