From patchwork Thu Apr 24 14:15:58 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kirill Batuzov <batuzovk@ispras.ru>
X-Patchwork-Id: 342619
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id C90E61400D4
	for <incoming@patchwork.ozlabs.org>;
	Fri, 25 Apr 2014 13:23:57 +1000 (EST)
Received: from localhost ([::1]:53631 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1WdVWL-0000nN-EM
	for incoming@patchwork.ozlabs.org; Thu, 24 Apr 2014 22:05:45 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47906)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <batuzovk@ispras.ru>) id 1WdUk5-0002cw-5C
	for qemu-devel@nongnu.org; Thu, 24 Apr 2014 21:16:58 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <batuzovk@ispras.ru>) id 1WdKRm-0007ys-63
	for qemu-devel@nongnu.org; Thu, 24 Apr 2014 10:16:25 -0400
Received: from smtp.ispras.ru ([83.149.199.79]:35108)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <batuzovk@ispras.ru>) id 1WdKRl-0007jr-QF
	for qemu-devel@nongnu.org; Thu, 24 Apr 2014 10:16:18 -0400
Received: from bulbul.intra.ispras.ru (unknown [83.149.199.91])
	by smtp.ispras.ru (Postfix) with ESMTP id BE721224AE;
	Thu, 24 Apr 2014 18:16:05 +0400 (MSK)
From: Kirill Batuzov <batuzovk@ispras.ru>
To: qemu-devel@nongnu.org
Date: Thu, 24 Apr 2014 18:15:58 +0400
Message-Id: <1398348959-23048-4-git-send-email-batuzovk@ispras.ru>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1398348959-23048-1-git-send-email-batuzovk@ispras.ru>
References: <1398348959-23048-1-git-send-email-batuzovk@ispras.ru>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 83.149.199.79
Cc: Gerd Hoffmann <kraxel@redhat.com>,
	=?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>,
	Kirill Batuzov <batuzovk@ispras.ru>
Subject: [Qemu-devel] [PATCH v2 3/4] console: Abort on property access errors
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

All defined properties of QemuConsole are mandatory and no access to them
should fail. Nevertheless not checking returned errors is bad because in case
of unexpected failure it will hide the bug and cause a memory leak.

Abort in case of unexpected property access errors. This change exposed a bug
where an attempt was made to write to a read-only property "head".

Set "head" property's value at creation time and do not attempt to change it
later. This fixes the bug mentioned above.

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
---
 ui/console.c |   30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

v1 -> v2:
 Use &error_abort instead of silently ignoring errors.
 Properly initialize property "head".

diff --git a/ui/console.c b/ui/console.c
index e057755..bc6ad99 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -1167,9 +1167,9 @@ static void text_console_update(void *opaque, console_ch_t *chardata)
     }
 }
 
-static QemuConsole *new_console(DisplayState *ds, console_type_t console_type)
+static QemuConsole *new_console(DisplayState *ds, console_type_t console_type,
+                                uint32_t head)
 {
-    Error *local_err = NULL;
     Object *obj;
     QemuConsole *s;
     int i;
@@ -1179,13 +1179,14 @@ static QemuConsole *new_console(DisplayState *ds, console_type_t console_type)
 
     obj = object_new(TYPE_QEMU_CONSOLE);
     s = QEMU_CONSOLE(obj);
+    s->head = head;
     object_property_add_link(obj, "device", TYPE_DEVICE,
                              (Object **)&s->device,
                              object_property_allow_set_link,
                              OBJ_PROP_LINK_UNREF_ON_RELEASE,
-                             &local_err);
+                             &error_abort);
     object_property_add_uint32_ptr(obj, "head",
-                                   &s->head, &local_err);
+                                   &s->head, &error_abort);
 
     if (!active_console || ((active_console->console_type != GRAPHIC_CONSOLE) &&
         (console_type == GRAPHIC_CONSOLE))) {
@@ -1560,7 +1561,6 @@ static DisplayState *get_alloc_displaystate(void)
  */
 DisplayState *init_displaystate(void)
 {
-    Error *local_err = NULL;
     gchar *name;
     int i;
 
@@ -1579,7 +1579,7 @@ DisplayState *init_displaystate(void)
          * doesn't change any more */
         name = g_strdup_printf("console[%d]", i);
         object_property_add_child(container_get(object_get_root(), "/backend"),
-                                  name, OBJECT(consoles[i]), &local_err);
+                                  name, OBJECT(consoles[i]), &error_abort);
         g_free(name);
     }
 
@@ -1590,7 +1590,6 @@ QemuConsole *graphic_console_init(DeviceState *dev, uint32_t head,
                                   const GraphicHwOps *hw_ops,
                                   void *opaque)
 {
-    Error *local_err = NULL;
     int width = 640;
     int height = 480;
     QemuConsole *s;
@@ -1598,14 +1597,12 @@ QemuConsole *graphic_console_init(DeviceState *dev, uint32_t head,
 
     ds = get_alloc_displaystate();
     trace_console_gfx_new();
-    s = new_console(ds, GRAPHIC_CONSOLE);
+    s = new_console(ds, GRAPHIC_CONSOLE, head);
     s->hw_ops = hw_ops;
     s->hw = opaque;
     if (dev) {
-        object_property_set_link(OBJECT(s), OBJECT(dev),
-                                 "device", &local_err);
-        object_property_set_int(OBJECT(s), head,
-                                "head", &local_err);
+        object_property_set_link(OBJECT(s), OBJECT(dev), "device",
+                                 &error_abort);
     }
 
     s->surface = qemu_create_displaysurface(width, height);
@@ -1622,7 +1619,6 @@ QemuConsole *qemu_console_lookup_by_index(unsigned int index)
 
 QemuConsole *qemu_console_lookup_by_device(DeviceState *dev, uint32_t head)
 {
-    Error *local_err = NULL;
     Object *obj;
     uint32_t h;
     int i;
@@ -1632,12 +1628,12 @@ QemuConsole *qemu_console_lookup_by_device(DeviceState *dev, uint32_t head)
             continue;
         }
         obj = object_property_get_link(OBJECT(consoles[i]),
-                                       "device", &local_err);
+                                       "device", &error_abort);
         if (DEVICE(obj) != dev) {
             continue;
         }
         h = object_property_get_int(OBJECT(consoles[i]),
-                                    "head", &local_err);
+                                    "head", &error_abort);
         if (h != head) {
             continue;
         }
@@ -1811,9 +1807,9 @@ static CharDriverState *text_console_init(ChardevVC *vc)
 
     trace_console_txt_new(width, height);
     if (width == 0 || height == 0) {
-        s = new_console(NULL, TEXT_CONSOLE);
+        s = new_console(NULL, TEXT_CONSOLE, 0);
     } else {
-        s = new_console(NULL, TEXT_CONSOLE_FIXED_SIZE);
+        s = new_console(NULL, TEXT_CONSOLE_FIXED_SIZE, 0);
         s->surface = qemu_create_displaysurface(width, height);
     }