whydoubt
commented
7 years ago As I had indicated, this is related to #194 . However, I believe this issue requires extra work to fix.
Open taphqyu opened 7 years ago
whydoubt
commented
7 years ago As I had indicated, this is related to #194 . However, I believe this issue requires extra work to fix.
Explorer09
commented
7 years ago Dammit. No! #133 and #194 are different!
westes
commented
7 years ago Oops, you're quite right. I got caught up in the paperwork and was moving too quickly yesterday.
saschmit
commented
4 years ago On the other hand, the lack of an enforced abort()/exit() caused Grub's YY_FATAL_ERROR handler to allow a buffer overflow: https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Hey there, thanks for maintaining flex! I noticed that the default YY_FATAL_ERROR macro calls exit(). This doesn't feel right for something that's often going to be built into a low-level part of another program -- there should be a way to report the error out, and have the containing program decide what to do.
I don't see a way to provide an alternate YY_FATAL_ERROR definition right now because the macro is called in many different places with different semantics. For example, it's called from different helper functions that all return different data types, relying on the fact that YY_FATAL_ERROR never returns.
Would it be possible to refactor the fatal error reporting so that a user of flex can avoid calling exit()? For example, if I could provide a YY_FATAL_ERROR definition that let me store the error message in my yyextra, and then return 0 from yylex(), that would meet my need. Thanks!