On Wed, 11 Jan 2017 20:50:16 +0100 Simon Richter <s...@debian.org> wrote: > Package: bison > Version: 2:3.0.4.dfsg-1 > Severity: normal > Tags: upstream > > Hi, > > if an empty rule matches, but calls YYERROR, the parser catches a > segmentation fault in the line > > yyerror_range[1].location = yystack_[yylen - 1].location; > > inside the error handling, because yylen is 0, (yylen-1) underflows as a 32 > bit unsigned value, so the array is accessed at yystack_[4294967295]. > > On 32 bit system, there is still an invalid access, but this is usually not > detected. > > Simon
This was fixed in Bison 3.0.5. Since then, versions 3.1 and 3.2 were released.