Skip to content
Permalink
Browse files Browse the repository at this point in the history
xkbcomp: fix stack overflow when evaluating boolean negation
The expression evaluator would go into an infinite recursion when
evaluating something like this as a boolean: `!True`. Instead of
recursing to just `True` and negating, it recursed to `!True` itself
again.

Bug inherited from xkbcomp.

Caught with the afl fuzzer.

Signed-off-by: Ran Benita <ran234@gmail.com>
  • Loading branch information
bluetech committed Jul 30, 2018
1 parent 2cb5c2a commit 1f9d124
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/xkbcomp/expr.c
Expand Up @@ -165,7 +165,7 @@ ExprResolveBoolean(struct xkb_context *ctx, const ExprDef *expr,

case EXPR_INVERT:
case EXPR_NOT:
ok = ExprResolveBoolean(ctx, expr, set_rtrn);
ok = ExprResolveBoolean(ctx, expr->unary.child, set_rtrn);
if (ok)
*set_rtrn = !*set_rtrn;
return ok;
Expand Down

1 comment on commit 1f9d124

@msmeissn
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.