From nobody Wed Nov 5 10:43:14 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1533732942110247.137838937796; Wed, 8 Aug 2018 05:55:42 -0700 (PDT) Received: from localhost ([::1]:43529 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fnO04-0001PN-VG for importer@patchew.org; Wed, 08 Aug 2018 08:55:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52718) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fnNBv-0006oy-0o for qemu-devel@nongnu.org; Wed, 08 Aug 2018 08:03:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fnNBk-00005u-Ph for qemu-devel@nongnu.org; Wed, 08 Aug 2018 08:03:51 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:51094 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fnNBk-0008VF-AP for qemu-devel@nongnu.org; Wed, 08 Aug 2018 08:03:40 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9E8464023827; Wed, 8 Aug 2018 12:03:39 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-117-62.ams2.redhat.com [10.36.117.62]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 53DEA20180F6; Wed, 8 Aug 2018 12:03:39 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id C806111386D8; Wed, 8 Aug 2018 14:03:34 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Wed, 8 Aug 2018 14:03:15 +0200 Message-Id: <20180808120334.10970-38-armbru@redhat.com> In-Reply-To: <20180808120334.10970-1-armbru@redhat.com> References: <20180808120334.10970-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 08 Aug 2018 12:03:39 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 08 Aug 2018 12:03:39 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'armbru@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH 37/56] json: Treat unwanted interpolation as lexical error X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, mdroth@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RDMRC_1 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The JSON parser optionally supports interpolation. The lexer recognizes interpolation tokens unconditionally. The parser rejects them when interpolation is disabled, in parse_interpolation(). However, it neglects to set an error then, which can make json_parser_parse() fail without setting an error. Move the check for unwanted interpolation from the parser's parse_interpolation() into the lexer's finite state machine. When interpolation is disabled, '%' is now handled like any other unexpected character. The next commit will improve how such lexical errors are handled. Signed-off-by: Markus Armbruster --- include/qapi/qmp/json-lexer.h | 4 ++-- qobject/json-lexer.c | 42 ++++++++++++++++++++++++++--------- qobject/json-parser.c | 4 ---- qobject/json-streamer.c | 2 +- tests/qmp-test.c | 4 ++++ 5 files changed, 39 insertions(+), 17 deletions(-) diff --git a/include/qapi/qmp/json-lexer.h b/include/qapi/qmp/json-lexer.h index ff3a6f80f0..5586d12f26 100644 --- a/include/qapi/qmp/json-lexer.h +++ b/include/qapi/qmp/json-lexer.h @@ -33,12 +33,12 @@ typedef enum json_token_type { } JSONTokenType; =20 typedef struct JSONLexer { - int state; + int start_state, state; GString *token; int x, y; } JSONLexer; =20 -void json_lexer_init(JSONLexer *lexer); +void json_lexer_init(JSONLexer *lexer, bool enable_interpolation); =20 void json_lexer_feed(JSONLexer *lexer, const char *buffer, size_t size); =20 diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c index 5b1f720331..0ea1eae4aa 100644 --- a/qobject/json-lexer.c +++ b/qobject/json-lexer.c @@ -122,6 +122,7 @@ enum json_lexer_state { IN_INTERPOL_I6, IN_INTERPOL_I64, IN_WHITESPACE, + IN_START_INTERPOL, IN_START, }; =20 @@ -271,17 +272,38 @@ static const uint8_t json_lexer[][256] =3D { [','] =3D JSON_COMMA, [':'] =3D JSON_COLON, ['a' ... 