On Thu, Nov 26, 2015 at 01:03:22PM -0500, Michael McConville wrote:
> This nondeterministically underflows _sf_top_ix, causing a segfault:
>
> http://www.sccs.swarthmore.edu/users/16/mmcconv1/dump/crash.l
>
Looks like _sf_top_ix always underflows whenever there are extra closing
parentheses in the rules section. The nondeterministic behavior is
probably heap layout related.
I've taken your suggestion and updated scan.l to give a syntax error
when there is an unbalanced parenthesis, which fixes the issue:
Index: scan.l
===================================================================
RCS file: /cvs/src/usr.bin/lex/scan.l,v
retrieving revision 1.12
diff -u -p -r1.12 scan.l
--- scan.l 19 Nov 2015 23:34:56 -0000 1.12
+++ scan.l 30 Nov 2015 21:19:44 -0000
@@ -741,7 +741,13 @@ nmstr[yyleng - 2 - end_is_ws] = '\0'; /
return '(';
}
"(" sf_push(); return '(';
- ")" sf_pop(); return ')';
+ ")" {
+ if (_sf_top_ix > 0) {
+ sf_pop();
+ return ')';
+ } else
+ synerr(_("unbalanced parenthesis"));
+ }
[/|*+?.(){}] return (unsigned char) yytext[0];
. RETURNCHAR;
