diff mbox

[PULL,1/4] ui/curses.c: Ensure we don't read off the end of curses2qemu array

Message ID 1473750414-16525-2-git-send-email-kraxel@redhat.com
State New, archived
Headers show

Commit Message

Gerd Hoffmann Sept. 13, 2016, 7:06 a.m. UTC
From: Peter Maydell <peter.maydell@linaro.org>

Coverity spots that there is no bounds check before we
access the curses2qemu[] array.  Add one, bringing this
code path into line with the one that looks up entries
in curses2keysym[].

In theory getch() shouldn't return out of range keycodes,
but it's better not to assume this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1470925407-23850-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/curses.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/ui/curses.c b/ui/curses.c
index b475589..f1f886c 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -317,7 +317,10 @@  static void curses_refresh(DisplayChangeListener *dcl)
                 qemu_input_event_send_key_delay(0);
             }
         } else {
-            keysym = curses2qemu[chr];
+            keysym = -1;
+            if (chr < CURSES_KEYS) {
+                keysym = curses2qemu[chr];
+            }
             if (keysym == -1)
                 keysym = chr;