From ce2107a9a04be68fc22dc777e1f03bba0d1a382b Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 3 Jun 2014 11:19:51 +0200
Subject: [PATCH] qemu: monitor: Fix type of holdtime argument in
 qemuMonitorJSONSendKey
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

qemuMonitorJSONSendKey declares the "holdtime" argument as unsigned int
while the command was constructed in qemuMonitorJSONMakeCommand using
the "P" modifier which took a unsigned long from the variable
arguments which then made it possible to access uninitialized memory.

This broke the qemumonitorjsontest on 32bit fedora 20:
64) qemuMonitorJSONSendKey
... libvirt: QEMU Driver error : internal error: unsupported data type 'W' for arg 'WVSƒì ‹D$0è‘wÿÿÃAå' FAILED

Uncovered by upstream commit f744b831c66d9e82453f7a96cab5eddf7570c253.

Additionally add test for the hold-time option.
---
 src/qemu/qemu_monitor_json.c |  2 +-
 tests/qemumonitorjsontest.c  | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 0c44b11882..bedd959ee3 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -3610,7 +3610,7 @@ int qemuMonitorJSONSendKey(qemuMonitorPtr mon,
 
     cmd = qemuMonitorJSONMakeCommand("send-key",
                                      "a:keys", keys,
-                                     "P:hold-time", holdtime,
+                                     "p:hold-time", holdtime,
                                      NULL);
     if (!cmd)
         goto cleanup;
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index 47d7481c20..2099dc874c 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -1959,6 +1959,38 @@ testQemuMonitorJSONqemuMonitorJSONSendKey(const void *data)
     return ret;
 }
 
+static int
+testQemuMonitorJSONqemuMonitorJSONSendKeyHoldtime(const void *data)
+{
+    virDomainXMLOptionPtr xmlopt = (virDomainXMLOptionPtr)data;
+    qemuMonitorTestPtr test = qemuMonitorTestNewSimple(true, xmlopt);
+    int ret = -1;
+    unsigned int keycodes[] = {43, 26, 46, 32};
+
+    if (!test)
+        return -1;
+
+    if (qemuMonitorTestAddItemParams(test, "send-key",
+                                     "{\"return\":{}}",
+                                     "hold-time", "31337",
+                                     "keys", "[{\"type\":\"number\",\"data\":43},"
+                                              "{\"type\":\"number\",\"data\":26},"
+                                              "{\"type\":\"number\",\"data\":46},"
+                                              "{\"type\":\"number\",\"data\":32}]",
+                                     NULL, NULL) < 0)
+        goto cleanup;
+
+    if (qemuMonitorJSONSendKey(qemuMonitorTestGetMonitor(test),
+                               31337, keycodes,
+                               ARRAY_CARDINALITY(keycodes)) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    qemuMonitorTestFree(test);
+    return ret;
+}
+
 static int
 testQemuMonitorJSONqemuMonitorJSONGetDumpGuestMemoryCapability(const void *data)
 {
@@ -2230,6 +2262,7 @@ mymain(void)
     DO_TEST(qemuMonitorJSONGetVirtType);
     DO_TEST(qemuMonitorJSONSendKey);
     DO_TEST(qemuMonitorJSONGetDumpGuestMemoryCapability);
+    DO_TEST(qemuMonitorJSONSendKeyHoldtime);
 
     DO_TEST_CPU_DATA("host");
     DO_TEST_CPU_DATA("full");
-- 
2.39.5