Since it does not make much sense, then forbid this situation outright: - change qemuopts_end_arg_list() to return an error if the current arg list has no elements - when creating the argv array, assert that each arg list is not empty --- common/qemuopts/qemuopts.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/common/qemuopts/qemuopts.c b/common/qemuopts/qemuopts.c index b3e69e306..49550bb21 100644 --- a/common/qemuopts/qemuopts.c +++ b/common/qemuopts/qemuopts.c @@ -453,7 +453,15 @@ qemuopts_append_arg_list_format (struct qemuopts *qopts, int qemuopts_end_arg_list (struct qemuopts *qopts) { - /* Nothing to do, the list is already well-formed. */ + struct qopt *qopt; + size_t len; + + qopt = last_option (qopts); + assert (qopt->type == QOPT_ARG_LIST); + len = count_strings (qopt->values); + if (len == 0) + return -1; + return 0; } @@ -816,7 +824,9 @@ qemuopts_to_argv (struct qemuopts *qopts) case QOPT_ARG_LIST: /* We only have to do comma-quoting here. */ values = qopts->options[i].values; - len = count_strings (values) - 1 /* one for each comma */; + len = count_strings (values); + assert (len > 0); + len -= 1 /* one for each comma */; for (j = 0; values[j] != NULL; ++j) { for (k = 0; k < strlen (values[j]); ++k) { if (values[j][k] == ',') len++; --