On Mon, 29 Jan 2018 at 10:24, Gerd Hoffmann <kra...@redhat.com> wrote:
>
> From: "Daniel P. Berrange" <berra...@redhat.com>
>
> Replace the qcode_to_keycode table with automatically
> generated tables.
>
> Missing entries in qcode_to_keycode now fixed:
>
> - Q_KEY_CODE_KP_COMMA -> 0x2d
>
> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> Message-id: 20180117164118.8510-3-berra...@redhat.com
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
> @@ -879,7 +759,11 @@ static void sunkbd_handle_event(DeviceState *dev,
> QemuConsole *src,
> }
> }
>
> - keycode = qcode_to_keycode[qcode];
> + if (qcode > qemu_input_map_qcode_to_sun_len) {
> + return;
> + }
> +
> + keycode = qemu_input_map_qcode_to_sun[qcode];
> if (!key->down) {
> keycode |= 0x80;
> }
Hi; I was looking at this code because Coverity is now clever enough
to try to check whether the qemu_input_map_qcode_to_sun[] array
is being overrun (though alas not clever enough to spot that
qemu_input_map_qcode_to_sun_len is the length of that array,
so there are false positive complaints about all the uses of these
autogenerated arrays in all devices that use them).
In this specific case, though, it does look like there's a bug:
shouldn't the condition be "if (qcode >= qemu_input_map_qcode_to_sun_len)" ?
thanks
-- PMM
