On Mon, Sep 21, 2020 at 15:07:29 +0200, Tim Wiederhake wrote: The summary of the commit is misleading. This patch doesn't do any validation but rather wires in the validation code to various places without enabling it.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> ---
[...]
diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c index dea950ce68..40d8da4a8e 100644 --- a/src/conf/cpu_conf.c +++ b/src/conf/cpu_conf.c @@ -20,9 +20,11 @@
#include <config.h>
+#include "configmake.h"
This is suspicious. Why did you add this line?
#include "virerror.h" #include "viralloc.h" #include "virbuffer.h" +#include "virfile.h" #include "cpu_conf.h" #include "domain_conf.h" #include "virstring.h"
[...]
@@ -348,6 +352,22 @@ virCPUDefParseXML(xmlXPathContextPtr ctxt, return -1; }
+ if (validateXML) { + g_autofree char *schemafile = NULL; + + if (!(schemafile = virFileFindResource("cpu.rng", + abs_top_srcdir "/docs/schemas", + PKGDATADIR "/schemas"))) + return -1; + + if (virXMLValidateNodeAgainstSchema(schemafile, ctxt->doc, + ctxt->node) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("'cpu' element is not valid"));
virXMLValidateNodeAgainstSchema calls virXMLValidateAgainstSchema which calls virXMLValidatorValidate which already reports an error.
+ return -1; + } + } + def = virCPUDefNew();
if (type == VIR_CPU_TYPE_AUTO) {