In gram.y when an error is found, the variable linelim is set to -1. My understanding of YACC / Bison is limited but it seems that parsing continues and the lookahead token is updated, which calls yylex, which then does out-of-bounds pointer arithmetic on the first line: char * p = line + linelim;. Since yyparse is only called on single lines, a solution may be to call YYABORT on error to stop parsing the rest of that line.
I found this by compiling with zig cc, which would generate SIGILL when this happened, and tracking that down with gdb.
andmarti1424
commented
1 year ago
In
gram.ywhen an error is found, the variablelinelimis set to -1. My understanding of YACC / Bison is limited but it seems that parsing continues and the lookahead token is updated, which calls yylex, which then does out-of-bounds pointer arithmetic on the first line:char * p = line + linelim;. Since yyparse is only called on single lines, a solution may be to callYYABORTon error to stop parsing the rest of that line.I found this by compiling with
zig cc, which would generate SIGILL when this happened, and tracking that down with gdb.