You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/12/08 07:56:02 UTC
[Bug 55856] New: YYEMPTY (-2) used as index into yytname (const
array of messages)
https://issues.apache.org/bugzilla/show_bug.cgi?id=55856
Bug ID: 55856
Summary: YYEMPTY (-2) used as index into yytname (const array
of messages)
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: jaredlwong@gmail.com
Created attachment 31101
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31101&action=edit
The Patch
In server/util_expr_parse.c there is a bug in the handling of yytoken when
yytoken is equal to YYEMPTY. YYEMPTY is set to -2. The only place this
function, yysyntax_error, is used is in yyparse's section for yyerrlab. In
yyerrlab, yytoken is set as:
yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
Clearly, when yysyntax_error is called yytoken may be YYEMPTY. When yytnamerr
is called with the value of yytname[yytoken], it is undefined what will happen.
I have included the patch I think needs to be made below. I'm not completely
sure, however, of this fix. Regardless, this is a bug.
----- patch -----
Index: server/util_expr_parse.c
===================================================================
--- server/util_expr_parse.c (revision 1548995)
+++ server/util_expr_parse.c (working copy)
@@ -1054,7 +1054,8 @@
yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
yytype_int16 *yyssp, int yytoken)
{
- YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
+ YYSIZE_T yysize0 = yytoken == YYEMPTY
+ ? 0 : yytnamerr (YY_NULL, yytname[yytoken]);
YYSIZE_T yysize = yysize0;
enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
/* Internationalized format string. */
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org