diff options
author | Kenny Levinsen <kl@kl.wtf> | 2021-01-05 12:08:23 +0100 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2021-01-05 12:26:00 +0100 |
commit | d3047011d06867269f5df88285d62729ac0646e1 (patch) | |
tree | 7db85ce99957d449f70ea83024e775c83237df32 | |
parent | 83fdfa511d2d3eca6f37187e735e209e8421da6f (diff) |
backend/wayland: Avoid uninitialized read
keyboard_handle_leave would always process 1 keycode more than was
pending, which meant reading uninitialized memory from the "pressed"
array.
Found by valgrind.
-rw-r--r-- | backend/wayland/seat.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/backend/wayland/seat.c b/backend/wayland/seat.c index 4b97bd48..dadc2356 100644 --- a/backend/wayland/seat.c +++ b/backend/wayland/seat.c @@ -235,11 +235,12 @@ static void keyboard_handle_leave(void *data, struct wl_keyboard *wl_keyboard, uint32_t time = get_current_time_msec(); - uint32_t pressed[dev->keyboard->num_keycodes + 1]; + size_t num_keycodes = dev->keyboard->num_keycodes; + uint32_t pressed[num_keycodes + 1]; memcpy(pressed, dev->keyboard->keycodes, - dev->keyboard->num_keycodes * sizeof(uint32_t)); + num_keycodes * sizeof(uint32_t)); - for (size_t i = 0; i < sizeof(pressed)/sizeof(pressed[0]); ++i) { + for (size_t i = 0; i < num_keycodes; ++i) { uint32_t keycode = pressed[i]; struct wlr_event_keyboard_key event = { |