From b4ff592a5ab6ebdc9c993fa78f1194313485d580 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 11 Jun 2018 11:20:09 +1000
Subject: [PATCH] tools: libinput-record: put extra guard in to protect from
 OOB access

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 tools/libinput-record.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/libinput-record.c b/tools/libinput-record.c
index 18b653c5..71d4fe11 100644
--- a/tools/libinput-record.c
+++ b/tools/libinput-record.c
@@ -716,6 +716,7 @@ buffer_gesture_event(struct record_context *ctx,
 static char *
 buffer_tablet_axes(struct libinput_event_tablet_tool *t)
 {
+	const int MAX_AXES = 10;
 	struct libinput_tablet_tool *tool;
 	char *s = NULL;
 	int idx = 0;
@@ -725,7 +726,7 @@ buffer_tablet_axes(struct libinput_event_tablet_tool *t)
 
 	tool = libinput_event_tablet_tool_get_tool(t);
 
-	strv = zalloc(10 * sizeof *strv);
+	strv = zalloc(MAX_AXES * sizeof *strv);
 
 	x = libinput_event_tablet_tool_get_x(t);
 	y = libinput_event_tablet_tool_get_y(t);
@@ -789,6 +790,8 @@ buffer_tablet_axes(struct libinput_event_tablet_tool *t)
 			goto out;
 	}
 
+	assert(idx < MAX_AXES);
+
 	s = strv_join(strv, ", ");
 out:
 	strv_free(strv);