Commit c3481247 authored by Eduardo Habkost's avatar Eduardo Habkost Committed by Luiz Capitulino

qmp: object-add: Validate class before creating object

Currently it is very easy to crash QEMU by issuing an object-add command
using an abstract class or a class that doesn't support

Example: with the following QMP command:

    (QEMU) object-add qom-type=cpu id=foo

QEMU aborts at:

    ERROR:qom/object.c:335:object_initialize_with_type: assertion failed: (type->abstract == false)

This patch moves the check for TYPE_USER_CREATABLE before object_new(),
and adds a check to prevent the code from trying to instantiate abstract
Signed-off-by: default avatarEduardo Habkost <>
Reviewed-by: default avatarMatthew Rosato <>
Tested-by: default avatarMatthew Rosato <>
Signed-off-by: default avatarLuiz Capitulino <>
......@@ -540,14 +540,27 @@ void object_add(const char *type, const char *id, const QDict *qdict,
Visitor *v, Error **errp)
Object *obj;
ObjectClass *klass;
const QDictEntry *e;
Error *local_err = NULL;
if (!object_class_by_name(type)) {
klass = object_class_by_name(type);
if (!klass) {
error_setg(errp, "invalid class name");
if (!object_class_dynamic_cast(klass, TYPE_USER_CREATABLE)) {
error_setg(errp, "object type '%s' isn't supported by object-add",
if (object_class_is_abstract(klass)) {
error_setg(errp, "object type '%s' is abstract", type);
obj = object_new(type);
if (qdict) {
for (e = qdict_first(qdict); e; e = qdict_next(qdict, e)) {
......@@ -558,12 +571,6 @@ void object_add(const char *type, const char *id, const QDict *qdict,
if (!object_dynamic_cast(obj, TYPE_USER_CREATABLE)) {
error_setg(&local_err, "object type '%s' isn't supported by object-add",
goto out;
user_creatable_complete(obj, &local_err);
if (local_err) {
goto out;
