vbatts
/
grub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
grub/grub-core/lib/json/json.c

268 lines
5.9 KiB
C
Raw Normal View History

json: Import upstream jsmn-1.1.0 The upcoming support for LUKS2 encryption will require a JSON parser to decode all parameters required for decryption of a drive. As there is currently no other tool that requires JSON, and as gnulib does not provide a parser, we need to introduce a new one into the code base. The backend for the JSON implementation is going to be the jsmn library [1]. It has several benefits that make it a very good fit for inclusion in GRUB: - It is licensed under MIT. - It is written in C89. - It has no dependencies, not even libc. - It is small with only about 500 lines of code. - It doesn't do any dynamic memory allocation. - It is testen on x86, amd64, ARM and AVR. The library itself comes as a single header, only, that contains both declarations and definitions. The exposed interface is kind of simplistic, though, and does not provide any convenience features whatsoever. Thus there will be a separate interface provided by GRUB around this parser that is going to be implemented in the following commit. This change only imports jsmn.h from tag v1.1.0 and adds it unmodified to a new json module with the following command: curl -L https://raw.githubusercontent.com/zserge/jsmn/v1.1.0/jsmn.h \ -o grub-core/lib/json/jsmn.h Upstream jsmn commit hash: fdcef3ebf886fa210d14956d3c068a653e76a24e Upstream jsmn commit name: Modernize (#149), 2019-04-20 [1]: https://github.com/zserge/jsmn Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:34 +00:00
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2019 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/dl.h>
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
#include <grub/mm.h>
json: Import upstream jsmn-1.1.0 The upcoming support for LUKS2 encryption will require a JSON parser to decode all parameters required for decryption of a drive. As there is currently no other tool that requires JSON, and as gnulib does not provide a parser, we need to introduce a new one into the code base. The backend for the JSON implementation is going to be the jsmn library [1]. It has several benefits that make it a very good fit for inclusion in GRUB: - It is licensed under MIT. - It is written in C89. - It has no dependencies, not even libc. - It is small with only about 500 lines of code. - It doesn't do any dynamic memory allocation. - It is testen on x86, amd64, ARM and AVR. The library itself comes as a single header, only, that contains both declarations and definitions. The exposed interface is kind of simplistic, though, and does not provide any convenience features whatsoever. Thus there will be a separate interface provided by GRUB around this parser that is going to be implemented in the following commit. This change only imports jsmn.h from tag v1.1.0 and adds it unmodified to a new json module with the following command: curl -L https://raw.githubusercontent.com/zserge/jsmn/v1.1.0/jsmn.h \ -o grub-core/lib/json/jsmn.h Upstream jsmn commit hash: fdcef3ebf886fa210d14956d3c068a653e76a24e Upstream jsmn commit name: Modernize (#149), 2019-04-20 [1]: https://github.com/zserge/jsmn Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:34 +00:00
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
#define JSMN_STATIC
json: Import upstream jsmn-1.1.0 The upcoming support for LUKS2 encryption will require a JSON parser to decode all parameters required for decryption of a drive. As there is currently no other tool that requires JSON, and as gnulib does not provide a parser, we need to introduce a new one into the code base. The backend for the JSON implementation is going to be the jsmn library [1]. It has several benefits that make it a very good fit for inclusion in GRUB: - It is licensed under MIT. - It is written in C89. - It has no dependencies, not even libc. - It is small with only about 500 lines of code. - It doesn't do any dynamic memory allocation. - It is testen on x86, amd64, ARM and AVR. The library itself comes as a single header, only, that contains both declarations and definitions. The exposed interface is kind of simplistic, though, and does not provide any convenience features whatsoever. Thus there will be a separate interface provided by GRUB around this parser that is going to be implemented in the following commit. This change only imports jsmn.h from tag v1.1.0 and adds it unmodified to a new json module with the following command: curl -L https://raw.githubusercontent.com/zserge/jsmn/v1.1.0/jsmn.h \ -o grub-core/lib/json/jsmn.h Upstream jsmn commit hash: fdcef3ebf886fa210d14956d3c068a653e76a24e Upstream jsmn commit name: Modernize (#149), 2019-04-20 [1]: https://github.com/zserge/jsmn Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:34 +00:00
#include "jsmn.h"
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
#include "json.h"
