[libvirt] [PATCH] qemu: monitor: Fix type of holdtime argument in qemuMonitorJSONSendKey

Peter Krempa pkrempa at redhat.com
Tue Jun 3 09:37:45 UTC 2014 

qemuMonitorJSONSendKey declares the "holdtime" argument as unsigned int
while the command was constructed in qemuMonitorJSONMakeCommand using
the "P" modifier which took a unsigned long from the variable
arguments which then made it possible to access uninitialized memory.

This broke the qemumonitorjsontest on 32bit fedora 20:
64) qemuMonitorJSONSendKey
... libvirt: QEMU Driver error : internal error: unsupported data type 'W' for arg 'WVSƒì ‹D$0è‘wÿÿÃAå' FAILED

Uncovered by upstream commit f744b831c66d9e82453f7a96cab5eddf7570c253.

Additionally add test for the hold-time option.
---
 src/qemu/qemu_monitor_json.c |  2 +-
 tests/qemumonitorjsontest.c  | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 0c44b11..bedd959 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -3610,7 +3610,7 @@ int qemuMonitorJSONSendKey(qemuMonitorPtr mon,

     cmd = qemuMonitorJSONMakeCommand("send-key",
                                      "a:keys", keys,
-                                     "P:hold-time", holdtime,
+                                     "p:hold-time", holdtime,
                                      NULL);
     if (!cmd)
         goto cleanup;
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index 47d7481..2099dc8 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -1960,6 +1960,38 @@ testQemuMonitorJSONqemuMonitorJSONSendKey(const void *data)
 }

 static int
+testQemuMonitorJSONqemuMonitorJSONSendKeyHoldtime(const void *data)
+{
+    virDomainXMLOptionPtr xmlopt = (virDomainXMLOptionPtr)data;
+    qemuMonitorTestPtr test = qemuMonitorTestNewSimple(true, xmlopt);
+    int ret = -1;
+    unsigned int keycodes[] = {43, 26, 46, 32};
+
+    if (!test)
+        return -1;
+
+    if (qemuMonitorTestAddItemParams(test, "send-key",
+                                     "{\"return\":{}}",
+                                     "hold-time", "31337",
+                                     "keys", "[{\"type\":\"number\",\"data\":43},"
+                                              "{\"type\":\"number\",\"data\":26},"
+                                              "{\"type\":\"number\",\"data\":46},"
+                                              "{\"type\":\"number\",\"data\":32}]",
+                                     NULL, NULL) < 0)
+        goto cleanup;
+
+    if (qemuMonitorJSONSendKey(qemuMonitorTestGetMonitor(test),
+                               31337, keycodes,
+                               ARRAY_CARDINALITY(keycodes)) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    qemuMonitorTestFree(test);
+    return ret;
+}
+
+static int
 testQemuMonitorJSONqemuMonitorJSONGetDumpGuestMemoryCapability(const void *data)
 {
     virDomainXMLOptionPtr xmlopt = (virDomainXMLOptionPtr)data;
@@ -2230,6 +2262,7 @@ mymain(void)
     DO_TEST(qemuMonitorJSONGetVirtType);
     DO_TEST(qemuMonitorJSONSendKey);
     DO_TEST(qemuMonitorJSONGetDumpGuestMemoryCapability);
+    DO_TEST(qemuMonitorJSONSendKeyHoldtime);

     DO_TEST_CPU_DATA("host");
     DO_TEST_CPU_DATA("full");
-- 
1.9.3

More information about the libvir-list mailing list