From e566a24ae79cae87e37d947ae5f201307b315b99 Mon Sep 17 00:00:00 2001
From: Ulya Trofimovich <skvadrik@gmail.com>
Date: Thu, 15 Nov 2018 07:33:25 +0000
Subject: [PATCH] Fixed segfault cause by out of bounds access.

This fixes bug #227.
Found by american fuzzy lop (thanks to Henri Salo).
---
 re2c/src/ast/validate.cc            | 21 ++++++++++++++++-----
 re2c/test/american_fuzzy_lop/008.c  |  1 +
 re2c/test/american_fuzzy_lop/008.re |  3 +++
 3 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 re2c/test/american_fuzzy_lop/008.c
 create mode 100644 re2c/test/american_fuzzy_lop/008.re

diff --git a/re2c/src/ast/validate.cc b/re2c/src/ast/validate.cc
index 66ec19b0..1f735d8c 100644
--- a/re2c/src/ast/validate.cc
+++ b/re2c/src/ast/validate.cc
@@ -31,6 +31,7 @@ void validate_mode(Scanner::ParseMode mode, bool rflag, bool rules, Scanner &inp
 
 void validate_ast(const specs_t &specs, bool cflag)
 {
+    static const uint32_t NONE = ~0u;
     specs_t::const_iterator i,
         b = specs.begin(),
         e = specs.end();
@@ -46,16 +47,26 @@ void validate_ast(const specs_t &specs, bool cflag)
     if (!cflag) {
         for (i = b; i != e; ++i) {
             if (i->name != "") {
-                fatal_l(i->rules[0].code->fline,
-                    "conditions are only allowed with '-c', '--conditions' option");
+                const uint32_t l = !i->rules.empty()
+                    ? i->rules[0].code->fline : !i->defs.empty()
+                        ? i->defs[0]->fline : NONE;
+                if (l != NONE) {
+                    fatal_l(l, "conditions are only allowed with '-c', "
+                        "'--conditions' option");
+                }
+
             }
         }
     } else {
         for (i = b; i != e; ++i) {
             if (i->name == "") {
-                fatal_l(i->rules[0].code->fline,
-                    "non-conditional rules are not allowed"
-                    " with '-c', '--conditions' option");
+                const uint32_t l = !i->rules.empty()
+                    ? i->rules[0].code->fline : !i->defs.empty()
+                        ? i->defs[0]->fline : NONE;
+                if (l != NONE) {
+                    fatal_l(l, "non-conditional rules are not allowed with "
+                        "'-c', '--conditions' option");
+                }
             }
         }
 
diff --git a/re2c/test/american_fuzzy_lop/008.c b/re2c/test/american_fuzzy_lop/008.c
new file mode 100644
index 00000000..6d1d059d
--- /dev/null
+++ b/re2c/test/american_fuzzy_lop/008.c
@@ -0,0 +1 @@
+re2c: error: line 2: conditions are only allowed with '-c', '--conditions' option
diff --git a/re2c/test/american_fuzzy_lop/008.re b/re2c/test/american_fuzzy_lop/008.re
new file mode 100644
index 00000000..5cff2c05
--- /dev/null
+++ b/re2c/test/american_fuzzy_lop/008.re
@@ -0,0 +1,3 @@
+/*!re2c
+    <c> * {}
+*/
-- 
2.40.0