Steps to reproduce:
$ echo -ne "&\x00" > A
$ re2c A
Segmentation fault
Analyses: when re2c finds NULL in the input file, it checks for the
end of input; if indeed it has reached the end of input, it stops.
Otherwise, it's just some NULL byte in the middle of input; it should
be handled like any other character.
The first case (NULL as end of input) was handled correctly, but
in the second case (NULL in the middle of input) re2c crashed:
someone forgot to put an appropriate 'goto' statement, which caused
completely ad-hoc control flow in lexer.
-/* Generated by re2c 0.16 on Thu Jan 21 10:47:47 2016 */
+/* Generated by re2c 0.16 on Wed May 11 15:12:59 2016 */
#line 1 "../src/parse/lex.re"
#include "src/util/c99_stdint.h"
#include <stddef.h>
++YYCURSOR;
#line 202 "../src/parse/lex.re"
{
- if (!ignore_eoc && opts->target == opt_t::CODE)
- {
- out.wraw(tok, tok_len () - 1);
- // -1 so we don't write out the \0
- }
- if(cur == eof)
- {
+ if(cur == eof) {
+ if (!ignore_eoc && opts->target == opt_t::CODE) {
+ out.wraw(tok, tok_len () - 1);
+ // -1 so we don't write out the \0
+ }
return Stop;
+ } else {
+ goto echo;
}
}
#line 132 "src/parse/lex.cc"
goto echo;
}
zero {
- if (!ignore_eoc && opts->target == opt_t::CODE)
- {
- out.wraw(tok, tok_len () - 1);
- // -1 so we don't write out the \0
- }
- if(cur == eof)
- {
+ if(cur == eof) {
+ if (!ignore_eoc && opts->target == opt_t::CODE) {
+ out.wraw(tok, tok_len () - 1);
+ // -1 so we don't write out the \0
+ }
return Stop;
+ } else {
+ goto echo;
}
}
* {
projects / re2c / commitdiff