From 2f40423a211b2165734949f6ee9df9d42a8a12ac Mon Sep 17 00:00:00 2001
From: meigelb <94784984+meigelb@users.noreply.github.com>
Date: Sat, 27 Nov 2021 00:34:22 +0100
Subject: [PATCH 1/2] fix currentExpression to be consistent with i

---
 src/rules/events.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/rules/events.c b/src/rules/events.c
index 25d62c7..5d839e4 100644
--- a/src/rules/events.c
+++ b/src/rules/events.c
@@ -601,7 +601,7 @@ static unsigned int reduceExpressionSequence(ruleset *tree,
                                           messageObject,
                                           context,
                                           targetProperty));
-            ++*i;
+            ++*i;  // increment to next expression makes currentExpression invalid
         }
 
         if (targetProperty->type != JSON_BOOL) {
@@ -611,6 +611,8 @@ static unsigned int reduceExpressionSequence(ruleset *tree,
 
         if ((operator == OP_AND && !targetProperty->value.b) || 
             (operator == OP_OR && targetProperty->value.b)) {
+            // after reduceExpression() index i moved on to next currentExpression
+            currentExpression = &exprs->expressions[*i];
             while (currentExpression->operator != OP_END) {
                 ++*i;
                 currentExpression = &exprs->expressions[*i];

From 71de69807d38960c6eb7571003308a9ea5a0d8e2 Mon Sep 17 00:00:00 2001
From: meigelb <94784984+meigelb@users.noreply.github.com>
Date: Sat, 27 Nov 2021 00:47:41 +0100
Subject: [PATCH 2/2] add boundary checks to avoid out-of-bounds access

---
 src/rules/events.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/rules/events.c b/src/rules/events.c
index 5d839e4..ae5f1f1 100644
--- a/src/rules/events.c
+++ b/src/rules/events.c
@@ -609,12 +609,12 @@ static unsigned int reduceExpressionSequence(ruleset *tree,
         }
         
 
-        if ((operator == OP_AND && !targetProperty->value.b) || 
-            (operator == OP_OR && targetProperty->value.b)) {
+        if ((((operator == OP_AND) && !targetProperty->value.b) || 
+             ((operator == OP_OR)  &&  targetProperty->value.b))
+            && (*i < exprs->length)) {
             // after reduceExpression() index i moved on to next currentExpression
             currentExpression = &exprs->expressions[*i];
-            while (currentExpression->operator != OP_END) {
-                ++*i;
+            while ((currentExpression->operator != OP_END) && (++*i < exprs->length)) {
                 currentExpression = &exprs->expressions[*i];
             }
             return RULES_OK;