File 0003-Fail-expression-lookup-on-invalid-atoms.patch of Package xkbcomp.41931

From 895e080b237e346a43a31edf9dee6143c2abf230 Mon Sep 17 00:00:00 2001
From: Daniel Stone <daniels@collabora.com>
Date: Mon, 30 Oct 2017 11:21:55 +0000
Subject: [PATCH 3/5] Fail expression lookup on invalid atoms

If we fail atom lookup, then we should not claim that we successfully
looked up the expression.

CVE-2018-15859

Identical to libxkbcommon commit bb4909d2d8fa6b08155e449986a478101e2b2634
https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634

Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
---
 expr.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Index: xkbcomp-1.4.1/expr.c
===================================================================
--- xkbcomp-1.4.1.orig/expr.c
+++ xkbcomp-1.4.1/expr.c
@@ -142,11 +142,15 @@ ExprResolveLhs(ExprDef * expr,
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);
         *index_rtrn = NULL;
-        return True;
+        return (elem_rtrn->str != NULL && field_rtrn->str != NULL);
     case ExprArrayRef:
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.array.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.array.field);
         *index_rtrn = expr->value.array.entry;
+        if (expr->value.array.element != None && elem_rtrn->str == NULL)
+            return False;
+        if (field_rtrn->str == NULL)
+            return False;
         return True;
     }
     WSGO1("Unexpected operator %d in ResolveLhs\n", expr->op);
Places

File 0003-Fail-expression-lookup-on-invalid-atoms.patch of Package xkbcomp.41931

Places
