From ec286969942dbebfb9d0c041410ca61ebb7a08d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Camilla=20L=C3=B6wy?= <elmindreda@elmindreda.org>
Date: Wed, 15 Jan 2020 16:34:58 +0100
Subject: [PATCH] Check scancode before use in glfwGetKeyName

(cherry picked from commit 5f1631cb0e6f3544e9d13e7deb60ff3473a8a3f3)
---
 README.md          | 2 ++
 src/cocoa_window.m | 7 +++++++
 src/win32_window.c | 7 +++++++
 src/x11_window.c   | 7 +++++++
 4 files changed, 23 insertions(+)

diff --git a/README.md b/README.md
index 72604614..801582c0 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,8 @@ information on what to include when reporting a bug.
 ## Changelog
 
  - [Win32] Bugfix: Super key was not released after Win+V hotkey (#1622)
+ - [Win32] Bugfix: `glfwGetKeyName` could access out of bounds and return an
+   invalid pointer
  - [Cocoa] Added support for `VK_EXT_metal_surface` (#1619)
  - [Cocoa] Added locating the Vulkan loader at runtime in an application bundle
  - [X11] Bugfix: `glfwFocusWindow` could terminate on older WMs or without a WM
diff --git a/src/cocoa_window.m b/src/cocoa_window.m
index 30d8c1fc..129e975e 100644
--- a/src/cocoa_window.m
+++ b/src/cocoa_window.m
@@ -1516,6 +1516,13 @@ const char* _glfwPlatformGetScancodeName(int scancode)
 {
     @autoreleasepool {
 
+    if (scancode < 0 || scancode > 0xff ||
+        _glfw.ns.keycodes[scancode] == GLFW_KEY_UNKNOWN)
+    {
+        _glfwInputError(GLFW_INVALID_VALUE, "Invalid scancode");
+        return NULL;
+    }
+
     const int key = _glfw.ns.keycodes[scancode];
 
     UInt32 deadKeyState = 0;
diff --git a/src/win32_window.c b/src/win32_window.c
index 38c12e0a..14dc51a9 100644
--- a/src/win32_window.c
+++ b/src/win32_window.c
@@ -2016,6 +2016,13 @@ void _glfwPlatformSetCursorMode(_GLFWwindow* window, int mode)
 
 const char* _glfwPlatformGetScancodeName(int scancode)
 {
+    if (scancode < 0 || scancode > (KF_EXTENDED | 0xff) ||
+        _glfw.win32.keycodes[scancode] == GLFW_KEY_UNKNOWN)
+    {
+        _glfwInputError(GLFW_INVALID_VALUE, "Invalid scancode");
+        return NULL;
+    }
+
     return _glfw.win32.keynames[_glfw.win32.keycodes[scancode]];
 }
 
diff --git a/src/x11_window.c b/src/x11_window.c
index 75986442..271e1080 100644
--- a/src/x11_window.c
+++ b/src/x11_window.c
@@ -2862,6 +2862,13 @@ const char* _glfwPlatformGetScancodeName(int scancode)
     if (!_glfw.x11.xkb.available)
         return NULL;
 
+    if (scancode < 0 || scancode > 0xff ||
+        _glfw.x11.keycodes[scancode] == GLFW_KEY_UNKNOWN)
+    {
+        _glfwInputError(GLFW_INVALID_VALUE, "Invalid scancode");
+        return NULL;
+    }
+
     const int key = _glfw.x11.keycodes[scancode];
     const KeySym keysym = XkbKeycodeToKeysym(_glfw.x11.display,
                                              scancode, _glfw.x11.xkb.group, 0);