Commit d28437de3c74d2514fc96d4e0da1dec4113e8929

Ozkan Sezer 2021-06-12T08:00:50

SDL_keyboard.c: Add bounds guards when assigning to the scancode array. Based on a patch by Jochen Schäfer <josch1710@live.de> : On a T420 pressing the ACPI button for volume control, big scancodes were emitted. This was causing an overflow, because missing guards.

diff --git a/src/events/SDL_keyboard.c b/src/events/SDL_keyboard.c
index 7eb8bde..18089af 100644
--- a/src/events/SDL_keyboard.c
+++ b/src/events/SDL_keyboard.c
@@ -605,6 +605,9 @@ SDL_SetKeymap(int start, SDL_Keycode * keys, int length)
 void
 SDL_SetScancodeName(SDL_Scancode scancode, const char *name)
 {
+    if (scancode >= SDL_NUM_SCANCODES) {
+        return;
+    }
     SDL_scancode_names[scancode] = name;
 }
 
@@ -675,7 +678,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
     Uint32 type;
     Uint8 repeat = SDL_FALSE;
 
-    if (scancode == SDL_SCANCODE_UNKNOWN) {
+    if (scancode == SDL_SCANCODE_UNKNOWN || scancode >= SDL_NUM_SCANCODES) {
         return 0;
     }
 
@@ -800,7 +803,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
            allowing the user to escape the application */
         SDL_MinimizeWindow(keyboard->focus);
     }
-    
+
     return (posted);
 }