I found this code *yyg->yy_state_ptr++ = yy_current_state; that may cause access to be out of bounds.
Because that's yy_state_ptr where the memory is requested from this
/* Create the reject buffer large enough to save one state per allowed character. */
if ( ! yyg->yy_state_buf )
yyg->yy_state_buf = (yy_state_type *)yyalloc(YY_STATE_BUF_SIZE , yyscanner);
if ( ! yyg->yy_state_buf )
YY_FATAL_ERROR( "out of dynamic memory in yylex()" );
/* Size of default input buffer. */
#ifndef YY_BUF_SIZE
#ifdef __ia64__
/* On IA-64, the buffer size is 16k, not 8k.
* Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
* Ditto for the __ia64__ case accordingly.
*/
#define YY_BUF_SIZE 32768
#else
#define YY_BUF_SIZE 16384
#endif /* __ia64__ */
#endif
So when I scan more than 32k of text, it coredumps
I apologize for not being able to provide my flex file, but I have found that the reason for the above code generation has to do with writing something maybe like this ([0-9]+|([0-9]*\.[0-9]+))/(a|b)
flex version:2.6.4
When I compile my .l file as a cpp file using flex, I find that the following code is generated
I found this code
*yyg->yy_state_ptr++ = yy_current_state;
that may cause access to be out of bounds. Because that'syy_state_ptr
where the memory is requested from thisand
YY_STATE_BUF_SIZE
define thisand
YY_BUF_SIZE
limit32768
So when I scan more than
32k
of text, itcoredumps
I apologize for not being able to provide my flex file, but I have found that the reason for the above code generation has to do with writing something maybe like this
([0-9]+|([0-9]*\.[0-9]+))/(a|b)