qobject: qobject_from_jsonv() is dangerous, hide it away
qobject_from_jsonv() takes ownership of %p arguments. On failure, we can't generally know whether we failed before or after %p, so ownership becomes indeterminate. To avoid leaks, callers passing %p must terminate on error, e.g. by passing &error_abort. Trap for the unwary; document and give the function internal linkage. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180806065344.7103-11-armbru@redhat.com>
This commit is contained in:
parent
eac78bd430
commit
2d36e84304
@ -15,8 +15,6 @@
|
||||
#define QJSON_H
|
||||
|
||||
QObject *qobject_from_json(const char *string, Error **errp);
|
||||
QObject *qobject_from_jsonv(const char *string, va_list *ap, Error **errp)
|
||||
GCC_FMT_ATTR(1, 0);
|
||||
|
||||
QObject *qobject_from_vjsonf_nofail(const char *string, va_list ap)
|
||||
GCC_FMT_ATTR(1, 0);
|
||||
|
@ -39,7 +39,18 @@ static void parse_json(JSONMessageParser *parser, GQueue *tokens)
|
||||
s->result = json_parser_parse_err(tokens, s->ap, &s->err);
|
||||
}
|
||||
|
||||
QObject *qobject_from_jsonv(const char *string, va_list *ap, Error **errp)
|
||||
/*
|
||||
* Parse @string as JSON value.
|
||||
* If @ap is non-null, interpolate %-escapes.
|
||||
* Takes ownership of %p arguments.
|
||||
* On success, return the JSON value.
|
||||
* On failure, store an error through @errp and return NULL.
|
||||
* Ownership of %p arguments becomes indeterminate then. To avoid
|
||||
* leaks, callers passing %p must terminate on error, e.g. by passing
|
||||
* &error_abort.
|
||||
*/
|
||||
static QObject *qobject_from_jsonv(const char *string, va_list *ap,
|
||||
Error **errp)
|
||||
{
|
||||
JSONParsingState state = {};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user