qemu/tests
Markus Armbruster 16a4859921 json: Improve safety of qobject_from_jsonf_nofail() & friends
The JSON parser optionally supports interpolation.  This is used to
build QObjects by parsing string templates.  The templates are C
literals, so parse errors (such as invalid interpolation
specifications) are actually programming errors.  Consequently, the
functions providing parsing with interpolation
(qobject_from_jsonf_nofail(), qobject_from_vjsonf_nofail(),
qdict_from_jsonf_nofail(), qdict_from_vjsonf_nofail()) pass
&error_abort to the parser.

However, there's another, more dangerous kind of programming error:
since we use va_arg() to get the value to interpolate, behavior is
undefined when the variable argument isn't consistent with the
interpolation specification.

The same problem exists with printf()-like functions, and the solution
is to have the compiler check consistency.  This is what
GCC_FMT_ATTR() is about.

To enable this type checking for interpolation as well, we carefully
chose our interpolation specifications to match printf conversion
specifications, and decorate functions parsing templates with
GCC_FMT_ATTR().

Note that this only protects against undefined behavior due to type
errors.  It can't protect against use of invalid interpolation
specifications that happen to be valid printf conversion
specifications.

However, there's still a gaping hole in the type checking: GCC
recognizes '%' as start of printf conversion specification anywhere in
the template, but the parser recognizes it only outside JSON strings.
For instance, if someone were to pass a "{ '%s': %d }" template, GCC
would require a char * and an int argument, but the parser would
va_arg() only an int argument, resulting in undefined behavior.

