| Message ID | 1295701646-3022-1-git-send-email-stefanha@linux.vnet.ibm.com |
|---|---|
| State | New |
| Headers | show |
On Sat, Jan 22, 2011 at 01:07:26PM +0000, Stefan Hajnoczi wrote: > Check if the backend option is missing before searching the backend > table. This fixes a NULL pointer dereference when QEMU is invoked with > the following invalid command-line: > > $ qemu -chardev id=foo,path=/tmp/socket > > Previously QEMU would segfault, now it produces this error message: > > chardev: "foo" missing backend > > Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> > --- > qemu-char.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) Thanks, applied. > diff --git a/qemu-char.c b/qemu-char.c > index edc9ad6..8a424d6 100644 > --- a/qemu-char.c > +++ b/qemu-char.c > @@ -2508,6 +2508,11 @@ CharDriverState *qemu_chr_open_opts(QemuOpts *opts, > return NULL; > } > > + if (qemu_opt_get(opts, "backend") == NULL) { > + fprintf(stderr, "chardev: \"%s\" missing backend\n", > + qemu_opts_id(opts)); > + return NULL; > + } > for (i = 0; i < ARRAY_SIZE(backend_table); i++) { > if (strcmp(backend_table[i].name, qemu_opt_get(opts, "backend")) == 0) > break; > -- > 1.7.2.3 > > >
diff --git a/qemu-char.c b/qemu-char.c index edc9ad6..8a424d6 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2508,6 +2508,11 @@ CharDriverState *qemu_chr_open_opts(QemuOpts *opts, return NULL; } + if (qemu_opt_get(opts, "backend") == NULL) { + fprintf(stderr, "chardev: \"%s\" missing backend\n", + qemu_opts_id(opts)); + return NULL; + } for (i = 0; i < ARRAY_SIZE(backend_table); i++) { if (strcmp(backend_table[i].name, qemu_opt_get(opts, "backend")) == 0) break;
Check if the backend option is missing before searching the backend table. This fixes a NULL pointer dereference when QEMU is invoked with the following invalid command-line: $ qemu -chardev id=foo,path=/tmp/socket Previously QEMU would segfault, now it produces this error message: chardev: "foo" missing backend Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> --- qemu-char.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)