File Fail-expression-lookup-on-invalid-atoms.patch of Package xkbcomp

From bb4909d2d8fa6b08155e449986a478101e2b2634 Mon Sep 17 00:00:00 2001
From: Daniel Stone <daniels@collabora.com>
Date: Mon, 30 Oct 2017 11:21:55 +0000
Subject: [PATCH] Fail expression lookup on invalid atoms
Git-commit: bb4909d2d8fa6b08155e449986a478101e2b2634
Patch-mainline: xkbcommon-0.8.2
References: CVE-2018-15859

If we fail atom lookup, then we should not claim that we successfully
looked up the expression.

Signed-off-by: Daniel Stone <daniels@collabora.com>

---
 src/xkbcomp/expr.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Index: xkbcomp-1.4.7/expr.c
===================================================================
--- xkbcomp-1.4.7.orig/expr.c
+++ xkbcomp-1.4.7/expr.c
@@ -141,11 +141,15 @@ ExprResolveLhs(const ExprDef *expr, Expr
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);
         *index_rtrn = NULL;
-        return True;
+        return (*elem_rtrn->str != NULL && *field_rtrn->str != NULL);
     case ExprArrayRef:
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.array.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.array.field);
         *index_rtrn = expr->value.array.entry;
+        if (expr->array_ref.element != XKB_ATOM_NONE && *elem_rtrn->str == NULL)
+                return False;
+        if (*field_rtrn->str == NULL)
+                return False;
         return True;
     }
     WSGO("Unexpected operator %d in ResolveLhs\n", expr->op);
Places

File Fail-expression-lookup-on-invalid-atoms.patch of Package xkbcomp

Places
