[PATCH evdev] Prevent buffer overrun accessing btn_labels
Peter Hutterer
peter.hutterer at who-t.net
Tue Apr 26 23:11:33 UTC 2016
We go up to BTN_JOYSTICK, hence group can have a value of up to including 15.
The actual btn_labels only has 6 elements though.
Found by coverity.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
src/evdev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/evdev.c b/src/evdev.c
index 0fcb0bb..2c88343 100644
--- a/src/evdev.c
+++ b/src/evdev.c
@@ -2790,6 +2790,9 @@ static void EvdevInitButtonLabels(EvdevPtr pEvdev, int natoms, Atom *atoms)
int group = (button % 0x100)/16;
int idx = button - ((button/16) * 16);
+ if (group >= ArrayLength(btn_labels))
+ break;
+
if (!libevdev_has_event_code(pEvdev->dev, EV_KEY, button))
continue;
--
2.7.4
More information about the xorg-devel
mailing list