'z'] =3D IN_KEYWORD, + [' '] =3D IN_WHITESPACE, + ['\t'] =3D IN_WHITESPACE, + ['\r'] =3D IN_WHITESPACE, + ['\n'] =3D IN_WHITESPACE, + }, + + [IN_START_INTERPOL] =3D { + ['"'] =3D IN_DQ_STRING, + ['\''] =3D IN_SQ_STRING, + ['0'] =3D IN_ZERO, + ['1' ... '9'] =3D IN_NONZERO_NUMBER, + ['-'] =3D IN_NEG_NONZERO_NUMBER, + ['{'] =3D JSON_LCURLY, + ['}'] =3D JSON_RCURLY, + ['['] =3D JSON_LSQUARE, + [']'] =3D JSON_RSQUARE, + [','] =3D JSON_COMMA, + [':'] =3D JSON_COLON, + ['a' ... 'z'] =3D IN_KEYWORD, + [' '] =3D IN_WHITESPACE, + ['\t'] =3D IN_WHITESPACE, + ['\r'] =3D IN_WHITESPACE, + ['\n'] =3D IN_WHITESPACE, + /* matches IN_START up to here */ ['%'] =3D IN_INTERPOL, - [' '] =3D IN_WHITESPACE, - ['\t'] =3D IN_WHITESPACE, - ['\r'] =3D IN_WHITESPACE, - ['\n'] =3D IN_WHITESPACE, }, }; =20 -void json_lexer_init(JSONLexer *lexer) +void json_lexer_init(JSONLexer *lexer, bool enable_interpolation) { - lexer->state =3D IN_START; + lexer->start_state =3D lexer->state =3D enable_interpolation + ? IN_START_INTERPOL : IN_START; lexer->token =3D g_string_sized_new(3); lexer->x =3D lexer->y =3D 0; } @@ -321,7 +343,7 @@ static void json_lexer_feed_char(JSONLexer *lexer, char= ch, bool flush) /* fall through */ case JSON_SKIP: g_string_truncate(lexer->token, 0); - new_state =3D IN_START; + new_state =3D lexer->start_state; break; case IN_ERROR: /* XXX: To avoid having previous bad input leaving the parser = in an @@ -340,7 +362,7 @@ static void json_lexer_feed_char(JSONLexer *lexer, char= ch, bool flush) json_message_process_token(lexer, lexer->token, JSON_ERROR, lexer->x, lexer->y); g_string_truncate(lexer->token, 0); - new_state =3D IN_START; + new_state =3D lexer->start_state; lexer->state =3D new_state; return; default: @@ -356,7 +378,7 @@ static void json_lexer_feed_char(JSONLexer *lexer, char= ch, bool flush) json_message_process_token(lexer, lexer->token, lexer->state, lexer->x, lexer->y); g_string_truncate(lexer->token, 0); - lexer->state =3D IN_START; + lexer->state =3D lexer->start_state; } } =20 @@ -371,7 +393,7 @@ void json_lexer_feed(JSONLexer *lexer, const char *buff= er, size_t size) =20 void json_lexer_flush(JSONLexer *lexer) { - if (lexer->state !=3D IN_START) { + if (lexer->state !=3D lexer->start_state) { json_lexer_feed_char(lexer, 0, true); } } diff --git a/qobject/json-parser.c b/qobject/json-parser.c index f1806ce0dc..848d469b2a 100644 --- a/qobject/json-parser.c +++ b/qobject/json-parser.c @@ -422,10 +422,6 @@ static QObject *parse_interpolation(JSONParserContext = *ctxt, va_list *ap) { JSONToken *token; =20 - if (ap =3D=3D NULL) { - return NULL; - } - token =3D parser_context_pop_token(ctxt); assert(token && token->type =3D=3D JSON_INTERPOL); =20 diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c index fa595a8761..a373e0114a 100644 --- a/qobject/json-streamer.c +++ b/qobject/json-streamer.c @@ -115,7 +115,7 @@ void json_message_parser_init(JSONMessageParser *parser, parser->tokens =3D g_queue_new(); parser->token_size =3D 0; =20 - json_lexer_init(&parser->lexer); + json_lexer_init(&parser->lexer, !!ap); } =20 void json_message_parser_feed(JSONMessageParser *parser, diff --git a/tests/qmp-test.c b/tests/qmp-test.c index b77987b644..3046567819 100644 --- a/tests/qmp-test.c +++ b/tests/qmp-test.c @@ -94,6 +94,10 @@ static void test_malformed(QTestState *qts) =20 /* lexical error: interpolation */ qtest_qmp_send_raw(qts, "%%p\n"); + /* two errors, one for "%", one for "p" */ + resp =3D qtest_qmp_receive(qts); + g_assert_cmpstr(get_error_class(resp), =3D=3D, "GenericError"); + qobject_unref(resp); resp =3D qtest_qmp_receive(qts); g_assert_cmpstr(get_error_class(resp), =3D=3D, "GenericError"); qobject_unref(resp); --=20 2.17.1