File 0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch of Package xkbcomp.41931

From da836764573298c53c625c6c237ab5211b2d3adf Mon Sep 17 00:00:00 2001
From: Ran Benita <ran234@gmail.com>
Date: Sat, 10 Mar 2018 23:10:47 +0200
Subject: [PATCH 4/5] xkbcomp: fix stack overflow when evaluating boolean
 negation

The expression evaluator would go into an infinite recursion when
evaluating something like this as a boolean: `!True`. Instead of
recursing to just `True` and negating, it recursed to `!True` itself
again.

Bug inherited from xkbcomp.

Caught with the afl fuzzer.

CVE-2018-15853

Identical to libxkbcommon commit 1f9d1248c07cda8aaff762429c0dce146de8632a
https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a

Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
---
 expr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xkbcomp-1.4.1/expr.c
===================================================================
--- xkbcomp-1.4.1.orig/expr.c
+++ xkbcomp-1.4.1/expr.c
@@ -442,7 +442,7 @@ ExprResolveBoolean(ExprDef * expr,
         return ok;
     case OpInvert:
     case OpNot:
-        ok = ExprResolveBoolean(expr, val_rtrn, lookup, lookupPriv);
+        ok = ExprResolveBoolean(expr->value.child, val_rtrn, lookup, lookupPriv);
         if (ok)
             val_rtrn->uval = !val_rtrn->uval;
         return ok;