From nobody Wed Nov 27 04:42:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1700588118; cv=none; d=zohomail.com; s=zohoarc; b=P9aKZcVEWJiFxeoShAHG2YNiDgZD3EO+NoU1e0qBcAqCYAD2s86XqMPqR4osB9ZRROdAAsexRTHtnMyx4vRQXW3E9G6/1iYao6/PtoVYm13S5pqPSJNl9T7j5HRGz7qutAtX6BBz0DylFDftfbMt+4qh3le5kl6fYFFQYWfJYrs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1700588118; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=K7qNnSKJxOZantk4zTpYBHMaq49b+c+NbuYszzcGHU4=; b=EoaA2Ue2eWmjnWMhiUjJ5c8YPRi8vIpeYLadrRzoG/4etD6eqz0us59UwPNRi2YEnfQHVi8pGe2UOjbfgeAuXuXONeZnd2XM6k+zaXO31a/WWBwRRu5C4d86sv9g4mSwvdDbPzfqzbNJxxGOwUK68EZjFBULwTYSPZ7S5UpNdts= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1700588118940626.8127913372468; Tue, 21 Nov 2023 09:35:18 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r5Udt-0003gF-BJ; Tue, 21 Nov 2023 12:34:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r5Uds-0003fu-1D for qemu-devel@nongnu.org; Tue, 21 Nov 2023 12:34:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r5Udo-0008Ix-Tt for qemu-devel@nongnu.org; Tue, 21 Nov 2023 12:34:31 -0500 Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-517-xIWxVDC1MwK_mUWKLw-x9A-1; Tue, 21 Nov 2023 12:34:24 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9BFE21C060CE; Tue, 21 Nov 2023 17:34:24 +0000 (UTC) Received: from merkur.fritz.box (unknown [10.39.194.112]) by smtp.corp.redhat.com (Postfix) with ESMTP id AA84A1C060AE; Tue, 21 Nov 2023 17:34:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700588066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K7qNnSKJxOZantk4zTpYBHMaq49b+c+NbuYszzcGHU4=; b=dNFMm4BPLATDWSvqEPSANULwBFiaCi45RGb7w+sDee1C+qpf12Vy2TSjbCeMgU7gjsUOh4 yCXNXvTyz7cdUAoFt/7SCj9/DEqckzaopr0BM0BTzJ6EMuGJjdaU5Qzaz6psQkNygo9DNW gGIZ5Kh2oP7wJC9GoPbnTBstSRHrpgs= X-MC-Unique: xIWxVDC1MwK_mUWKLw-x9A-1 From: Kevin Wolf To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, thuth@redhat.com, armbru@redhat.com, philmd@linaro.org, peter.maydell@linaro.org Subject: [PATCH for-8.2 1/2] qdev: Fix crash in array property getter Date: Tue, 21 Nov 2023 18:34:15 +0100 Message-ID: <20231121173416.346610-2-kwolf@redhat.com> In-Reply-To: <20231121173416.346610-1-kwolf@redhat.com> References: <20231121173416.346610-1-kwolf@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1700588120517100002 Content-Type: text/plain; charset="utf-8" Passing an uninitialised list to visit_start_list() happens to work for the QObject output visitor because it treats the pointer as an opaque value and never dereferences it, but the string output visitor expects a valid list to check if it has more than one element. The existing code crashes with the string output visitor if the uninitialised value is non-NULL. Passing an explicit NULL would fix the crash, but still result in wrong output. Rework get_prop_array() so that it conforms to the expectations that the string output visitor has. This includes building a real list first and using visit_next_list() to iterate it. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1993 Reported-by: Thomas Huth Signed-off-by: Kevin Wolf Tested-by: Dan Hoffman Tested-by: Thomas Huth --- hw/core/qdev-properties.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c index 91632f7be9..840006e953 100644 --- a/hw/core/qdev-properties.c +++ b/hw/core/qdev-properties.c @@ -689,23 +689,36 @@ static void get_prop_array(Object *obj, Visitor *v, c= onst char *name, Property *prop =3D opaque; uint32_t *alenptr =3D object_field_prop_ptr(obj, prop); void **arrayptr =3D (void *)obj + prop->arrayoffset; - char *elem =3D *arrayptr; - GenericList *list; - const size_t list_elem_size =3D sizeof(*list) + prop->arrayfieldsize; + char *elemptr =3D *arrayptr; + ArrayElementList *list =3D NULL, *elem; + ArrayElementList **tail =3D &list; + const size_t size =3D sizeof(*list); int i; bool ok; =20 - if (!visit_start_list(v, name, &list, list_elem_size, errp)) { + /* At least the string output visitor needs a real list */ + for (i =3D 0; i < *alenptr; i++) { + elem =3D g_new0(ArrayElementList, 1); + elem->value =3D elemptr; + elemptr +=3D prop->arrayfieldsize; + + *tail =3D elem; + tail =3D &elem->next; + } + + if (!visit_start_list(v, name, (GenericList **) &list, size, errp)) { return; } =20 - for (i =3D 0; i < *alenptr; i++) { - Property elem_prop =3D array_elem_prop(obj, prop, name, elem); + elem =3D list; + while (elem) { + Property elem_prop =3D array_elem_prop(obj, prop, name, elem->valu= e); prop->arrayinfo->get(obj, v, NULL, &elem_prop, errp); if (*errp) { goto out_obj; } - elem +=3D prop->arrayfieldsize; + elem =3D (ArrayElementList *) visit_next_list(v, (GenericList*) el= em, + size); } =20 /* visit_check_list() can only fail for input visitors */ @@ -714,6 +727,12 @@ static void get_prop_array(Object *obj, Visitor *v, co= nst char *name, =20 out_obj: visit_end_list(v, (void**) &list); + + while (list) { + elem =3D list; + list =3D elem->next; + g_free(elem); + } } =20 static void default_prop_array(ObjectProperty *op, const Property *prop) --=20 2.42.0 From nobody Wed Nov 27 04:42:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1700588089; cv=none; d=zohomail.com; s=zohoarc; b=LEEyap8wgGspcsMuLqhPYtYvm3+H4+QAOHNQIaRfHiNbaYdP7qM7LvMuQmhdVI81bX0utVwc93C7JvDDdB/Ds4yPdc5EMUq1jtDCYJBFDL/qPLC9o5XtL4s2PAJf9rLSvqbXP6GTPZP61UM10n7ocD6wtrN2cwEPkb2XlKAztJA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1700588089; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=JJX2E52A5d3XASh09C5Ilf4OXbr2/qospmvQ6Uj8io4=; b=AK6nFqcGnHfPRHK+Zif96cglAXBhbc7LKbpXXDlO8Bi+ei6E1etT4+8qjl09IqKxq60t7fNDJP1yrReDxTXR2VrNMZUJks9DuFZiGJmpH2dsrW2TWQGKyobKbGGDxBaSrNnw0iqMG7xxzrSYnR7hhcun4CUQcQKKJwH3TTVMfx4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1700588089304781.6231915953157; Tue, 21 Nov 2023 09:34:49 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r5Udv-0003hK-Vf; Tue, 21 Nov 2023 12:34:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r5Udt-0003gk-Le for qemu-devel@nongnu.org; Tue, 21 Nov 2023 12:34:33 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.145.221.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r5Uds-0008JI-27 for qemu-devel@nongnu.org; Tue, 21 Nov 2023 12:34:33 -0500 Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-2-vtMxkMHTMgmtN35he2UKaQ-1; Tue, 21 Nov 2023 12:34:26 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C50CC1C060C9; Tue, 21 Nov 2023 17:34:25 +0000 (UTC) Received: from merkur.fritz.box (unknown [10.39.194.112]) by smtp.corp.redhat.com (Postfix) with ESMTP id D3D151C060AE; Tue, 21 Nov 2023 17:34:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700588070; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JJX2E52A5d3XASh09C5Ilf4OXbr2/qospmvQ6Uj8io4=; b=Ut3Ukuy5FE1w68AxrcRSXRli0hSuiwH4g5kk96DRJ+ttfoLbE08Ak576fahptSXoVuN4xz RaObVH7xrHcrC5JGTasp/OYiiXnQx/bFUDHTVa5fxAcJKO9fCXVrZHk1VM6bo7xZ4IdqOc zquc4aNa0oIsDeymKpIp5lGjilCMYfA= X-MC-Unique: vtMxkMHTMgmtN35he2UKaQ-1 From: Kevin Wolf To: qemu-devel@nongnu.org Cc: kwolf@redhat.com, thuth@redhat.com, armbru@redhat.com, philmd@linaro.org, peter.maydell@linaro.org Subject: [PATCH for-8.2 2/2] string-output-visitor: Support lists for non-integer types Date: Tue, 21 Nov 2023 18:34:16 +0100 Message-ID: <20231121173416.346610-3-kwolf@redhat.com> In-Reply-To: <20231121173416.346610-1-kwolf@redhat.com> References: <20231121173416.346610-1-kwolf@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.145.221.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1700588090566100003 Content-Type: text/plain; charset="utf-8" With the introduction of list-based array properties in qdev, the string output visitor has to deal with lists of non-integer elements now ('info qtree' prints all properties with the string output visitor). Currently there is no explicit support for such lists, and the resulting output is only the last element because string_output_set() always replaces the output with the latest value. Instead of replacing the old value, append comma separated values in list context. The difference can be observed in 'info qtree' with a 'rocker' device that has a 'ports' list with more than one element. Signed-off-by: Kevin Wolf Reviewed-by: Markus Armbruster Tested-by: Thomas Huth --- qapi/string-output-visitor.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/qapi/string-output-visitor.c b/qapi/string-output-visitor.c index 71ddc92b7b..c0cb72dbe4 100644 --- a/qapi/string-output-visitor.c +++ b/qapi/string-output-visitor.c @@ -74,11 +74,27 @@ static StringOutputVisitor *to_sov(Visitor *v) =20 static void string_output_set(StringOutputVisitor *sov, char *string) { - if (sov->string) { - g_string_free(sov->string, true); + switch (sov->list_mode) { + case LM_STARTED: + sov->list_mode =3D LM_IN_PROGRESS; + /* fall through */ + case LM_NONE: + if (sov->string) { + g_string_free(sov->string, true); + } + sov->string =3D g_string_new(string); + g_free(string); + break; + + case LM_IN_PROGRESS: + case LM_END: + g_string_append(sov->string, ", "); + g_string_append(sov->string, string); + break; + + default: + abort(); } - sov->string =3D g_string_new(string); - g_free(string); } =20 static void string_output_append(StringOutputVisitor *sov, int64_t a) --=20 2.42.0