From d28437de3c74d2514fc96d4e0da1dec4113e8929 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Sat, 12 Jun 2021 08:00:50 +0300
Subject: [PATCH] SDL_keyboard.c: Add bounds guards when assigning to the
 scancode array.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on a patch by Jochen Schäfer <josch1710@live.de> :
On a T420 pressing the ACPI button for volume control, big scancodes
were emitted. This was causing an overflow, because missing guards.
---
 src/events/SDL_keyboard.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/events/SDL_keyboard.c b/src/events/SDL_keyboard.c
index 7eb8bde8a..18089af55 100644
--- a/src/events/SDL_keyboard.c
+++ b/src/events/SDL_keyboard.c
@@ -605,6 +605,9 @@ SDL_SetKeymap(int start, SDL_Keycode * keys, int length)
 void
 SDL_SetScancodeName(SDL_Scancode scancode, const char *name)
 {
+    if (scancode >= SDL_NUM_SCANCODES) {
+        return;
+    }
     SDL_scancode_names[scancode] = name;
 }
 
@@ -675,7 +678,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
     Uint32 type;
     Uint8 repeat = SDL_FALSE;
 
-    if (scancode == SDL_SCANCODE_UNKNOWN) {
+    if (scancode == SDL_SCANCODE_UNKNOWN || scancode >= SDL_NUM_SCANCODES) {
         return 0;
     }
 
@@ -800,7 +803,7 @@ SDL_SendKeyboardKeyInternal(Uint8 source, Uint8 state, SDL_Scancode scancode)
            allowing the user to escape the application */
         SDL_MinimizeWindow(keyboard->focus);
     }
-    
+
     return (posted);
 }