[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bison crash] Segmentation fault with symbol_code_props_get at src/s
|
From: |
Akim Demaille |
|
Subject: |
Re: [bison crash] Segmentation fault with symbol_code_props_get at src/symtab.c:457 |
|
Date: |
Fri, 6 Mar 2020 17:32:14 +0100 |
> Le 6 mars 2020 à 06:58, Ahcheong Lee <address@hidden> a écrit :
>
> Hello, this is Ahcheong Lee
> I'm currently working on a new fuzzing technique, and I found some crashes
> on GNU bison3.5.2.
Hi Ahcheong,
Thanks for the report! I will install the following fix in maint and master.
Cheers!
commit 641e326303753575664ca146fee7e9148d6bf5cf
Author: Akim Demaille <address@hidden>
Date: Fri Mar 6 09:05:52 2020 +0100
code: be robust to reference with invalid tags
Because we want to support $<a->b>$, we must accept -> in type tags,
and reject $<->$, as it is unfinished.
Reported by Ahcheong Lee.
* src/scan-code.l (yylex): Make sure "tag" does not end with -, since
-> does not close the tag.
* tests/input.at (Stray $ or @): Check this.
diff --git a/THANKS b/THANKS
index db54776a..d8ef2c0c 100644
--- a/THANKS
+++ b/THANKS
@@ -4,8 +4,9 @@ it is today without the invaluable help of these people:
Aaro Koskinen address@hidden
Аскар Сафин address@hidden
Adam Sampson address@hidden
+Ahcheong Lee address@hidden
Airy Andre address@hidden
-Akim Demaille address@hidden
+Akim Demaille address@hidden
Albert Chin-A-Young address@hidden
Alexander Belopolsky address@hidden
Alexandre Duret-Lutz address@hidden
diff --git a/src/scan-code.l b/src/scan-code.l
index 658c25b1..ef667146 100644
--- a/src/scan-code.l
+++ b/src/scan-code.l
@@ -81,7 +81,7 @@ static bool untyped_var_seen;
historically almost any character is allowed in a tag. We disallow
NUL and newline, as this simplifies our implementation. We allow
"->" as a means to dereference a pointer. */
-tag ([^\0\n>]|->)+
+tag ([^\0\n>]|->)*[^-]
/* Zero or more instances of backslash-newline. Following GCC, allow
white space between the backslash and the newline. */
diff --git a/tests/input.at b/tests/input.at
index c03b282f..b004ea9e 100644
--- a/tests/input.at
+++ b/tests/input.at
@@ -2548,7 +2548,9 @@ AT_DATA_GRAMMAR([[input.y]],
%printer { $%; @%; } <*> exp TOK;
%{ $ @ %} // Should not warn.
%%
-exp: TOK { $%; @%; $$ = $1; };
+exp: TOK { $%; @%; $$ = $1; }
+ | 'a' { $<->1; $$ = 1; }
+ | 'b' { $<foo->bar>$; }
%%
$ @ // Should not warn.
]])
@@ -2562,6 +2564,7 @@ input.y:13.19: warning: stray '$' [-Wother]
input.y:13.23: warning: stray '@' [-Wother]
input.y:16.19: warning: stray '$' [-Wother]
input.y:16.23: warning: stray '@' [-Wother]
+input.y:17.19: warning: stray '$' [-Wother]
]])
AT_BISON_OPTION_POPDEFS