On 09/05/14 13:36, Eric Blake wrote:
The previous patch hoisted some bounds checks to the callers; but someone that is not aware of the hoisted check could now try passing an integer between LLONG_MAX and ULLONG_MAX. As a safety measure, add new json conversion modes that let libvirt error out early instead of pass bad numbers to qemu, if the caller ever makes a mistake due to later refactoring.
Convert the various blockjob QMP calls to use the new modes, and switch some of them to be optional (QMP has always supported an omitted "speed" the same as "speed":0, for everything except block-job-set-speed).
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw): Add 'j'/'y' and 'J'/'Y' to error out on negative input. (qemuMonitorJSONDriveMirror, qemuMonitorJSONBlockCommit) (qemuMonitorJSONBlockJob): Use it.
Signed-off-by: Eric Blake <eblake@redhat.com> ---
This should address Peter's review concerns on 5/18; I could push it either first or second (although I worded the commit message to push it second).
Either way I'm fine with it. I just wanted to make sure that we fail rather than pass garbage to qemu.
src/qemu/qemu_monitor_json.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-)
Exactly what I had in mind. ACK. Peter