From d3047011d06867269f5df88285d62729ac0646e1 Mon Sep 17 00:00:00 2001
From: Kenny Levinsen <kl@kl.wtf>
Date: Tue, 5 Jan 2021 12:08:23 +0100
Subject: backend/wayland: Avoid uninitialized read

keyboard_handle_leave would always process 1 keycode more than was
pending, which meant reading uninitialized memory from the "pressed"
array.

Found by valgrind.
---
 backend/wayland/seat.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/wayland/seat.c b/backend/wayland/seat.c
index 4b97bd48..dadc2356 100644
--- a/backend/wayland/seat.c
+++ b/backend/wayland/seat.c
@@ -235,11 +235,12 @@ static void keyboard_handle_leave(void *data, struct wl_keyboard *wl_keyboard,
 
 	uint32_t time = get_current_time_msec();
 
-	uint32_t pressed[dev->keyboard->num_keycodes + 1];
+	size_t num_keycodes = dev->keyboard->num_keycodes;
+	uint32_t pressed[num_keycodes + 1];
 	memcpy(pressed, dev->keyboard->keycodes,
-		dev->keyboard->num_keycodes * sizeof(uint32_t));
+		num_keycodes * sizeof(uint32_t));
 
-	for (size_t i = 0; i < sizeof(pressed)/sizeof(pressed[0]); ++i) {
+	for (size_t i = 0; i < num_keycodes; ++i) {
 		uint32_t keycode = pressed[i];
 
 		struct wlr_event_keyboard_key event = {
-- 
cgit v1.2.3