From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41413)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YVyyv-0000GJ-2a
	for qemu-devel@nongnu.org; Thu, 12 Mar 2015 05:00:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YVyyt-00057i-RO
	for qemu-devel@nongnu.org; Thu, 12 Mar 2015 05:00:40 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36228)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YVyyt-00057a-KF
	for qemu-devel@nongnu.org; Thu, 12 Mar 2015 05:00:39 -0400
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 12 Mar 2015 10:00:25 +0100
Message-Id: <1426150825-782-8-git-send-email-kraxel@redhat.com>
In-Reply-To: <1426150825-782-1-git-send-email-kraxel@redhat.com>
References: <1426150825-782-1-git-send-email-kraxel@redhat.com>
Subject: [Qemu-devel] [PULL 7/7] vnc: fix segmentation fault when invalid
	vnc parameters are specified
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Gonglei <arei.gonglei@huawei.com>, Gerd Hoffmann <kraxel@redhat.com>, Anthony Liguori <aliguori@amazon.com>

From: Gonglei <arei.gonglei@huawei.com>

Reproducer:
 #./qemu-system-x86_64 -vnc :0,ip
qemu-system-x86_64: -vnc :1,ip: Invalid parameter 'ip'
Segmentation fault (core dumped)

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/vnc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 1e95445..6f9b718 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3703,8 +3703,13 @@ QemuOpts *vnc_parse_func(const char *str)
 {
     QemuOptsList *olist = qemu_find_opts("vnc");
     QemuOpts *opts = qemu_opts_parse(olist, str, 1);
-    const char *id = qemu_opts_id(opts);
+    const char *id;
 
+    if (!opts) {
+        return NULL;
+    }
+
+    id = qemu_opts_id(opts);
     if (!id) {
         /* auto-assign id if not present */
         vnc_auto_assign_id(olist, opts);
-- 
1.8.3.1