From aeea0e6ca8101e98c1cbf62d59aa29a0243e1433 Mon Sep 17 00:00:00 2001
From: Ash <quarktheawesome@gmail.com>
Date: Sat, 17 Mar 2018 13:00:47 +1100
Subject: [PATCH] [WiiU] Fix OOB read/write in keyboard driver

This code used a keyboardState size of 256 and indexed it with a
retro_key, which can be any value (RETROK_RALT is 307). This fixes
that by using RETROK_LAST as the array size.

Should fix #6322.
---
 input/drivers/wiiu_input.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/input/drivers/wiiu_input.c b/input/drivers/wiiu_input.c
index 0520d7731e..5a188c1f21 100644
--- a/input/drivers/wiiu_input.c
+++ b/input/drivers/wiiu_input.c
@@ -35,10 +35,8 @@
 
 #define MAX_PADS 5
 
-static unsigned char keyboardChannel = 0x00;
-static KBDModifier keyboardModifier  = 0x00;
-static unsigned char keyboardCode    = 0x00;
-static KEYState keyboardState[256]   = { KBD_WIIU_NULL };
+static uint8_t keyboardChannel = 0x00;
+static bool keyboardState[RETROK_LAST] = { 0 };
 
 typedef struct wiiu_input
 {
@@ -62,14 +60,13 @@ void kb_key_callback(KBDKeyEvent *key)
    unsigned code       = 0;
    bool pressed        = false;
 
-   keyboardModifier    = key->modifier;
-   keyboardCode        = key->scancode;
-
    if (key->state > 0)
       pressed = true;
 
    code                = input_keymaps_translate_keysym_to_rk(key->scancode);
-   keyboardState[code] = key->state;
+   if (code < RETROK_LAST)
+      keyboardState[code] = pressed;
+
 
    if (key->modifier & KBD_WIIU_SHIFT)
       mod |= RETROKMOD_SHIFT;
@@ -134,7 +131,7 @@ static bool wiiu_key_pressed(int key)
    if (key >= RETROK_LAST)
       return false;
 
-   if ((keyboardState[key] > 0) && (keyboardChannel > 0))
+   if (keyboardState[key] && (keyboardChannel > 0))
       ret = true;
 
    return ret;