[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug report] NULL-pointer deference issue in quotearg_buffer_restyle
From: |
Akim Demaille |
Subject: |
Re: [bug report] NULL-pointer deference issue in quotearg_buffer_restyled in lib/quotearg.c in Bison 3.3 |
Date: |
Sat, 30 Mar 2019 09:43:53 +0100 |
Hi!
> Le 28 mars 2019 à 15:50, wcventure <address@hidden> a écrit :
>
> Hi there,
>
>
> Our fuzzer found some NULL-pointer deference issue in
> quotearg_buffer_restyled in lib/quotearg.c in Bison 3.3, the recent release
> version.
> A crafted input file can cause segment faults and I have confirmed them with
> address sanitizer too.
This one was easier to solve. Thanks for the report!
commit f39c813c18cf62826ec9ed00ca568e75eae6431a
Author: Akim Demaille <address@hidden>
Date: Sat Mar 30 09:37:22 2019 +0100
diagnostics: don't crash when declaring the token error as an nterm
Reported by wcventure.
http://lists.gnu.org/archive/html/bug-bison/2019-03/msg00008.html
* src/symtab.c (complain_class_redeclared): Don't print empty
locations.
There can only be empty locations for predefined symbols. And the
only symbol that is lexically available is the error token. So this
appears to be the only possible way to have an error involving an
empty location.
* tests/input.at (Symbol class redefinition): Check it.
diff --git a/src/symtab.c b/src/symtab.c
index 14c672b6..dd2a3d53 100644
--- a/src/symtab.c
+++ b/src/symtab.c
@@ -309,9 +309,12 @@ complain_class_redeclared (symbol *sym, symbol_class
class, location second)
class == token_sym
? _("symbol %s redeclared as a token")
: _("symbol %s redeclared as a nonterminal"), sym->tag);
- i += SUB_INDENT;
- complain_indent (&sym->location, complaint, &i,
- _("previous definition"));
+ if (!location_empty (sym->location))
+ {
+ i += SUB_INDENT;
+ complain_indent (&sym->location, complaint, &i,
+ _("previous definition"));
+ }
}
diff --git a/tests/input.at b/tests/input.at
index 312aa5a9..70c0cecc 100644
--- a/tests/input.at
+++ b/tests/input.at
@@ -625,6 +625,7 @@ AT_DATA([[input.y]],
[[%token FOO
%nterm FOO BAR
%token BAR
+%nterm error // The token error cannot be redefined as an nterm.
%%
FOO: BAR
BAR:
@@ -643,7 +644,10 @@ input.y:3.8-10: error: symbol BAR redeclared as a token
input.y:2.12-14: previous definition
%nterm FOO BAR
^~~
-input.y:5.1-3: error: rule given for FOO, which is a token
+input.y:4.8-12: error: symbol error redeclared as a nonterminal
+ %nterm error // The token error cannot be redefined as an nterm.
+ ^~~~~
+input.y:6.1-3: error: rule given for FOO, which is a token
FOO: BAR
^~~
]])