The JSON parser happily accepts duplicate object member names. The
last value wins. Reproducer #1:
$ qemu-system-x86_64 -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 93, "minor": 0, "major": 3},
"package": "v3.1.0-rc3-7-g87a45d86ed"}, "capabilities": []}}
{'execute':'qmp_capabilities'}
{"return": {}}
{'execute':'blockdev-add','arguments':{'driver':'null-co',
'node-name':'foo','node-name':'bar'}}
{"return": {}}
{'execute':'query-named-block-nodes'}
{"return": [{ [...] "node-name": "bar" [...] }]}
Reproducer #2 is iotest 229.
Fix the parser to reject duplicates, and fix iotest 229 not to use
them.
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20181206121743.20762-1-armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[Trailing whitespace tidied up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
qobject/json-parser.c | 5 +++++
tests/qemu-iotests/229 | 1 -
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index 5a840dfd86..7a7ae9e8d1 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -288,6 +288,11 @@ static int parse_pair(JSONParserContext *ctxt, QDict *dict)
goto out;
}
+ if (qdict_haskey(dict, qstring_get_str(key))) {
+ parse_error(ctxt, token, "duplicate key");
+ goto out;
+ }
+
qdict_put_obj(dict, qstring_get_str(key), value);
qobject_unref(key);
diff --git a/tests/qemu-iotests/229 b/tests/qemu-iotests/229
index 86602437ff..893d098ad2 100755
--- a/tests/qemu-iotests/229
+++ b/tests/qemu-iotests/229
@@ -69,7 +69,6 @@ echo
_send_qemu_cmd $QEMU_HANDLE \
"{'execute': 'drive-mirror',
'arguments': {'device': 'testdisk',
- 'mode': 'absolute-paths',
'format': '$IMGFMT',
'target': '$DEST_IMG',
'sync': 'full',
--
2.17.2