json: Import upstream jsmn-1.1.0 The upcoming support for LUKS2 encryption will require a JSON parser to decode all parameters required for decryption of a drive. As there is currently no other tool that requires JSON, and as gnulib does not provide a parser, we need to introduce a new one into the code base. The backend for the JSON implementation is going to be the jsmn library [1]. It has several benefits that make it a very good fit for inclusion in GRUB: - It is licensed under MIT. - It is written in C89. - It has no dependencies, not even libc. - It is small with only about 500 lines of code. - It doesn't do any dynamic memory allocation. - It is testen on x86, amd64, ARM and AVR. The library itself comes as a single header, only, that contains both declarations and definitions. The exposed interface is kind of simplistic, though, and does not provide any convenience features whatsoever. Thus there will be a separate interface provided by GRUB around this parser that is going to be implemented in the following commit. This change only imports jsmn.h from tag v1.1.0 and adds it unmodified to a new json module with the following command: curl -L https://raw.githubusercontent.com/zserge/jsmn/v1.1.0/jsmn.h \ -o grub-core/lib/json/jsmn.h Upstream jsmn commit hash: fdcef3ebf886fa210d14956d3c068a653e76a24e Upstream jsmn commit name: Modernize (#149), 2019-04-20 [1]: https://github.com/zserge/jsmn Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:34 +00:00
GRUB_MOD_LICENSE ("GPLv3");
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
grub_err_t
grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len)
{
grub_json_t *json = NULL;
jsmn_parser parser;
grub_err_t ret = GRUB_ERR_NONE;
int jsmn_ret;
if (!string)
return GRUB_ERR_BAD_ARGUMENT;
json = grub_zalloc (sizeof (*json));
if (!json)
return GRUB_ERR_OUT_OF_MEMORY;
json->string = string;
/*
* Parse the string twice: first to determine how many tokens
* we need to allocate, second to fill allocated tokens.
*/
jsmn_init (&parser);
jsmn_ret = jsmn_parse (&parser, string, string_len, NULL, 0);
if (jsmn_ret <= 0)
{
ret = GRUB_ERR_BAD_ARGUMENT;
goto err;
}
calloc: Use calloc() at most places This modifies most of the places we do some form of: X = malloc(Y * Z); to use calloc(Y, Z) instead. Among other issues, this fixes: - allocation of integer overflow in grub_png_decode_image_header() reported by Chris Coulson, - allocation of integer overflow in luks_recover_key() reported by Chris Coulson, - allocation of integer overflow in grub_lvm_detect() reported by Chris Coulson. Fixes: CVE-2020-14308 Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-06-15 16:26:01 +00:00
json->tokens = grub_calloc (jsmn_ret, sizeof (jsmntok_t));
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
if (!json->tokens)
{
ret = GRUB_ERR_OUT_OF_MEMORY;
goto err;
}
jsmn_init (&parser);
jsmn_ret = jsmn_parse (&parser, string, string_len, json->tokens, jsmn_ret);
if (jsmn_ret <= 0)
{
ret = GRUB_ERR_BAD_ARGUMENT;
goto err;
}
*out = json;
err:
if (ret && json)
{
grub_free (json->string);
grub_free (json->tokens);
grub_free (json);
}
return ret;
}
void
grub_json_free (grub_json_t *json)
{
if (json)
{
grub_free (json->tokens);
grub_free (json);
}
}
grub_err_t
grub_json_getsize (grub_size_t *out, const grub_json_t *json)
{
int size;
json: Get rid of casts for "jsmntok_t" With the upstream change having landed that adds a name to the previously anonymous "jsmntok" typedef, we can now add a forward declaration for that struct in our code. As a result, we no longer have to store the "tokens" member of "struct grub_json" as a void pointer but can instead use the forward declaration, allowing us to get rid of casts of that field. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-16 10:20:15 +00:00
size = json->tokens[json->idx].size;
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
if (size < 0)
return GRUB_ERR_OUT_OF_RANGE;
*out = (grub_size_t) size;
return GRUB_ERR_NONE;
}
grub_err_t
grub_json_gettype (grub_json_type_t *out, const grub_json_t *json)
{
json: Get rid of casts for "jsmntok_t" With the upstream change having landed that adds a name to the previously anonymous "jsmntok" typedef, we can now add a forward declaration for that struct in our code. As a result, we no longer have to store the "tokens" member of "struct grub_json" as a void pointer but can instead use the forward declaration, allowing us to get rid of casts of that field. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-16 10:20:15 +00:00
switch (json->tokens[json->idx].type)
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
{
case JSMN_OBJECT:
*out = GRUB_JSON_OBJECT;
break;
case JSMN_ARRAY:
*out = GRUB_JSON_ARRAY;
break;
case JSMN_STRING:
*out = GRUB_JSON_STRING;
break;
case JSMN_PRIMITIVE:
*out = GRUB_JSON_PRIMITIVE;
break;
default:
return GRUB_ERR_BAD_ARGUMENT;
}
return GRUB_ERR_NONE;
}
grub_err_t
grub_json_getchild (grub_json_t *out, const grub_json_t *parent, grub_size_t n)
{
grub_size_t offset = 1, size;
jsmntok_t *p;
if (grub_json_getsize (&size, parent) || n >= size)
return GRUB_ERR_OUT_OF_RANGE;
/*
* Skip the first n children. For each of the children, we need
* to skip their own potential children (e.g. if it's an
* array), as well. We thus add the children's size to n on
* each iteration.
