SDL_keyboard.c: Add bounds guards when assigning to the scancode array. Based on a patch by Jochen Schäfer <josch1710@live.de> : On a T420 pressing the ACPI button for volume control, big scancodes were emitted. This was causing an overflow, because missing guards.
diff --git a/src/events/SDL_keyboard.c b/src/events/SDL_keyboard.c
index 7eb8bde..18089af 100644
--- a/src/events/SDL_keyboard.c
+++ b/src/events/SDL_keyboard.c
@@ -605,6 +605,9 @@ SDL_SetKeymap(int start, SDL_Keycode * keys, int length)
void
SDL_SetScancodeName(SDL_Scancode scancode, const char *name)
{
+ if (scancode >= SDL_NUM_SCANCODES) {
+ return;
+ }
SDL_scancode_names[scancode] = name;
}
@@ -675,7 +678,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
Uint32 type;
Uint8 repeat = SDL_FALSE;
- if (scancode == SDL_SCANCODE_UNKNOWN) {
+ if (scancode == SDL_SCANCODE_UNKNOWN || scancode >= SDL_NUM_SCANCODES) {
return 0;
}
@@ -800,7 +803,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
allowing the user to escape the application */
SDL_MinimizeWindow(keyboard->focus);
}
-
+
return (posted);
}