aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenny Levinsen <kl@kl.wtf>2021-01-05 12:08:23 +0100
committerSimon Ser <contact@emersion.fr>2021-01-05 12:26:00 +0100
commitd3047011d06867269f5df88285d62729ac0646e1 (patch)
tree7db85ce99957d449f70ea83024e775c83237df32
parent83fdfa511d2d3eca6f37187e735e209e8421da6f (diff)
backend/wayland: Avoid uninitialized read
keyboard_handle_leave would always process 1 keycode more than was pending, which meant reading uninitialized memory from the "pressed" array. Found by valgrind.
-rw-r--r--backend/wayland/seat.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/backend/wayland/seat.c b/backend/wayland/seat.c
index 4b97bd48..dadc2356 100644
--- a/backend/wayland/seat.c
+++ b/backend/wayland/seat.c
@@ -235,11 +235,12 @@ static void keyboard_handle_leave(void *data, struct wl_keyboard *wl_keyboard,
uint32_t time = get_current_time_msec();
- uint32_t pressed[dev->keyboard->num_keycodes + 1];
+ size_t num_keycodes = dev->keyboard->num_keycodes;
+ uint32_t pressed[num_keycodes + 1];
memcpy(pressed, dev->keyboard->keycodes,
- dev->keyboard->num_keycodes * sizeof(uint32_t));
+ num_keycodes * sizeof(uint32_t));
- for (size_t i = 0; i < sizeof(pressed)/sizeof(pressed[0]); ++i) {
+ for (size_t i = 0; i < num_keycodes; ++i) {
uint32_t keycode = pressed[i];
struct wlr_event_keyboard_key event = {