From patchwork Tue Jun 29 08:50:20 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Fix null pointer dereference when parsing chardevs without a backend
 option.
From: Mike McCormack <mj.mccormack@samsung.com>
X-Patchwork-Id: 57257
Message-Id: <4C29B3CC.8040400@samsung.com>
To: qemu-devel@nongnu.org
Date: Tue, 29 Jun 2010 17:50:20 +0900

qemu_opt_get may return NULL, so handle that rather than crashing.

Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>

---
qemu-char.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index 9b69d92..f292ee7 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2434,6 +2434,7 @@ CharDriverState *qemu_chr_open_opts(QemuOpts *opts,
                                     void (*init)(struct CharDriverState *s))
 {
     CharDriverState *chr;
+    const char *backend;
     int i;
 
     if (qemu_opts_id(opts) == NULL) {
@@ -2441,8 +2442,14 @@ CharDriverState *qemu_chr_open_opts(QemuOpts *opts,
         return NULL;
     }
 
+    backend = qemu_opt_get(opts, "backend");
+    if (!backend) {
+        fprintf(stderr, "chardev: backend option not specified\n");
+        return NULL;
+    }
+
     for (i = 0; i < ARRAY_SIZE(backend_table); i++) {
-        if (strcmp(backend_table[i].name, qemu_opt_get(opts, "backend")) == 0)
+        if (strcmp(backend_table[i].name, backend) == 0)
             break;
     }
     if (i == ARRAY_SIZE(backend_table)) {