[WiiU] Fix OOB read/write in keyboard driver

This code used a keyboardState size of 256 and indexed it with a retro_key, which can be any value (RETROK_RALT is 307). This fixes that by using RETROK_LAST as the array size. Should fix #6322.
2024-11-23 16:09:47 +00:00 · 2018-03-17 13:00:47 +11:00 · 2018-03-17 13:00:47 +11:00 · aeea0e6ca8
commit aeea0e6ca8
parent fb011f8377
1 changed files with 6 additions and 9 deletions
--- a/input/drivers/wiiu_input.c
+++ b/input/drivers/wiiu_input.c
@ -35,10 +35,8 @@

 #define MAX_PADS 5

-static unsigned char keyboardChannel = 0x00;
-static KBDModifier keyboardModifier  = 0x00;
-static unsigned char keyboardCode    = 0x00;
-static KEYState keyboardState[256]   = { KBD_WIIU_NULL };
+static uint8_t keyboardChannel = 0x00;
+static bool keyboardState[RETROK_LAST] = { 0 };

 typedef struct wiiu_input
 {
@ -62,14 +60,13 @@ void kb_key_callback(KBDKeyEvent *key)
   unsigned code       = 0;
   bool pressed        = false;

-   keyboardModifier    = key->modifier;
-   keyboardCode        = key->scancode;
-
   if (key->state > 0)
      pressed = true;

   code                = input_keymaps_translate_keysym_to_rk(key->scancode);
-   keyboardState[code] = key->state;
+   if (code < RETROK_LAST)
+      keyboardState[code] = pressed;
+

   if (key->modifier & KBD_WIIU_SHIFT)
      mod |= RETROKMOD_SHIFT;
@ -134,7 +131,7 @@ static bool wiiu_key_pressed(int key)
   if (key >= RETROK_LAST)
      return false;

-   if ((keyboardState[key] > 0) && (keyboardChannel > 0))
+   if (keyboardState[key] && (keyboardChannel > 0))
      ret = true;

   return ret;