From bbf37f2534a8e5a6b4e28047f0a10903e6dc73f9 Mon Sep 17 00:00:00 2001
From: Akim Demaille <akim.demaille@gmail.com>
Date: Fri, 29 Mar 2019 22:37:51 +0100
Subject: lalr: fix segmentation violation

The "includes" relation [DeRemer 1982] is between gotos, so of course,
for a given goto, there cannot be more that ngotos (number of gotos)
images.  But we manipulate the set of images of a goto as a list,
without checking that an image was not already introduced.  So we can
"register" way more images than ngotos, leading to a crash (heap
buffer overflow).

Reported by wcventure.
http://lists.gnu.org/archive/html/bug-bison/2019-03/msg00007.html

For the records, this bug is present in the first committed version of
Bison.

* src/lalr.c (build_relations): Don't insert the same goto several
times.
* tests/sets.at (Build Relations): New.
---
 THANKS | 1 +
 1 file changed, 1 insertion(+)

(limited to 'THANKS')

diff --git a/THANKS b/THANKS
index 6ddfe694..3a8baf3f 100644
--- a/THANKS
+++ b/THANKS
@@ -176,6 +176,7 @@ Tommy Nordgren            tommy.nordgren@chello.se
 Troy A. Johnson           troyj@ecn.purdue.edu
 Tys Lefering              gccbison@gmail.com
 Valentin Tolmer           nitnelave1@gmail.com
+wcventure                 wcventure@126.com
 Victor Khomenko           victor.khomenko@newcastle.ac.uk
 Victor Zverovich          victor.zverovich@gmail.com
 Vin Shelton               acs@alumni.princeton.edu
-- 
cgit v1.2.1