Re: [bug report] NULL-pointer deference issue in quotearg_buffer_restyled in lib/quotearg.c in Bison 3.3

Sat, 30 Mar 2019 01:44:58 -0700 

Hi!

> Le 28 mars 2019 à 15:50, wcventure <wcvent...@126.com> a écrit :
> 
> Hi there, 
> 
> 
> Our fuzzer found some NULL-pointer deference issue in 
> quotearg_buffer_restyled in lib/quotearg.c in Bison 3.3, the recent release 
> version. 
> A crafted input file can cause segment faults and I have confirmed them with 
> address sanitizer too.

This one was easier to solve.  Thanks for the report!

commit f39c813c18cf62826ec9ed00ca568e75eae6431a
Author: Akim Demaille <akim.demai...@gmail.com>
Date:   Sat Mar 30 09:37:22 2019 +0100

    diagnostics: don't crash when declaring the token error as an nterm
    
    Reported by wcventure.
    http://lists.gnu.org/archive/html/bug-bison/2019-03/msg00008.html
    
    * src/symtab.c (complain_class_redeclared): Don't print empty
    locations.
    There can only be empty locations for predefined symbols.  And the
    only symbol that is lexically available is the error token.  So this
    appears to be the only possible way to have an error involving an
    empty location.
    * tests/input.at (Symbol class redefinition): Check it.

diff --git a/src/symtab.c b/src/symtab.c
index 14c672b6..dd2a3d53 100644
--- a/src/symtab.c
+++ b/src/symtab.c
@@ -309,9 +309,12 @@ complain_class_redeclared (symbol *sym, symbol_class 
class, location second)
                    class == token_sym
                    ? _("symbol %s redeclared as a token")
                    : _("symbol %s redeclared as a nonterminal"), sym->tag);
-  i += SUB_INDENT;
-  complain_indent (&sym->location, complaint, &i,
-                   _("previous definition"));
+  if (!location_empty (sym->location))
+    {
+      i += SUB_INDENT;
+      complain_indent (&sym->location, complaint, &i,
+                       _("previous definition"));
+    }
 }
 
 
diff --git a/tests/input.at b/tests/input.at
index 312aa5a9..70c0cecc 100644
--- a/tests/input.at
+++ b/tests/input.at
@@ -625,6 +625,7 @@ AT_DATA([[input.y]],
 [[%token FOO
 %nterm FOO BAR
 %token BAR
+%nterm error // The token error cannot be redefined as an nterm.
 %%
 FOO: BAR
 BAR:
@@ -643,7 +644,10 @@ input.y:3.8-10: error: symbol BAR redeclared as a token
 input.y:2.12-14:    previous definition
  %nterm FOO BAR
             ^~~
-input.y:5.1-3: error: rule given for FOO, which is a token
+input.y:4.8-12: error: symbol error redeclared as a nonterminal
+ %nterm error // The token error cannot be redefined as an nterm.
+        ^~~~~
+input.y:6.1-3: error: rule given for FOO, which is a token
  FOO: BAR
  ^~~
 ]])

Reply via email to