From c342635409cd687da0eda323ef4f165b11565052 Mon Sep 17 00:00:00 2001
From: Daniel Stone <daniels@collabora.com>
Date: Mon, 26 Jun 2017 17:21:45 +0100
Subject: [PATCH 2/5] xkbcomp: Don't falsely promise from ExprResolveLhs

Every user of ExprReturnLhs goes on to unconditionally dereference the
field return, which can be NULL if xkb_intern_atom fails. Return false
if this is the case, so we fail safely.

Testcase: splice geometry data into interp

CVE-2018-15861

Identical to libxkbcommon commit 38e1766bc6e20108948aec8a0b222a4bad0254e9
https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9

Part-of: <https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/merge_requests/38>
---
 expr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/expr.c b/expr.c
index f31f412..3df9d8f 100644
--- a/expr.c
+++ b/expr.c
@@ -136,7 +136,7 @@ ExprResolveLhs(const ExprDef *expr, ExprResult *elem_rtrn,
         elem_rtrn->str = NULL;
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.str);
         *index_rtrn = NULL;
-        return True;
+        return (field_rtrn->str != NULL);
     case ExprFieldRef:
         elem_rtrn->str = XkbAtomGetString(NULL, expr->value.field.element);
         field_rtrn->str = XkbAtomGetString(NULL, expr->value.field.field);
-- 
2.51.0