*/
json: Get rid of casts for "jsmntok_t" With the upstream change having landed that adds a name to the previously anonymous "jsmntok" typedef, we can now add a forward declaration for that struct in our code. As a result, we no longer have to store the "tokens" member of "struct grub_json" as a void pointer but can instead use the forward declaration, allowing us to get rid of casts of that field. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-16 10:20:15 +00:00
p = &parent->tokens[parent->idx];
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
while (n--)
n += p[offset++].size;
out->string = parent->string;
out->tokens = parent->tokens;
out->idx = parent->idx + offset;
return GRUB_ERR_NONE;
}
grub_err_t
grub_json_getvalue (grub_json_t *out, const grub_json_t *parent, const char *key)
{
grub_json_type_t type;
grub_size_t i, size;
if (grub_json_gettype (&type, parent) || type != GRUB_JSON_OBJECT)
return GRUB_ERR_BAD_ARGUMENT;
if (grub_json_getsize (&size, parent))
return GRUB_ERR_BAD_ARGUMENT;
for (i = 0; i < size; i++)
{
grub_json_t child;
const char *s;
if (grub_json_getchild (&child, parent, i) ||
grub_json_getstring (&s, &child, NULL) ||
grub_strcmp (s, key) != 0)
continue;
return grub_json_getchild (out, &child, 0);
}
return GRUB_ERR_FILE_NOT_FOUND;
}
static grub_err_t
get_value (grub_json_type_t *out_type, const char **out_string, const grub_json_t *parent, const char *key)
{
const grub_json_t *p = parent;
grub_json_t child;
grub_err_t ret;
jsmntok_t *tok;
if (key)
{
ret = grub_json_getvalue (&child, parent, key);
if (ret)
return ret;
p = &child;
}
json: Get rid of casts for "jsmntok_t" With the upstream change having landed that adds a name to the previously anonymous "jsmntok" typedef, we can now add a forward declaration for that struct in our code. As a result, we no longer have to store the "tokens" member of "struct grub_json" as a void pointer but can instead use the forward declaration, allowing us to get rid of casts of that field. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-04-16 10:20:15 +00:00
tok = &p->tokens[p->idx];
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
p->string[tok->end] = '\0';
*out_string = p->string + tok->start;
return grub_json_gettype (out_type, p);
}
grub_err_t
grub_json_getstring (const char **out, const grub_json_t *parent, const char *key)
{
grub_json_type_t type;
const char *value;
grub_err_t ret;
ret = get_value (&type, &value, parent, key);
if (ret)
return ret;
if (type != GRUB_JSON_STRING)
return GRUB_ERR_BAD_ARGUMENT;
*out = value;
return GRUB_ERR_NONE;
}
grub_err_t
grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key)
{
grub_json_type_t type;
const char *value;
misc: Make grub_strtol() "end" pointers have safer const qualifiers Currently the string functions grub_strtol(), grub_strtoul(), and grub_strtoull() don't declare the "end" pointer in such a way as to require the pointer itself or the character array to be immutable to the implementation, nor does the C standard do so in its similar functions, though it does require us not to change any of it. The typical declarations of these functions follow this pattern: long strtol(const char * restrict nptr, char ** restrict endptr, int base); Much of the reason for this is historic, and a discussion of that follows below, after the explanation of this change. (GRUB currently does not include the "restrict" qualifiers, and we name the arguments a bit differently.) The implementation is semantically required to treat the character array as immutable, but such accidental modifications aren't stopped by the compiler, and the semantics for both the callers and the implementation of these functions are sometimes also helped by adding that requirement. This patch changes these declarations to follow this pattern instead: long strtol(const char * restrict nptr, const char ** const restrict endptr, int base); This means that if any modification to these functions accidentally introduces either an errant modification to the underlying character array, or an accidental assignment to endptr rather than *endptr, the compiler should generate an error. (The two uses of "restrict" in this case basically mean strtol() isn't allowed to modify the character array by going through *endptr, and endptr isn't allowed to point inside the array.) It also means the typical use case changes to: char *s = ...; const char *end; long l; l = strtol(s, &end, 10); Or even: const char *p = str; while (p && *p) { long l = strtol(p, &p, 10); ... } This fixes 26 places where we discard our attempts at treating the data safely by doing: const char *p = str; long l; l = strtol(p, (char **)&ptr, 10); It also adds 5 places where we do: char *p = str; while (p && *p) { long l = strtol(p, (const char ** const)&p, 10); ... /* more calls that need p not to be pointer-to-const */ } While moderately distasteful, this is a better problem to have. With one minor exception, I have tested that all of this compiles without relevant warnings or errors, and that /much/ of it behaves correctly, with gcc 9 using 'gcc -W -Wall -Wextra'. The one exception is the changes in grub-core/osdep/aros/hostdisk.c , which I have no idea how to build. Because the C standard defined type-qualifiers in a way that can be confusing, in the past there's been a slow but fairly regular stream of churn within our patches, which add and remove the const qualifier in many of the users of these functions. This change should help avoid that in the future, and in order to help ensure this, I've added an explanation in misc.h so that when someone does get a compiler warning about a type error, they have the fix at hand. The reason we don't have "const" in these calls in the standard is purely anachronistic: C78 (de facto) did not have type qualifiers in the syntax, and the "const" type qualifier was added for C89 (I think; it may have been later). strtol() appears to date from 4.3BSD in 1986, which means it could not be added to those functions in the standard without breaking compatibility, which is usually avoided. The syntax chosen for type qualifiers is what has led to the churn regarding usage of const, and is especially confusing on string functions due to the lack of a string type. Quoting from C99, the syntax is: declarator: pointer[opt] direct-declarator direct-declarator: identifier ( declarator ) direct-declarator [ type-qualifier-list[opt] assignment-expression[opt] ] ... direct-declarator [ type-qualifier-list[opt] * ] ... pointer: * type-qualifier-list[opt] * type-qualifier-list[opt] pointer type-qualifier-list: type-qualifier type-qualifier-list type-qualifier ... type-qualifier: const restrict volatile So the examples go like: const char foo; // immutable object const char *foo; // mutable pointer to object char * const foo; // immutable pointer to mutable object const char * const foo; // immutable pointer to immutable object const char const * const foo; // XXX extra const keyword in the middle const char * const * const foo; // immutable pointer to immutable // pointer to immutable object const char ** const foo; // immutable pointer to mutable pointer // to immutable object Making const left-associative for * and right-associative for everything else may not have been the best choice ever, but here we are, and the inevitable result is people using trying to use const (as they should!), putting it at the wrong place, fighting with the compiler for a bit, and then either removing it or typecasting something in a bad way. I won't go into describing restrict, but its syntax has exactly the same issue as with const. Anyway, the last example above actually represents the *behavior* that's required of strtol()-like functions, so that's our choice for the "end" pointer. Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-21 21:39:33 +00:00
const char *end;
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
grub_err_t ret;
ret = get_value (&type, &value, parent, key);
if (ret)
return ret;
if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
return GRUB_ERR_BAD_ARGUMENT;
grub_errno = GRUB_ERR_NONE;
*out = grub_strtoul (value, &end, 10);
if (grub_errno != GRUB_ERR_NONE || *end)
return GRUB_ERR_BAD_NUMBER;
return GRUB_ERR_NONE;
}
grub_err_t
grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key)
{
grub_json_type_t type;
const char *value;
misc: Make grub_strtol() "end" pointers have safer const qualifiers Currently the string functions grub_strtol(), grub_strtoul(), and grub_strtoull() don't declare the "end" pointer in such a way as to require the pointer itself or the character array to be immutable to the implementation, nor does the C standard do so in its similar functions, though it does require us not to change any of it. The typical declarations of these functions follow this pattern: long strtol(const char * restrict nptr, char ** restrict endptr, int base); Much of the reason for this is historic, and a discussion of that follows below, after the explanation of this change. (GRUB currently does not include the "restrict" qualifiers, and we name the arguments a bit differently.) The implementation is semantically required to treat the character array as immutable, but such accidental modifications aren't stopped by the compiler, and the semantics for both the callers and the implementation of these functions are sometimes also helped by adding that requirement. This patch changes these declarations to follow this pattern instead: long strtol(const char * restrict nptr, const char ** const restrict endptr, int base); This means that if any modification to these functions accidentally introduces either an errant modification to