Package: flex
Version: 2.5.39-5
Usertags: goto-cc

During an analysis of all packages using our research compiler tool-chain (using
tools from the cbmc package) the following error was found:

The function testerror (generated from yyerror) requires 2 arguments:

http://sources.debian.net/src/flex/2.5.39-5/tests/test-bison-yylloc/parser.y?hl=92#L92

Yet the call at line 81 of the same file only passes a string, which will thus
implicitly be converted to void*, used as first argument, and the second
argument will be arbitrary, resulting from stack underflow.

In addition to this issue, the generated yyparse/testparse invokes testerror in
fact with 3 arguments:

testerror(&yylloc, scanner, (const void *)"memory exhausted");

This should be fixed as well.

Best,
Michael

Attachment: pgpJ0HBAGrrpg.pgp
Description: PGP signature

Reply via email to