Hello, I would like to report a bug in Bison v3.4.1.
When Bison is started with a flag that suppresses warning messages, the error_message() function can produce a few gigabytes of indentation because of a dangling pointer. Reproduction: test.y: %define api.pure %pure-parser %error-verbose %% start : ; %% $ bison -Wno-other test.y One of the invocations of complains() is coming from muscle_percent_define_insert() through complain_indent(), where the global variable indent_ptr is set to a stack address. Since indent_ptr is set to NULL only in error_message(), and this function is not always called due to the warning suppression, the next invocation of error_message() will dereference indent_ptr, which will point to garbage. Valgrind output: ==6198== Conditional jump or move depends on uninitialised value(s) ==6198== at 0x110D44: error_message (complain.c:413) ==6198== by 0x110D44: complains (complain.c:465) ==6198== by 0x11162E: complain (complain.c:477) ==6198== by 0x111920: deprecated_directive (complain.c:532) ==6198== by 0x11EC8F: muscle_percent_define_insert (muscle-tab.c:543) ==6198== by 0x12B502: handle_error_verbose (parse-gram.y:889) ==6198== by 0x12B502: gram_parse (parse-gram.y:330) ==6198== by 0x12F58A: reader (reader.c:737) ==6198== by 0x10D8E4: main (main.c:104) -- László Várady