ui/curses.c: Ensure we don't read off the end of curses2qemu array

Coverity spots that there is no bounds check before we
access the curses2qemu[] array.  Add one, bringing this
code path into line with the one that looks up entries
in curses2keysym[].

In theory getch() shouldn't return out of range keycodes,
but it's better not to assume this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1470925407-23850-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/ui/curses.c b/ui/curses.c
index b47558956c1436b5cf26f4c77b9fa4d670a96b5b..f1f886c968e63285ece6c2107cf502d983d98a2c 100644 (file)
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -317,7 +317,10 @@ static void curses_refresh(DisplayChangeListener *dcl)
                 qemu_input_event_send_key_delay(0);
             }
         } else {
-            keysym = curses2qemu[chr];
+            keysym = -1;
+            if (chr < CURSES_KEYS) {
+                keysym = curses2qemu[chr];
+            }
             if (keysym == -1)
                 keysym = chr;