yacc(1) causes a fault -- "fault VA = 0xa5a5a5b1"
Scott Long
scottl at samsco.org
Wed May 9 18:33:33 UTC 2007
Wojciech A. Koszek wrote:
> Hi,
>
> I have a file:
>
> http://people.freebsd.org/~wkoszek/traces/grammar.y
>
> I run this command:
>
> yacc -d -o grammar.c grammar.y
>
> While I get a following warning on RELENG_6 machines:
>
> $ yacc -d -o grammar.c grammar.y
> yacc: w - line 36 of "grammar.y", the default action assigns an
> undefined value to $$
> yacc: w - the symbol NUMBER is undefined
>
> On various -CURRENT boxes I see:
>
> $ yacc -d -o grammar.c grammar.y
> fatal process exception: page fault, fault VA = 0xa5a5a5b1
> zsh: segmentation fault (core dumped) yacc -d -o grammar.c grammar.y
>
> Sounds like a regression in malloc(3) ?
>
> Thanks,
>
No, that looks like a use-after-free, with malloc filling the freed
memory with trash. It's a debugging option that is turned off in
RELENG_N branches and left on in HEAD, for precisely this reason.
Scott
More information about the freebsd-current
mailing list