xkbcomp: fix stack overflow when evaluating boolean negation

The expression evaluator would go into an infinite recursion when
evaluating something like this as a boolean: `!True`. Instead of
recursing to just `True` and negating, it recursed to `!True` itself
again.

Bug inherited from xkbcomp.

Caught with the afl fuzzer.

Signed-off-by: Ran Benita <ran234@gmail.com>

diff --git a/src/xkbcomp/expr.c b/src/xkbcomp/expr.c
index 3ff3c18eef81caf424a122f96338f28c2b987ce1..5d43cbaa9b8536893f5ed2bc1106371a9e5aab20 100644 (file)
--- a/src/xkbcomp/expr.c
+++ b/src/xkbcomp/expr.c
@@ -165,7 +165,7 @@ ExprResolveBoolean(struct xkb_context *ctx, const ExprDef *expr,
 
     case EXPR_INVERT:
     case EXPR_NOT:
-        ok = ExprResolveBoolean(ctx, expr, set_rtrn);
+        ok = ExprResolveBoolean(ctx, expr->unary.child, set_rtrn);
         if (ok)
             *set_rtrn = !*set_rtrn;
         return ok;