the underlying character array, or an accidental assignment to endptr rather than *endptr, the compiler should generate an error. (The two uses of "restrict" in this case basically mean strtol() isn't allowed to modify the character array by going through *endptr, and endptr isn't allowed to point inside the array.) It also means the typical use case changes to: char *s = ...; const char *end; long l; l = strtol(s, &end, 10); Or even: const char *p = str; while (p && *p) { long l = strtol(p, &p, 10); ... } This fixes 26 places where we discard our attempts at treating the data safely by doing: const char *p = str; long l; l = strtol(p, (char **)&ptr, 10); It also adds 5 places where we do: char *p = str; while (p && *p) { long l = strtol(p, (const char ** const)&p, 10); ... /* more calls that need p not to be pointer-to-const */ } While moderately distasteful, this is a better problem to have. With one minor exception, I have tested that all of this compiles without relevant warnings or errors, and that /much/ of it behaves correctly, with gcc 9 using 'gcc -W -Wall -Wextra'. The one exception is the changes in grub-core/osdep/aros/hostdisk.c , which I have no idea how to build. Because the C standard defined type-qualifiers in a way that can be confusing, in the past there's been a slow but fairly regular stream of churn within our patches, which add and remove the const qualifier in many of the users of these functions. This change should help avoid that in the future, and in order to help ensure this, I've added an explanation in misc.h so that when someone does get a compiler warning about a type error, they have the fix at hand. The reason we don't have "const" in these calls in the standard is purely anachronistic: C78 (de facto) did not have type qualifiers in the syntax, and the "const" type qualifier was added for C89 (I think; it may have been later). strtol() appears to date from 4.3BSD in 1986, which means it could not be added to those functions in the standard without breaking compatibility, which is usually avoided. The syntax chosen for type qualifiers is what has led to the churn regarding usage of const, and is especially confusing on string functions due to the lack of a string type. Quoting from C99, the syntax is: declarator: pointer[opt] direct-declarator direct-declarator: identifier ( declarator ) direct-declarator [ type-qualifier-list[opt] assignment-expression[opt] ] ... direct-declarator [ type-qualifier-list[opt] * ] ... pointer: * type-qualifier-list[opt] * type-qualifier-list[opt] pointer type-qualifier-list: type-qualifier type-qualifier-list type-qualifier ... type-qualifier: const restrict volatile So the examples go like: const char foo; // immutable object const char *foo; // mutable pointer to object char * const foo; // immutable pointer to mutable object const char * const foo; // immutable pointer to immutable object const char const * const foo; // XXX extra const keyword in the middle const char * const * const foo; // immutable pointer to immutable // pointer to immutable object const char ** const foo; // immutable pointer to mutable pointer // to immutable object Making const left-associative for * and right-associative for everything else may not have been the best choice ever, but here we are, and the inevitable result is people using trying to use const (as they should!), putting it at the wrong place, fighting with the compiler for a bit, and then either removing it or typecasting something in a bad way. I won't go into describing restrict, but its syntax has exactly the same issue as with const. Anyway, the last example above actually represents the *behavior* that's required of strtol()-like functions, so that's our choice for the "end" pointer. Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-02-21 21:39:33 +00:00
const char *end;
json: Implement wrapping interface While the newly added jsmn library provides the parsing interface, it does not provide any kind of interface to act on parsed tokens. Instead, the caller is expected to handle pointer arithmetics inside of the token array in order to extract required information. While simple, this requires users to know some of the inner workings of the library and is thus quite an unintuitive interface. This commit adds a new interface on top of the jsmn parser that provides convenience functions to retrieve values from the parsed json type, grub_json_t. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2019-12-27 15:18:35 +00:00
grub_err_t ret;
ret = get_value (&type, &value, parent, key);
if (ret)
return ret;
if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
return GRUB_ERR_BAD_ARGUMENT;
grub_errno = GRUB_ERR_NONE;
*out = grub_strtol (value, &end, 10);
if (grub_errno != GRUB_ERR_NONE || *end)
return GRUB_ERR_BAD_NUMBER;
return GRUB_ERR_NONE;
}