keyboard: Avoid access beyond end off buffer

If the for loop does not match on a button it will fall through and try and
dereference into the array using the terminating value of the loop. This
terminating value of the loop is the dimension of the array and thus beyond
its bounds.

Cc: Jan Arne Petersen <jpetersen@openismus.com>
Signed-off-by: Rob Bradford <rob@linux.intel.com>

diff --git a/clients/keyboard.c b/clients/keyboard.c
index 8820a22..19eb034 100644 (file)
--- a/clients/keyboard.c
+++ b/clients/keyboard.c
@@ -313,12 +313,12 @@ button_handler(struct widget *widget,
        col = x / key_width + row * columns;
        for (i = 0; i < sizeof(keys) / sizeof(*keys); ++i) {
                col -= keys[i].width;
-               if (col < 0)
+               if (col < 0) {
+                       keyboard_handle_key(keyboard, &keys[i]);
                        break;
+               }
        }
 
-       keyboard_handle_key(keyboard, &keys[i]);
-
        widget_schedule_redraw(widget);
 }