From: Max Reitz <mreitz@redhat.com>
To: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: [PULL 02/19] block/rbd: Add an escape-aware strchr helper
Date: Fri, 14 May 2021 18:44:57 +0200 [thread overview]
Message-ID: <20210514164514.1057680-3-mreitz@redhat.com> (raw)
In-Reply-To: <20210514164514.1057680-1-mreitz@redhat.com>
From: Connor Kuehl <ckuehl@redhat.com>
Sometimes the parser needs to further split a token it has collected
from the token input stream. Right now, it does a cursory check to see
if the relevant characters appear in the token to determine if it should
break it down further.
However, qemu_rbd_next_tok() will escape characters as it removes tokens
from the token stream and plain strchr() won't. This can make the
initial strchr() check slightly misleading since it implies
qemu_rbd_next_tok() will find the token and split on it, except the
reality is that qemu_rbd_next_tok() will pass over it if it is escaped.
Use a custom strchr to avoid mixing escaped and unescaped string
operations. Furthermore, this code is identical to how
qemu_rbd_next_tok() seeks its next token, so incorporate this custom
strchr into the body of that function to reduce duplication.
Reported-by: Han Han <hhan@redhat.com>
Fixes: https://bugzilla.redhat.com/1873913
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Message-Id: <20210421212343.85524-3-ckuehl@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
block/rbd.c | 32 +++++++++++++++++++++-----------
tests/qemu-iotests/231 | 4 ++++
tests/qemu-iotests/231.out | 3 +++
3 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index f098a89c7b..26f64cce7c 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -113,21 +113,31 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
const char *keypairs, const char *secretid,
Error **errp);
+static char *qemu_rbd_strchr(char *src, char delim)
+{
+ char *p;
+
+ for (p = src; *p; ++p) {
+ if (*p == delim) {
+ return p;
+ }
+ if (*p == '\\' && p[1] != '\0') {
+ ++p;
+ }
+ }
+
+ return NULL;
+}
+
+
static char *qemu_rbd_next_tok(char *src, char delim, char **p)
{
char *end;
*p = NULL;
- for (end = src; *end; ++end) {
- if (*end == delim) {
- break;
- }
- if (*end == '\\' && end[1] != '\0') {
- end++;
- }
- }
- if (*end == delim) {
+ end = qemu_rbd_strchr(src, delim);
+ if (end) {
*p = end + 1;
*end = '\0';
}
@@ -171,7 +181,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options,
qemu_rbd_unescape(found_str);
qdict_put_str(options, "pool", found_str);
- if (strchr(p, '@')) {
+ if (qemu_rbd_strchr(p, '@')) {
image_name = qemu_rbd_next_tok(p, '@', &p);
found_str = qemu_rbd_next_tok(p, ':', &p);
@@ -181,7 +191,7 @@ static void qemu_rbd_parse_filename(const char *filename, QDict *options,
image_name = qemu_rbd_next_tok(p, ':', &p);
}
/* Check for namespace in the image_name */
- if (strchr(image_name, '/')) {
+ if (qemu_rbd_strchr(image_name, '/')) {
found_str = qemu_rbd_next_tok(image_name, '/', &image_name);
qemu_rbd_unescape(found_str);
qdict_put_str(options, "namespace", found_str);
diff --git a/tests/qemu-iotests/231 b/tests/qemu-iotests/231
index 0f66d0ca36..8e6c6447c1 100755
--- a/tests/qemu-iotests/231
+++ b/tests/qemu-iotests/231
@@ -55,6 +55,10 @@ _filter_conf()
$QEMU_IMG info "json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=${BOGUS_CONF}'}" 2>&1 | _filter_conf
$QEMU_IMG info "json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'${BOGUS_CONF}'}" 2>&1 | _filter_conf
+# Regression test: the qemu-img invocation is expected to fail, but it should
+# not seg fault the parser.
