rpms / libxkbcommon

Clone
Source Code
GIT

Blame SOURCES/0009-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch

c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   a2d0a12cd8d0940d3fe7aaae16b8c8a4fe40f5cd
  2.   SOURCES
  3.   0009-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch
Blob History Raw
a2d0a1 
From 29cfb4789d5b194f1b6f296ce4b4756a259ae0c4 Mon Sep 17 00:00:00 2001
a2d0a1 
From: Ran Benita <ran234@gmail.com>
a2d0a1 
Date: Sat, 10 Mar 2018 23:10:47 +0200
a2d0a1 
Subject: [PATCH 09/10] xkbcomp: fix stack overflow when evaluating boolean
a2d0a1 
 negation
a2d0a1
a2d0a1 
The expression evaluator would go into an infinite recursion when
a2d0a1 
evaluating something like this as a boolean: `!True`. Instead of
a2d0a1 
recursing to just `True` and negating, it recursed to `!True` itself
a2d0a1 
again.
a2d0a1
a2d0a1 
Bug inherited from xkbcomp.
a2d0a1
a2d0a1 
Caught with the afl fuzzer.
a2d0a1
a2d0a1 
Signed-off-by: Ran Benita <ran234@gmail.com>
a2d0a1 
(cherry picked from commit 1f9d1248c07cda8aaff762429c0dce146de8632a)
a2d0a1 
---
a2d0a1 
 src/xkbcomp/expr.c | 2 +-
a2d0a1 
 1 file changed, 1 insertion(+), 1 deletion(-)
a2d0a1
a2d0a1 
diff --git a/src/xkbcomp/expr.c b/src/xkbcomp/expr.c
a2d0a1 
index 07d67e9..6640ed0 100644
a2d0a1 
--- a/src/xkbcomp/expr.c
a2d0a1 
+++ b/src/xkbcomp/expr.c
a2d0a1 
@@ -167,7 +167,7 @@ ExprResolveBoolean(struct xkb_context *ctx, const ExprDef *expr,
a2d0a1
a2d0a1 
     case EXPR_INVERT:
a2d0a1 
     case EXPR_NOT:
a2d0a1 
-        ok = ExprResolveBoolean(ctx, expr, set_rtrn);
a2d0a1 
+        ok = ExprResolveBoolean(ctx, expr->unary.child, set_rtrn);
a2d0a1 
         if (ok)
a2d0a1 
             *set_rtrn = !*set_rtrn;
a2d0a1 
         return ok;
a2d0a1 
--
a2d0a1 
2.20.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation