On Thu, Mar 31, 2022 at 11:03:49AM +0100, Peter Maydell wrote:
> On Mon, 29 Jan 2018 at 10:24, Gerd Hoffmann <kra...@redhat.com> wrote:
> >
> > From: "Daniel P. Berrange" <berra...@redhat.com>
> >
> > Replace the qcode_to_keycode table with automatically
> > generated tables.
> >
> > Missing entries in qcode_to_keycode now fixed:
> >
> > - Q_KEY_CODE_KP_COMMA -> 0x2d
> >
> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> > Message-id: 20180117164118.8510-3-berra...@redhat.com
> > Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
>
> > @@ -879,7 +759,11 @@ static void sunkbd_handle_event(DeviceState *dev,
> > QemuConsole *src,
> > }
> > }
> >
> > - keycode = qcode_to_keycode[qcode];
> > + if (qcode > qemu_input_map_qcode_to_sun_len) {
> > + return;
> > + }
> > +
> > + keycode = qemu_input_map_qcode_to_sun[qcode];
> > if (!key->down) {
> > keycode |= 0x80;
> > }
>
> Hi; I was looking at this code because Coverity is now clever enough
> to try to check whether the qemu_input_map_qcode_to_sun[] array
> is being overrun (though alas not clever enough to spot that
> qemu_input_map_qcode_to_sun_len is the length of that array,
> so there are false positive complaints about all the uses of these
> autogenerated arrays in all devices that use them).
>
> In this specific case, though, it does look like there's a bug:
> shouldn't the condition be "if (qcode >= qemu_input_map_qcode_to_sun_len)" ?
Yes, you are right.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