Avoid undefined behavior by catching the programming error at run
time: have the parser recognize and reject '%' in JSON strings.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-57-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
..
acceptance Acceptance tests: add Linux kernel boot and console checking test 2018-06-15 16:10:11 -03:00
acpi-test-data tests/acpi: update tables after memory hotplug changes 2018-08-03 11:35:21 +03:00
data test-qga: add test for guest-get-osinfo 2017-07-18 05:49:01 -05:00
decode scripts: Add decodetree.py 2018-02-22 15:44:07 -08:00
docker tests: Allow overriding archive path with SRC_ARCHIVE 2018-08-15 10:12:35 +08:00
guest-debug python: futurize -f libfuturize.fixes.fix_print_with_import 2018-06-08 14:39:24 -03:00
hex-loader-check-data Add QTest testcase for the Intel Hexadecimal 2018-08-16 14:05:28 +01:00
image-fuzzer python: futurize -f lib2to3.fixes.fix_renames 2018-06-08 14:39:24 -03:00
keys tests: Add a test key pair 2017-09-22 10:46:25 +08:00
libqos fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
migration python: futurize -f libfuturize.fixes.fix_print_with_import 2018-06-08 14:39:24 -03:00
multiboot tests/multiboot: Add .gitignore 2018-03-21 15:13:40 +01:00
qapi-schema qapi: Fix some pycodestyle-3 complaints 2018-08-15 07:24:22 +02:00
qemu-iotests block: iotest to catch abort on forced blockjob cancel 2018-08-21 15:20:37 -04:00
rocker tests: Avoid non-portable 'echo -ARG' 2017-07-11 17:45:00 +02:00
tcg tests: add check_invalid_maps to test-mmap 2018-07-31 09:57:25 +02:00
vm tests/vm: Increase timeout waiting for VM to boot to 5 minutes 2018-08-24 11:31:28 +01:00
vmstate-static-checker-data
.gitignore tests/.gitignore: don't ignore docker tests 2018-07-24 11:45:25 +01:00
ac97-test.c
acpi-utils.c
acpi-utils.h maint: Fix macros with broken 'do/while(0); ' usage 2018-01-16 14:54:52 +01:00
ahci-test.c Testing patches for 2018-08-16 2018-08-16 09:50:54 +01:00
atomic_add-bench.c tests/atomic_add-bench: add -p to enable sync profiler 2018-08-23 18:46:25 +02:00
benchmark-crypto-cipher.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
benchmark-crypto-hash.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
benchmark-crypto-hmac.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
bios-tables-test.c nvdimm: make persistence option symbolic 2018-06-11 22:19:57 +03:00
boot-order-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
boot-sector.c tests/boot-sector: Add magic bytes to s390x boot code header 2018-06-08 13:17:39 -04:00
boot-sector.h tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
boot-serial-test.c hw/ppc: deprecate the machine type 'prep', replaced by '40p' 2018-08-21 14:28:45 +10:00
cdrom-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
check-block-qdict.c tests: fix crumple/recursive leak 2018-08-15 08:12:19 +02:00
check-block.sh
check-qdict.c qobject: Move block-specific qdict code to block-qdict.c 2018-06-15 14:49:44 +02:00
check-qjson.c json: Improve safety of qobject_from_jsonf_nofail() & friends 2018-08-24 20:26:37 +02:00
check-qlist.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qlit.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnull.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnum.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qobject.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
check-qom-interface.c
check-qom-proplist.c qapi: drop the sentinel in enum array 2017-09-04 13:09:13 +02:00
check-qstring.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
cpu-plug-test.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
crypto-tls-psk-helpers.c crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-psk-helpers.h crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-x509-helpers.c tests: call qcrypto_init instead of gnutls_global_init 2018-07-24 17:33:39 +01:00
crypto-tls-x509-helpers.h
device-introspect-test.c tests/device-introspect: Test with all machines, not only with "none" 2018-08-23 18:46:25 +02:00
display-vga-test.c
drive_del-test.c tests/drive_del-test: Fix harmless JSON interpolation bug 2018-08-24 20:26:37 +02:00
ds1338-test.c libqos: Use explicit QTestState for i2c operations 2018-02-14 11:43:41 +01:00
e1000-test.c
e1000e-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
eepro100-test.c
endianness-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
es1370-test.c
fdc-test.c libqtest: Remove qtest_qmp_discard_response() & friends 2018-08-16 08:42:06 +02:00
fw_cfg-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
hd-geo-test.c block: Remove deprecated -drive geometry options 2018-08-15 12:50:39 +02:00
hexloader-test.c Add QTest testcase for the Intel Hexadecimal 2018-08-16 14:05:28 +01:00
i440fx-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
i82801b11-test.c
ide-test.c Testing patches for 2018-08-16 2018-08-16 09:50:54 +01:00
intel-hda-test.c
io-channel-helpers.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
io-channel-helpers.h
ioh3420-test.c
iothread.c
iothread.h
ipmi-bt-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ipmi-kcs-test.c
ipoctal232-test.c
ivshmem-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
libqtest.c json: Clean up headers 2018-08-24 20:26:37 +02:00
libqtest.h test-qga: Clean up how we test QGA synchronization 2018-08-24 20:26:37 +02:00
m25p80-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
m48t59-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
machine-none-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
Makefile.include qmp-cmd-test: Split off qmp-test 2018-08-24 20:25:48 +02:00
megasas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
migration-test.c tests/migration-test: Silence the kvm_hv message by default 2018-08-23 13:32:50 +02:00
ne2000-test.c
numa-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
nvme-test.c tests: Use null-co:// instead of /dev/null as the dummy image 2017-05-11 11:08:40 +02:00
pca9552-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
pcnet-test.c
pkix_asn1_tab.c
pnv-xscom-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
prom-env-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ptimer-test-stubs.c ptimer-test: do not link to libqemustub.a/libqemuutil.a 2017-09-19 16:19:39 +02:00
ptimer-test.c ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option 2018-07-09 14:51:34 +01:00
ptimer-test.h
pvpanic-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
pxe-test.c tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
q35-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qemu-iotests-quick.sh
qht-bench.c qht: return existing entry when qht_insert fails 2018-06-15 07:42:55 -10:00
qmp-cmd-test.c qmp-cmd-test: Split off qmp-test 2018-08-24 20:25:48 +02:00
qmp-test.c json: Treat unwanted interpolation as lexical error 2018-08-24 20:26:37 +02:00
qom-test.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
rcutorture.c rcutorture: remove synchronize_rcu from readers 2018-03-12 16:12:47 +01:00
