Thanks Walter,
I can't use ARRAY_SIZE because key_map is declared as an unsigned
short *. I noticed that in vt_ioctl.c the assumption is made that all
key maps are the same size as plain_map[], so if we were to make the
same (safe) assumption, we could use the conditional keycode <
ARRAY_SIZE(plain_map), but I think that that would make the code more
confusing than the simple test against NR_KEYS.
But here's the patch containing the stylistic suggestions:
--- linux-2.6.26.5/drivers/char/keyboard.c.orig 2008-10-06
07:19:47.000000000 +1030
+++ linux-2.6.26.5/drivers/char/keyboard.c 2008-10-06
08:34:48.000000000 +1030
@@ -1247,13 +1247,14 @@ static void kbd_keycode(unsigned int key
return;
}
- if (keycode > NR_KEYS)
+ if (keycode < NR_KEYS)
+ keysym = key_map[keycode];
+ else {
if (keycode >= KEY_BRL_DOT1 && keycode <= KEY_BRL_DOT8)
keysym = K(KT_BRL, keycode - KEY_BRL_DOT1 + 1);
else
return;
- else
- keysym = key_map[keycode];
+ }
type = KTYP(keysym);
On 06/10/2008, at 2:38 AM, walter harms wrote:
nice catch,
just to improve readablility .... and reduce the change of an other
error ...
if (keycode < ARRAY_SIZE(key_map) )
keysym = key_map[keycode];
else {
if (keycode >= KEY_BRL_DOT1 && keycode <= KEY_BRL_DOT8)
keysym = K(KT_BRL, keycode - KEY_BRL_DOT1 + 1);
else
return;
}
re,
wh
Michal Roszkowski schrieb:
---
Trivial fix for read past end of key_map[] when keycode = NR_KEYS.
--- linux-2.6.26.5/drivers/char/keyboard.c.orig 2008-10-05
15:51:09.000000000 +1030
+++ linux-2.6.26.5/drivers/char/keyboard.c 2008-10-05
15:52:17.000000000 +1030
@@ -1247,7 +1247,7 @@ static void kbd_keycode(unsigned int key
return;
}
- if (keycode > NR_KEYS)
+ if (keycode >= NR_KEYS)
if (keycode >= KEY_BRL_DOT1 && keycode <= KEY_BRL_DOT8)
keysym = K(KT_BRL, keycode - KEY_BRL_DOT1 + 1);
else
--
To unsubscribe from this list: send the line "unsubscribe
kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html