[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bison v3.4.1 prints a few gigabytes of spaces
From: |
lvarady |
Subject: |
Bison v3.4.1 prints a few gigabytes of spaces |
Date: |
Tue, 6 Aug 2019 16:40:00 +0000 |
Hello,
I would like to report a bug in Bison v3.4.1.
When Bison is started with a flag that suppresses warning messages, the
error_message() function can produce a few gigabytes of indentation because of
a dangling pointer.
Reproduction:
test.y:
%define api.pure
%pure-parser
%error-verbose
%%
start : ;
%%
$ bison -Wno-other test.y
One of the invocations of complains() is coming from
muscle_percent_define_insert() through complain_indent(), where the global
variable indent_ptr is set to a stack address. Since indent_ptr is set to
NULL only in error_message(), and this function is not always called due to the
warning suppression, the next invocation of error_message() will dereference
indent_ptr, which will point to garbage.
Valgrind output:
==6198== Conditional jump or move depends on uninitialised value(s)
==6198== at 0x110D44: error_message (complain.c:413)
==6198== by 0x110D44: complains (complain.c:465)
==6198== by 0x11162E: complain (complain.c:477)
==6198== by 0x111920: deprecated_directive (complain.c:532)
==6198== by 0x11EC8F: muscle_percent_define_insert (muscle-tab.c:543)
==6198== by 0x12B502: handle_error_verbose (parse-gram.y:889)
==6198== by 0x12B502: gram_parse (parse-gram.y:330)
==6198== by 0x12F58A: reader (reader.c:737)
==6198== by 0x10D8E4: main (main.c:104)
--
László Várady
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bison v3.4.1 prints a few gigabytes of spaces,
lvarady <=