diff --git a/src/lib/cmd_parser.c b/src/lib/cmd_parser.c
index 2978ba9c..e3650125 100644
--- a/src/lib/cmd_parser.c
+++ b/src/lib/cmd_parser.c
@@ -85,8 +85,15 @@ int xdebug_cmd_parse(const char *line, char **cmd, xdebug_dbgp_arg **ret_args)
 				}
 				break;
 			case STATE_OPT_FOLLOWS:
-				opt = *ptr;
-				state = STATE_SEP_FOLLOWS;
+				/* Only accept option letters in [a-z] plus '-'; anything
+				 * else would land args->value[opt - 'a'] outside the
+				 * 27-slot array. */
+				if ((*ptr >= 'a' && *ptr <= 'z') || *ptr == '-') {
+					opt = *ptr;
+					state = STATE_SEP_FOLLOWS;
+				} else {
+					goto parse_error;
+				}
 				break;
 			case STATE_SEP_FOLLOWS:
 				if (*ptr != ' ') {