Package: bison
Version: 2:3.0.4.dfsg-1
Severity: normal
Tags: upstream
Hi,
if an empty rule matches, but calls YYERROR, the parser catches a
segmentation fault in the line
yyerror_range[1].location = yystack_[yylen - 1].location;
inside the error handling, because yylen is 0, (yylen-1) underflows as a 32
bit unsigned value, so the array is accessed at yystack_[4294967295].
On 32 bit system, there is still an invalid access, but this is usually not
detected.
Simon
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages bison depends on:
ii libbison-dev 2:3.0.4.dfsg-1
ii libc6 2.24-7
ii m4 1.4.17-5
bison recommends no packages.
Versions of packages bison suggests:
pn bison-doc <none>
-- no debconf information
