From b3427cfe0cddad78e8d718f7c8c1f229e2e63a36 Mon Sep 17 00:00:00 2001
From: Jozef Hutting <jehutting@gmail.com>
Date: Sun, 9 Feb 2014 15:46:38 +0100
Subject: [PATCH] Fix SIGSEGV/Keyboard buffer overflow upon multiple arrow key
 strokes.

---
 Keyboard.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Keyboard.cpp b/Keyboard.cpp
index a1dac712..2ffd5b85 100644
--- a/Keyboard.cpp
+++ b/Keyboard.cpp
@@ -75,15 +75,22 @@ void Keyboard::RestoreTerm()
 
 KeyConfig::Action Keyboard::GetEvent() 
 {
-  int ch[8];
+  // An arrow key consists of a three character sequence:
+  //   0x1b (=ESC), 0x5b (='[') and ARROW
+  // where ARROW = 0x41 (='A') for arrow up
+  //             = 0x42 (='B') for arrow down
+  //             = 0x42 (='C') for arrow right
+  //             = 0x42 (='D') for arrow left
+  int ch[3]; // Handle max ONE arrow key at a time.
   int chnum = 0;
 
-  while((ch[chnum] = getchar()) != EOF)
+  while((chnum < 3) && ((ch[chnum] = getchar()) != EOF))
     chnum++;
 
   if (chnum == 0)
     return KeyConfig::ACTION_BLANK;
 
+  // KeyConfig uses only the last two characters of an arrow key
   if (chnum > 1) 
     ch[0] = ch[chnum - 1] | (ch[chnum - 2] << 8);