rtas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
rtc-test.c rtc-test: introduce more update tests 2017-08-01 17:27:33 +02:00
rtl8139-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
sdhci-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
socket-helpers.c sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
socket-helpers.h sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
spapr-phb-test.c
tco-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-aio-multithread.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
test-aio.c coroutine: add test-aio coroutine queue chaining test case 2018-03-27 13:05:28 +01:00
test-arm-mptimer.c
test-base64.c
test-bdrv-drain.c test-bdrv-drain: Test bdrv_append() to drained node 2018-07-10 10:36:15 +02:00
test-bitcnt.c
test-bitops.c
test-block-backend.c block: test blk_aio_flush() with blk->root == NULL 2018-03-02 18:39:07 +01:00
test-blockjob-txn.c job: Add error message for failing jobs 2018-05-30 13:31:01 +02:00
test-blockjob.c job: Add error message for failing jobs 2018-05-30 13:31:01 +02:00
test-bufferiszero.c
test-char.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
test-clone-visitor.c Eliminate qapi/qmp/types.h 2018-02-09 13:52:15 +01:00
test-coroutine.c lockable: add QemuLockable 2018-02-08 09:22:03 +08:00
test-crypto-afsplit.c
test-crypto-block.c tests: Run the luks tests in test-crypto-block only if encryption is available 2017-11-08 11:03:46 +00:00
test-crypto-cipher.c
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c
test-crypto-secret.c
test-crypto-tlscredsx509.c tests: use error_abort in places expecting errors 2018-07-24 17:35:57 +01:00
test-crypto-tlssession.c tests: fix TLS handshake failure with TLS 1.3 2018-07-24 17:36:12 +01:00
test-crypto-xts.c
test-cutils.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-filter-mirror.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-filter-redirector.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-hbitmap.c test-hbitmap: Add non-advancing iter_next tests 2018-06-18 17:04:56 +02:00
test-hmp.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c
test-io-channel-file.c io: Fix QIOChannelFile when creating and opening read-write 2018-02-15 16:54:57 +00:00
test-io-channel-socket.c sockets: pull code for testing IP availability out of specific test 2018-03-13 18:06:06 +00:00
test-io-channel-tls.c tests: use error_abort in places expecting errors 2018-07-24 17:35:57 +01:00
test-io-task.c qio: non-default context for threaded qtask 2018-03-06 10:19:05 +00:00
test-iov.c tests: Use real size for iov tests 2017-09-05 22:34:40 +02:00
test-keyval.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-logging.c
test-mul64.c
test-netfilter.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-opts-visitor.c qapi: Fix QemuOpts visitor regression on unvisited input 2017-03-22 19:24:34 +01:00
test-qapi-util.c Drop superfluous includes of qapi-types.h and test-qapi-types.h 2018-02-09 05:05:11 +01:00
test-qdev-global-props.c test-qdev-global-props: Test global property ordering 2017-07-17 15:41:30 -03:00
test-qdist.c
test-qemu-opts.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-qga.c test-qga: Clean up how we test QGA synchronization 2018-08-24 20:26:37 +02:00
test-qht-par.c
test-qht.c qht: return existing entry when qht_insert fails 2018-06-15 07:42:55 -10:00
test-qmp-cmds.c tests: change /0.15/* tests to /qmp/* 2018-08-15 07:24:22 +02:00
test-qmp-event.c glib: bump min required glib library version to 2.40 2018-06-29 12:22:28 +01:00
test-qobject-input-visitor.c test-qobject-input-visitor: Avoid format string ambiguity 2018-08-16 08:42:06 +02:00
test-qobject-output-visitor.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-rcu-list.c tests: add test-rcu-tailq 2018-08-23 18:46:25 +02:00
test-rcu-simpleq.c tests: add test-list-simpleq 2018-08-23 18:46:25 +02:00
test-rcu-tailq.c tests: add test-rcu-tailq 2018-08-23 18:46:25 +02:00
test-replication.c block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
test-shift128.c
test-string-input-visitor.c Eliminate qapi/qmp/types.h 2018-02-09 13:52:15 +01:00
test-string-output-visitor.c tests/qapi: use ARRAY_SIZE macro 2018-02-10 10:45:14 +03:00
test-thread-pool.c Remove unnecessary variables for function return value 2018-05-20 08:48:13 +03:00
test-throttle.c block: convert ThrottleGroup to object with QOM 2017-09-05 18:12:21 +02:00
test-timed-average.c
test-util-sockets.c monitor: Fix unsafe sharing of @cur_mon among threads 2018-07-23 14:00:03 +02:00
test-uuid.c util: add is_equal to UUID API 2017-12-20 22:01:24 +08:00
test-visitor-serialization.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-vmstate.c tests: don't silence error reporting for all tests 2018-07-24 17:35:23 +01:00
test-write-threshold.c
test-x86-cpuid-compat.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
test-x86-cpuid.c
test-xbzrle.c migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00
tmp105-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
tpci200-test.c
tpm-crb-swtpm-test.c test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-crb-test.c tests: Tests more flags of the CRB interface 2018-03-29 17:41:03 -04:00
tpm-emu.c tests: fix tpm-crb tpm-tis tests race 2018-05-20 08:38:38 +03:00
tpm-emu.h glib: bump min required glib library version to 2.40 2018-06-29 12:22:28 +01:00
tpm-tests.c test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-tests.h test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-tis-swtpm-test.c test: Add swtpm migration test for the TPM TIS interface 2018-06-06 15:44:12 -04:00
tpm-tis-test.c tests: add test for TPM TIS device 2018-02-21 07:24:50 -05:00
tpm-util.c tests: New helper qtest_qmp_receive_success() 2018-08-16 08:42:06 +02:00
tpm-util.h test: Add swtpm migration test for the TPM TIS interface 2018-06-06 15:44:12 -04:00
usb-hcd-ehci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-ohci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-uhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-xhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
vhost-user-bridge.c vhost-user-bridge: support host notifier 2018-05-24 21:14:11 +03:00
vhost-user-test.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
virtio-9p-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
virtio-balloon-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-blk-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-ccw-test.c tests: virtio: separate ccw tests from libqos 2018-08-23 13:32:50 +02:00
virtio-console-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-net-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-rng-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-scsi-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-serial-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmgenid-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmxnet3-test.c
wdt_ib700-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00