+$QEMU_IMG create "rbd:rbd/aa\/bb:conf=${BOGUS_CONF}" 1M 2>&1 | _filter_conf
+
# success, all done
echo "*** done"
rm -f $seq.full
diff --git a/tests/qemu-iotests/231.out b/tests/qemu-iotests/231.out
index 747dd221bb..a785a6e859 100644
--- a/tests/qemu-iotests/231.out
+++ b/tests/qemu-iotests/231.out
@@ -4,4 +4,7 @@ unable to get monitor info from DNS SRV with service name: ceph-mon
qemu-img: Could not open 'json:{'file.driver':'rbd','file.filename':'rbd:rbd/bogus:conf=BOGUS_CONF'}': error connecting: No such file or directory
unable to get monitor info from DNS SRV with service name: ceph-mon
qemu-img: Could not open 'json:{'file.driver':'rbd','file.pool':'rbd','file.image':'bogus','file.conf':'BOGUS_CONF'}': error connecting: No such file or directory
+Formatting 'rbd:rbd/aa\/bb:conf=BOGUS_CONF', fmt=raw size=1048576
+unable to get monitor info from DNS SRV with service name: ceph-mon
+qemu-img: rbd:rbd/aa\/bb:conf=BOGUS_CONF: error connecting: No such file or directory
*** done
--
2.31.1
next prev parent reply other threads:[~2021-05-14 16:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 16:44 [PULL 00/19] Block patches Max Reitz
2021-05-14 16:44 ` [PULL 01/19] iotests/231: Update expected deprecation message Max Reitz
2021-05-14 16:44 ` Max Reitz [this message]
2021-05-14 16:44 ` [PULL 03/19] monitor: hmp_qemu_io: acquire aio contex, fix crash Max Reitz
2021-05-20 13:44 ` Peter Maydell
2021-05-20 13:51 ` Max Reitz
2021-05-14 16:44 ` [PULL 04/19] mirror: stop cancelling in-flight requests on non-force cancel in READY Max Reitz
2021-05-14 16:45 ` [PULL 05/19] qemu-iotests: do not buffer the test output Max Reitz
2021-05-14 16:45 ` [PULL 06/19] qemu-iotests: allow passing unittest.main arguments to the test scripts Max Reitz
2021-05-14 16:45 ` [PULL 07/19] qemu-iotests: move command line and environment handling from TestRunner to TestEnv Max Reitz
2021-05-14 16:45 ` [PULL 08/19] qemu-iotests: let "check" spawn an arbitrary test command Max Reitz
2021-05-14 16:45 ` [PULL 09/19] qemu-iotests: fix case of SOCK_DIR already in the environment Max Reitz
2021-05-14 16:45 ` [PULL 10/19] Document qemu-img options data_file and data_file_raw Max Reitz
2021-05-14 16:45 ` [PULL 11/19] block/copy-on-read: use bdrv_drop_filter() and drop s->active Max Reitz
2021-05-14 16:45 ` [PULL 12/19] qemu-iotests: fix pylint 2.8 consider-using-with error Max Reitz
2021-05-14 16:45 ` [PULL 13/19] block/write-threshold: don't use write notifiers Max Reitz
2021-05-14 16:45 ` [PULL 14/19] block: drop " Max Reitz
2021-05-14 16:45 ` [PULL 15/19] test-write-threshold: rewrite test_threshold_(not_)trigger tests Max Reitz
2021-05-14 16:45 ` [PULL 16/19] block/write-threshold: drop extra APIs Max Reitz
2021-05-14 16:45 ` [PULL 17/19] test-write-threshold: drop extra tests Max Reitz
2021-05-14 16:45 ` [PULL 18/19] test-write-threshold: drop extra TestStruct structure Max Reitz
2021-05-14 16:45 ` [PULL 19/19] write-threshold: deal with includes Max Reitz
2021-05-17 12:56 ` [PULL 00/19] Block patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210514164514.1057680-3-mreitz@redhat.com \
--to=mreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).