https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106101
--- Comment #30 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Andrew Pinski from comment #29)
> (In reply to Florian Weimer from comment #28)
> > (In reply to Richard Biener from comment #1)
> > > Created attachment 53207 [details]
> > > reduced testcase
> >
> > Do you happen to have the unreduced test case still?
> >
> > int *yyvsp = 0;
> >
> > followed by:
> >
> > if (strncmp( yyvsp[0], "~", 1) == 0) {
> >
> > and
> >
> > free(yyvsp[0]);
> >
> > looks rather bogus.
>
> You can make `yyvsp` and argument if you are worried about the null pointer
> and you still get the crash back in 12.1.0.
> That is:
> ```
> int yyparse (int *yyvsp)
> {
> int yystate = 0;
> ```
>
> See https://godbolt.org/z/9YMsar1Ej .
And you can even make it a pointer to a pointer of char to hit the same bug to
get around the even more fuzziness of freeing an int rather than a pointer:
```
int yyparse (char **yyvsp)
```
See https://godbolt.org/z/v7xKxWE3K
