From bba4e1b591531c087fce4ae501dc1ca299d8fb42 Mon Sep 17 00:00:00 2001
From: Peter Maydell <peter.maydell@linaro.org>
Date: Thu, 11 Aug 2016 15:23:26 +0100
Subject: ui/curses.c: Ensure we don't read off the end of curses2qemu array

Coverity spots that there is no bounds check before we
access the curses2qemu[] array.  Add one, bringing this
code path into line with the one that looks up entries
in curses2keysym[].

In theory getch() shouldn't return out of range keycodes,
but it's better not to assume this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1470925407-23850-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/curses.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ui/curses.c')

diff --git a/ui/curses.c b/ui/curses.c
index b475589..f1f886c 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -317,7 +317,10 @@ static void curses_refresh(DisplayChangeListener *dcl)
                 qemu_input_event_send_key_delay(0);
             }
         } else {
-            keysym = curses2qemu[chr];
+            keysym = -1;
+            if (chr < CURSES_KEYS) {
+                keysym = curses2qemu[chr];
+            }
             if (keysym == -1)
                 keysym = chr;
 
-- 
cgit v1.1