From 539ddd41d4432ce65f3ea79459c50c8a876a0ea7 Mon Sep 17 00:00:00 2001 From: otto Date: Tue, 8 Jul 2008 15:06:50 +0000 Subject: [PATCH] Fix an venerable bug: if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action. Detected by my new malloc, experienced by sturm@ on sparc64; ok deraadt@ --- usr.bin/yacc/skeleton.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/usr.bin/yacc/skeleton.c b/usr.bin/yacc/skeleton.c index 2b1739f2697..082ae29d39d 100644 --- a/usr.bin/yacc/skeleton.c +++ b/usr.bin/yacc/skeleton.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $ */ +/* $OpenBSD: skeleton.c,v 1.29 2008/07/08 15:06:50 otto Exp $ */ /* $NetBSD: skeleton.c,v 1.10 1996/03/25 00:36:18 mrg Exp $ */ /* @@ -63,9 +63,10 @@ char *banner[] = "#if __GNUC__ >= 2", " __attribute__ ((unused))", "#endif /* __GNUC__ >= 2 */", - " = \"$OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $\";", + " = \"$OpenBSD: skeleton.c,v 1.29 2008/07/08 15:06:50 otto Exp $\";", "#endif", "#include ", + "#include ", "#define YYBYACC 1", "#define YYMAJOR 1", "#define YYMINOR 9", @@ -346,7 +347,10 @@ char *body[] = " YYPREFIX, yystate, yyn, yyrule[yyn]);", "#endif", " yym = yylen[yyn];", - " yyval = yyvsp[1-yym];", + " if (yym)", + " yyval = yyvsp[1-yym];", + " else", + " memset(&yyval, 0, sizeof yyval);", " switch (yyn)", " {", 0 -- 2.20.1