[1/2] ui/curses.c: Ensure we don't read off the end of curses2qemu array

Commit Message

Peter Maydell Aug. 11, 2016, 2:23 p.m. UTC

Coverity spots that there is no bounds check before we
access the curses2qemu[] array.  Add one, bringing this
code path into line with the one that looks up entries
in curses2keysym[].

In theory getch() shouldn't return out of range keycodes,
but it's better not to assume this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 ui/curses.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Patch

diff --git a/ui/curses.c b/ui/curses.c
index b475589..f1f886c 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -317,7 +317,10 @@  static void curses_refresh(DisplayChangeListener *dcl)
                 qemu_input_event_send_key_delay(0);
             }
         } else {
-            keysym = curses2qemu[chr];
+            keysym = -1;
+            if (chr < CURSES_KEYS) {
+                keysym = curses2qemu[chr];
+            }
             if (keysym == -1)
                 keysym = chr;