From nobody Fri Apr 26 11:45:53 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1552662772032290.6500791297274; Fri, 15 Mar 2019 08:12:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3624419D04A; Fri, 15 Mar 2019 15:12:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0DA805D9D3; Fri, 15 Mar 2019 15:12:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CAAC83D387; Fri, 15 Mar 2019 15:12:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2FFCmhA031350 for ; Fri, 15 Mar 2019 11:12:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8CE5160F89; Fri, 15 Mar 2019 15:12:48 +0000 (UTC) Received: from blue.redhat.com (ovpn-118-35.phx2.redhat.com [10.3.118.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4280460FDC; Fri, 15 Mar 2019 15:12:46 +0000 (UTC) From: Eric Blake To: libvir-list@redhat.com Date: Fri, 15 Mar 2019 10:12:45 -0500 Message-Id: <20190315151245.29530-1-eblake@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] object: Add sanity check on correct parent class X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 15 Mar 2019 15:12:50 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Checking that the derived class is larger than the requested parent class saves us from some obvious mistakes, but as written, it does not catch all the cases; in particular, it is easy to forget to update a VIR_CLASS_NEW when changing the 'parent' member from virObject to virObjectLockabale, but where the size checks don't catch that. Add a parameter for one more layer of sanity checking. Note that I did NOT change the fact that we require derived classes to be larger (as the difference in size makes it easy to tell classes apart), which means that even if a derived class has no functionality to add (but rather exists for compiler-enforced type-safety), it must still include a dummy member. But I did fix the wording of the error message to match the code. Signed-off-by: Eric Blake Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: J=C3=A1n Tomko --- Here's hoping Coverity doesn't have a false-positive complaint about the error message being a potential dereference of NULL (the only time 'parent =3D=3D NULL' is when 'parentsize =3D=3D 0', based on the fact that = our syntax checks forbid raw calls to virClassNew() except for "virObject" itself - but Coverity likely won't see that). src/util/virobject.h | 5 ++++- src/util/virobject.c | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/util/virobject.h b/src/util/virobject.h index d4ec943a43..757068fcc1 100644 --- a/src/util/virobject.h +++ b/src/util/virobject.h @@ -82,12 +82,15 @@ virClassPtr virClassForObjectRWLockable(void); */ # define VIR_CLASS_NEW(name, prnt) \ verify_expr(offsetof(name, parent) =3D=3D 0, \ - (name##Class =3D virClassNew(prnt, #name, sizeof(name), name##Dispos= e))) + (name##Class =3D virClassNew(prnt, #name, sizeof(name), \ + sizeof(((name *)NULL)->parent), \ + name##Dispose))) virClassPtr virClassNew(virClassPtr parent, const char *name, size_t objectSize, + size_t parentSize, virObjectDisposeCallback dispose) VIR_PARENT_REQUIRED ATTRIBUTE_NONNULL(2); diff --git a/src/util/virobject.c b/src/util/virobject.c index 3b28331ba7..b4ee068cb2 100644 --- a/src/util/virobject.c +++ b/src/util/virobject.c @@ -78,6 +78,7 @@ virObjectOnceInit(void) if (!(virObjectClass =3D virClassNew(NULL, "virObject", sizeof(virObject), + 0, NULL))) return -1; @@ -159,6 +160,7 @@ virClassPtr virClassNew(virClassPtr parent, const char *name, size_t objectSize, + size_t parentSize, virObjectDisposeCallback dispose) { virClassPtr klass; @@ -167,10 +169,10 @@ virClassNew(virClassPtr parent, STRNEQ(name, "virObject")) { virReportInvalidNonNullArg(parent); return NULL; - } else if (parent && - objectSize <=3D parent->objectSize) { + } else if (objectSize <=3D parentSize || + parentSize !=3D (parent ? parent->objectSize : 0)) { virReportInvalidArg(objectSize, - _("object size %zu of %s is smaller than paren= t class %zu"), + _("object size %zu of %s is not larger than pa= rent class %zu"), objectSize, name, parent->objectSize); return NULL; } --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list