From 04f8c053cca9c329eebb761f3a1ffef3d349b84c Mon Sep 17 00:00:00 2001
From: Luiz Capitulino <lcapitulino@redhat.com>
Date: Tue, 6 Apr 2010 16:39:42 -0300
Subject: [PATCH] QMP: Check "arguments" member's type

Otherwise the following input crashes QEMU:

{ "execute": "migrate", "arguments": "tcp:0:4446" }

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 monitor.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/monitor.c b/monitor.c
index 0611b29d1a..ef8429861b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4437,6 +4437,9 @@ static void handle_qmp_command(JSONMessageParser *parser, QList *tokens)
     obj = qdict_get(input, "arguments");
     if (!obj) {
         args = qdict_new();
+    } else if (qobject_type(obj) != QTYPE_QDICT) {
+        qerror_report(QERR_QMP_BAD_INPUT_OBJECT_MEMBER, "arguments", "object");
+        goto err_input;
     } else {
         args = qobject_to_qdict(obj);
         QINCREF(args);
-- 
2.11.4.GIT