File 0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch of Package xkbcomp.41931

From c342635409cd687da0eda323ef4f165b11565052 Mon Sep 17 00:00:00 2001
From: Daniel Stone <daniels@collabora.com>
Date: Mon, 26 Jun 2017 17:21:45 +0100
Subject: [PATCH 2/5] xkbcomp: Don't falsely promise from ExprResolveLhs

Every user of ExprReturnLhs goes on to unconditionally dereference the
field return, which can be NULL if xkb_intern_atom fails. Return false
if this is the case, so we fail safely.

Testcase: splice geometry data into interp

CVE-2018-15861

Identical to libxkbcommon commit 38e1766bc6e20108948aec8a0b222a4bad0254e9
https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9

Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
---
 expr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xkbcomp-1.4.1/expr.c
===================================================================
--- xkbcomp-1.4.1.orig/expr.c
+++ xkbcomp-1.4.1/expr.c
@@ -137,7 +137,7 @@ ExprResolveLhs(ExprDef * expr,
         elem_rtrn->str = NULL;
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.str);
         *index_rtrn = NULL;
-        return True;
+        return (field_rtrn->str != NULL);
     case ExprFieldRef:
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);

Places

File 0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch of Package xkbcomp.41931

Places