The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call.
machine_parse_property_opt() is wrong that way: it passes @errp to keyval_parse() without checking for failure, then passes it to keyval_merge(). Harmless, since the only caller passes &error_fatal. Clean up: drop the parameter, and use &error_fatal directly. Cc: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Markus Armbruster <arm...@redhat.com> Message-Id: <20210720125408.387910-16-arm...@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> Acked-by: Michael S. Tsirkin <m...@redhat.com> [Rebased, conflict with commit a3c2f128306 resolved] --- softmmu/vl.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/softmmu/vl.c b/softmmu/vl.c index 6227f8f10e..bdeb17809d 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -1550,20 +1550,17 @@ machine_merge_property(const char *propname, QDict *prop, Error **errp) static void machine_parse_property_opt(QemuOptsList *opts_list, const char *propname, - const char *arg, Error **errp) + const char *arg) { QDict *prop = NULL; bool help = false; - prop = keyval_parse(arg, opts_list->implied_opt_name, &help, errp); + prop = keyval_parse(arg, opts_list->implied_opt_name, &help, &error_fatal); if (help) { qemu_opts_print_help(opts_list, true); exit(0); } - if (!prop) { - return; - } - machine_merge_property(propname, prop, errp); + machine_merge_property(propname, prop, &error_fatal); qobject_unref(prop); } @@ -3343,7 +3340,8 @@ void qemu_init(int argc, char **argv, char **envp) } break; case QEMU_OPTION_smp: - machine_parse_property_opt(qemu_find_opts("smp-opts"), "smp", optarg, &error_fatal); + machine_parse_property_opt(qemu_find_opts("smp-opts"), + "smp", optarg); break; case QEMU_OPTION_vnc: vnc_parse(optarg); -- 2.31.1