From: Alexey Gladkov <legion@kernel.org>
To: Krdyan Areg <areg.krdian@gmail.com>
Cc: kbd@lists.linux.dev
Subject: Re: [PATCH 1/4] libkeymap: prevent NULL dereference in parser
Date: Sun, 15 Feb 2026 18:34:18 +0100 [thread overview]
Message-ID: <aZIDmv7HkLH7q-bg@example.org> (raw)
In-Reply-To: <20260214172813.1075064-1-areg.krdian@gmail.com>
On Sat, Feb 14, 2026 at 08:27:30PM +0300, Krdyan Areg wrote:
> The parser accesses ctx->key_line array elements without checking if
> lk_array_get() returns NULL, which can lead to crashes.
>
> Add NULL checks before dereferencing array values.
>
> Signed-off-by: Krdyan Areg areg.krdian@gmail.com
> ---
> src/libkeymap/parser.y | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/src/libkeymap/parser.y b/src/libkeymap/parser.y
> index 2cd509f..a87fb54 100644
> --- a/src/libkeymap/parser.y
> +++ b/src/libkeymap/parser.y
> @@ -320,6 +320,9 @@ singleline : KEYCODE NUMBER EQUALS rvalue0 EOL
>
> if (i < ctx->key_line->count) {
> val = lk_array_get(ctx->key_line, i);
> + if (!val)
> + YYERROR;
> +
I do not think this change is needed right now. In these parser paths,
lk_array_get() is used with indices bounded by ctx->key_line->count, and
count is built only through lk_array_append().
I already fixed in master the real failure by checking lk_array_append()
and aborting on OOM.
So this patch mostly adds defensive checks for an internal-corruption
scenario, rather than fixing a practical bug in normal execution.
> keycode = *val;
> }
>
> @@ -338,7 +341,7 @@ singleline : KEYCODE NUMBER EQUALS rvalue0 EOL
> for (i = 0; i < ctx->key_line->count; i++) {
> val = lk_array_get(ctx->key_line, i);
>
> - if (lk_add_key(ctx, i, $2, *val) < 0)
> + if (!val || lk_add_key(ctx, i, $2, *val) < 0)
> YYERROR;
> }
> }
> --
> 2.52.0
>
--
Rgrds, legion
prev parent reply other threads:[~2026-02-15 17:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-14 17:27 [PATCH 1/4] libkeymap: prevent NULL dereference in parser Krdyan Areg
2026-02-14 17:27 ` [PATCH 2/4] kbdfile: remove redundant NULL check in findfile_by_fullname Krdyan Areg
2026-02-14 17:27 ` [PATCH 3/4] libkeymap: add NULL check in kt_latin symbol lookup Krdyan Areg
2026-02-14 17:27 ` [PATCH 4/4] libkeymap: add NULL check in lk_dump_ctable diacritical loop Krdyan Areg
2026-02-14 23:08 ` Alexey Gladkov
2026-02-15 8:04 ` Areg Krdyan
2026-02-15 17:49 ` Alexey Gladkov
2026-02-15 17:34 ` Alexey Gladkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZIDmv7HkLH7q-bg@example.org \
--to=legion@kernel.org \
--cc=areg.krdian@gmail.com \
--cc=kbd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.