On 12/6/18 1:17 PM, Markus Armbruster wrote:
> The JSON parser happily accepts duplicate object member names. The
> last value wins. Reproducer #1:
>
> $ qemu-system-x86_64 -qmp stdio
> {"QMP": {"version": {"qemu": {"micro": 93, "minor": 0, "major": 3},
> "package": "v3.1.0-rc3-7-g87a45d86ed"}, "capabilities": []}}
> {'execute':'qmp_capabilities'}
> {"return": {}}
> {'execute':'blockdev-add','arguments':{'driver':'null-co',
> 'node-name':'foo','node-name':'bar'}}
> {"return": {}}
> {'execute':'query-named-block-nodes'}
> {"return": [{ [...] "node-name": "bar" [...] }]}
>
> Reproducer #2 is iotest 229.
>
> Fix the parser to reject duplicates, and fix iotest 229 not to use
> them.
Looks like 2 different patches.
>
> Reported-by: Max Reitz <[email protected]>
> Signed-off-by: Markus Armbruster <[email protected]>
> ---
> qobject/json-parser.c | 5 +++++
> tests/qemu-iotests/229 | 1 -
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/qobject/json-parser.c b/qobject/json-parser.c
> index 5a840dfd86..a86de3f462 100644
> --- a/qobject/json-parser.c
> +++ b/qobject/json-parser.c
> @@ -288,6 +288,11 @@ static int parse_pair(JSONParserContext *ctxt, QDict
> *dict)
> goto out;
> }
>
> + if (qdict_haskey(dict, qstring_get_str(key))) {
> + parse_error(ctxt, token, "duplicate key");
> + goto out;
> + }
> +
> qdict_put_obj(dict, qstring_get_str(key), value);
>
> qobject_unref(key);
> diff --git a/tests/qemu-iotests/229 b/tests/qemu-iotests/229
> index 86602437ff..893d098ad2 100755
> --- a/tests/qemu-iotests/229
> +++ b/tests/qemu-iotests/229
> @@ -69,7 +69,6 @@ echo
> _send_qemu_cmd $QEMU_HANDLE \
> "{'execute': 'drive-mirror',
> 'arguments': {'device': 'testdisk',
> - 'mode': 'absolute-paths',
> 'format': '$IMGFMT',
> 'target': '$DEST_IMG',
> 'sync': 'full',
>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
