|
 |
c4524d |
From 6fa9f581eda2bc790937f347df4976f02d45240b Mon Sep 17 00:00:00 2001
|
|
|
c4524d |
From: Ran Benita <ran234@gmail.com>
|
|
|
c4524d |
Date: Sat, 10 Mar 2018 23:32:12 +0200
|
|
|
c4524d |
Subject: [PATCH 08/10] xkbcomp: fix crashes in the parser when geometry tokens
|
|
|
c4524d |
appear
|
|
|
c4524d |
|
|
|
c4524d |
In the XKB format, floats and various keywords can only be used in the
|
|
|
c4524d |
xkb_geometry section. xkbcommon removed support xkb_geometry, but still
|
|
|
c4524d |
parses it for backward compatibility. As part of ignoring it, the float
|
|
|
c4524d |
AST node and various keywords were removed, and instead NULL was
|
|
|
c4524d |
returned by their parsing actions. However, the rest of the code does
|
|
|
c4524d |
not handle NULLs, and so when they appear crashes usually ensue.
|
|
|
c4524d |
|
|
|
c4524d |
To fix this, restore the float AST node and the ignored keywords. None
|
|
|
c4524d |
of the evaluating code expects them, so nice error are displayed.
|
|
|
c4524d |
|
|
|
c4524d |
Caught with the afl fuzzer.
|
|
|
c4524d |
|
|
|
c4524d |
Signed-off-by: Ran Benita <ran234@gmail.com>
|
|
|
c4524d |
(cherry picked from commit e3cacae7b1bfda0d839c280494f23284a1187adf)
|
|
|
c4524d |
---
|
|
|
c4524d |
src/xkbcomp/ast-build.c | 8 ++++++++
|
|
|
c4524d |
src/xkbcomp/ast-build.h | 3 +++
|
|
|
c4524d |
src/xkbcomp/ast.h | 7 +++++++
|
|
|
c4524d |
src/xkbcomp/parser.y | 10 +++++-----
|
|
|
c4524d |
4 files changed, 23 insertions(+), 5 deletions(-)
|
|
|
c4524d |
|
|
|
c4524d |
diff --git a/src/xkbcomp/ast-build.c b/src/xkbcomp/ast-build.c
|
|
|
c4524d |
index b5e5616..c3e3279 100644
|
|
|
c4524d |
--- a/src/xkbcomp/ast-build.c
|
|
|
c4524d |
+++ b/src/xkbcomp/ast-build.c
|
|
|
c4524d |
@@ -105,6 +105,13 @@ ExprCreateInteger(int ival)
|
|
|
c4524d |
return expr;
|
|
|
c4524d |
}
|
|
|
c4524d |
|
|
|
c4524d |
+ExprDef *
|
|
|
c4524d |
+ExprCreateFloat(void)
|
|
|
c4524d |
+{
|
|
|
c4524d |
+ EXPR_CREATE(ExprFloat, expr, EXPR_VALUE, EXPR_TYPE_FLOAT);
|
|
|
c4524d |
+ return expr;
|
|
|
c4524d |
+}
|
|
|
c4524d |
+
|
|
|
c4524d |
ExprDef *
|
|
|
c4524d |
ExprCreateBoolean(bool set)
|
|
|
c4524d |
{
|
|
|
c4524d |
@@ -785,6 +792,7 @@ static const char *expr_value_type_strings[_EXPR_TYPE_NUM_VALUES] = {
|
|
|
c4524d |
[EXPR_TYPE_UNKNOWN] = "unknown",
|
|
|
c4524d |
[EXPR_TYPE_BOOLEAN] = "boolean",
|
|
|
c4524d |
[EXPR_TYPE_INT] = "int",
|
|
|
c4524d |
+ [EXPR_TYPE_FLOAT] = "float",
|
|
|
c4524d |
[EXPR_TYPE_STRING] = "string",
|
|
|
c4524d |
[EXPR_TYPE_ACTION] = "action",
|
|
|
c4524d |
[EXPR_TYPE_KEYNAME] = "keyname",
|
|
|
c4524d |
diff --git a/src/xkbcomp/ast-build.h b/src/xkbcomp/ast-build.h
|
|
|
c4524d |
index b57e4cd..6c76f38 100644
|
|
|
