Hi
----- Original Message -----
> Aha, we got a different bug fix! The old code fails to fail when the
> parameter doesn't exist. Instead, it sets *obj = NULL, which seems very
> likely to crash QEMU. Let me try... yup:
>
> { "execute": "object-add",
> "arguments": { "qom-type": "memory-backend-file", "id": "foo" } }
>
> Kills QEMU with "qemu/qom/object_interfaces.c:115: user_creatable_add_type:
> Assertion `qdict' failed."
>
> Either fix this in a separate patch before this one, or cover it in this
> one's commit message. Your choice.
>
> A separate patch might be usable for qemu-stable.
It looks to me that this is a different bug.
visit_type_q_obj_object_add_arg_members() doesn't call visit_type_any() if
"props" is missing (it's optionnal).
And arg is zero'ed in qmp-marshal, and the assert() was added in
ad739706bbadee49. I am trying to fix that regression.
>
> > @@ -345,8 +379,11 @@ static void qmp_input_type_any(Visitor *v, const char
> > *name, QObject **obj,
> > static void qmp_input_type_null(Visitor *v, const char *name, Error
> > **errp)
> > {
> > QmpInputVisitor *qiv = to_qiv(v);
> > - QObject *qobj = qmp_input_get_object(qiv, name, true);
> > + QObject *qobj = qmp_input_get_object(qiv, name, true, errp);
> >
> > + if (!qobj) {
> > + return;
> > + }
> > if (qobject_type(qobj) != QTYPE_QNULL) {
> > error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name :
> > "null",
> > "null");
>
> Same bug, I think, but I don't have a reproducer handy.
>
> > @@ -356,7 +393,7 @@ static void qmp_input_type_null(Visitor *v, const char
> > *name, Error **errp)
> > static void qmp_input_optional(Visitor *v, const char *name, bool
> > *present)
> > {
> > QmpInputVisitor *qiv = to_qiv(v);
> > - QObject *qobj = qmp_input_get_object(qiv, name, false);
> > + QObject *qobj = qmp_input_get_object(qiv, name, false, NULL);
> >
> > if (!qobj) {
> > *present = false;
>
> Thanks for following my suggestion to move the "Parameter FOO is
> missing" error into qmp_input_get_object()! You fixed two crash bugs
> that way :)
>
