[Qemu-devel] [PATCH 1/2] ui/curses.c: Ensure we don't read off the end o

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 1/2] ui/curses.c: Ensure we don't read off the end o

From:	Peter Maydell
Subject:	[Qemu-devel] [PATCH 1/2] ui/curses.c: Ensure we don't read off the end of curses2qemu array
Date:	Thu, 11 Aug 2016 15:23:26 +0100

Coverity spots that there is no bounds check before we
access the curses2qemu[] array.  Add one, bringing this
code path into line with the one that looks up entries
in curses2keysym[].

In theory getch() shouldn't return out of range keycodes,
but it's better not to assume this.

Signed-off-by: Peter Maydell <address@hidden>
---
 ui/curses.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ui/curses.c b/ui/curses.c
index b475589..f1f886c 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -317,7 +317,10 @@ static void curses_refresh(DisplayChangeListener *dcl)
                 qemu_input_event_send_key_delay(0);
             }
         } else {
-            keysym = curses2qemu[chr];
+            keysym = -1;
+            if (chr < CURSES_KEYS) {
+                keysym = curses2qemu[chr];
+            }
             if (keysym == -1)
                 keysym = chr;
 
-- 
2.7.4

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/2] curses Coverity fixes, Peter Maydell, 2016/08/11
- [Qemu-devel] [PATCH 2/2] ui/curses.c: Clean up nextchr logic, Peter Maydell, 2016/08/11
- [Qemu-devel] [PATCH 1/2] ui/curses.c: Ensure we don't read off the end of curses2qemu array, Peter Maydell <=

Prev by Date: [Qemu-devel] [PATCH 2/2] ui/curses.c: Clean up nextchr logic
Next by Date: Re: [Qemu-devel] [PATCH V2] add migration capability to bypass the shared memory
Previous by thread: [Qemu-devel] [PATCH 2/2] ui/curses.c: Clean up nextchr logic
Next by thread: [Qemu-devel] [RFC v4 00/28] Base enabling patches for MTTCG
Index(es):
- Date
- Thread