c4524d |
--- a/src/xkbcomp/ast-build.h
|
|
|
c4524d |
+++ b/src/xkbcomp/ast-build.h
|
|
|
c4524d |
@@ -36,6 +36,9 @@ ExprCreateString(xkb_atom_t str);
|
|
|
c4524d |
ExprDef *
|
|
|
c4524d |
ExprCreateInteger(int ival);
|
|
|
c4524d |
|
|
|
c4524d |
+ExprDef *
|
|
|
c4524d |
+ExprCreateFloat(void);
|
|
|
c4524d |
+
|
|
|
c4524d |
ExprDef *
|
|
|
c4524d |
ExprCreateBoolean(bool set);
|
|
|
c4524d |
|
|
|
c4524d |
diff --git a/src/xkbcomp/ast.h b/src/xkbcomp/ast.h
|
|
|
c4524d |
index 9778884..49c5ada 100644
|
|
|
c4524d |
--- a/src/xkbcomp/ast.h
|
|
|
c4524d |
+++ b/src/xkbcomp/ast.h
|
|
|
c4524d |
@@ -95,6 +95,7 @@ enum expr_value_type {
|
|
|
c4524d |
EXPR_TYPE_UNKNOWN = 0,
|
|
|
c4524d |
EXPR_TYPE_BOOLEAN,
|
|
|
c4524d |
EXPR_TYPE_INT,
|
|
|
c4524d |
+ EXPR_TYPE_FLOAT,
|
|
|
c4524d |
EXPR_TYPE_STRING,
|
|
|
c4524d |
EXPR_TYPE_ACTION,
|
|
|
c4524d |
EXPR_TYPE_KEYNAME,
|
|
|
c4524d |
@@ -186,6 +187,12 @@ typedef struct {
|
|
|
c4524d |
int ival;
|
|
|
c4524d |
} ExprInteger;
|
|
|
c4524d |
|
|
|
c4524d |
+typedef struct {
|
|
|
c4524d |
+ ExprCommon expr;
|
|
|
c4524d |
+ /* We don't support floats, but we still represnt them in the AST, in
|
|
|
c4524d |
+ * order to provide proper error messages. */
|
|
|
c4524d |
+} ExprFloat;
|
|
|
c4524d |
+
|
|
|
c4524d |
typedef struct {
|
|
|
c4524d |
ExprCommon expr;
|
|
|
c4524d |
xkb_atom_t key_name;
|
|
|
c4524d |
diff --git a/src/xkbcomp/parser.y b/src/xkbcomp/parser.y
|
|
|
c4524d |
index cedb8fa..bda7f64 100644
|
|
|
c4524d |
--- a/src/xkbcomp/parser.y
|
|
|
c4524d |
+++ b/src/xkbcomp/parser.y
|
|
|
c4524d |
@@ -584,13 +584,13 @@ Element : ACTION_TOK
|
|
|
c4524d |
| INDICATOR
|
|
|
c4524d |
{ $$ = xkb_atom_intern_literal(param->ctx, "indicator"); }
|
|
|
c4524d |
| SHAPE
|
|
|
c4524d |
- { $$ = XKB_ATOM_NONE; }
|
|
|
c4524d |
+ { $$ = xkb_atom_intern_literal(param->ctx, "shape"); }
|
|
|
c4524d |
| ROW
|
|
|
c4524d |
- { $$ = XKB_ATOM_NONE; }
|
|
|
c4524d |
+ { $$ = xkb_atom_intern_literal(param->ctx, "row"); }
|
|
|
c4524d |
| SECTION
|
|
|
c4524d |
- { $$ = XKB_ATOM_NONE; }
|
|
|
c4524d |
+ { $$ = xkb_atom_intern_literal(param->ctx, "section"); }
|
|
|
c4524d |
| TEXT
|
|
|
c4524d |
- { $$ = XKB_ATOM_NONE; }
|
|
|
c4524d |
+ { $$ = xkb_atom_intern_literal(param->ctx, "text"); }
|
|
|
c4524d |
;
|
|
|
c4524d |
|
|
|
c4524d |
OptMergeMode : MergeMode { $$ = $1; }
|
|
|
c4524d |
@@ -680,7 +680,7 @@ Terminal : String
|
|
|
c4524d |
| Integer
|
|
|
c4524d |
{ $$ = ExprCreateInteger($1); }
|
|
|
c4524d |
| Float
|
|
|
c4524d |
- { $$ = NULL; }
|
|
|
c4524d |
+ { $$ = ExprCreateFloat(/* Discard $1 */); }
|
|
|
c4524d |
| KEYNAME
|
|
|
c4524d |
{ $$ = ExprCreateKeyName($1); }
|
|
|
c4524d |
;
|
|
|
c4524d |
--
|
|
|
c4524d |
2.20.1
|