From 4b14c18d1334d65c6b1949dfbb554037448fd59f Mon Sep 17 00:00:00 2001 From: Hubert Jarosz Date: Sun, 28 Feb 2016 20:20:59 +0100 Subject: [PATCH] fix possible crash in platform/x11/joystick_linux.cpp ev may be tainted and out of MAX_KEY range, which will cause joy->key_map[ev.code] to crash --- platform/x11/joystick_linux.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/platform/x11/joystick_linux.cpp b/platform/x11/joystick_linux.cpp index 9a52c4ff366..0615f33f965 100644 --- a/platform/x11/joystick_linux.cpp +++ b/platform/x11/joystick_linux.cpp @@ -429,6 +429,12 @@ uint32_t joystick_linux::process_joysticks(uint32_t p_event_id) { for (int j = 0; j < len; j++) { input_event &ev = events[j]; + + // ev may be tainted and out of MAX_KEY range, which will cause + // joy->key_map[ev.code] to crash + if( ev.code < 0 || ev.code >= MAX_KEY ) + return p_event_id; + switch (ev.type) { case EV_KEY: p_event_id = input->joy_button(p_event_id, i, joy->key_map[ev.code], ev.value);