oddity in yyerrlab

[Andrew Suffield]

I'm not entirely sure what to make of this one. I've been working on
some code that assists in locating bounds errors, and it flagged an
error in the following lines of code in a bison-generated parser (part
of the yyerrlab section):

          /* Start YYX at -YYN if negative to avoid negative indexes in
             YYCHECK.  */
          for (yyx = yyn < 0 ? -yyn : 0;
               yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
            if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
              yysize += yystrlen (yytname[yyx]) + 15, yycount++;

The problem noted is that yycheck[yyx + yyn] has gone outside the
bounds of the yycheck array. Here's what I get from gdb:

yyn == 21, so yyx is iterating from 0 to
(sizeof (yytname) / sizeof(char *)) - 1 in increments of 1.

sizeof(yytname) is 88, sizeof(yytname) / sizeof(char *) is 22,
therefore yyx is iterating from 0 to 21.

(yyx + yyn) is therefore iterating from 21 to 42, which overruns the
end of yycheck. I can only presume that something is broken, but what
it is, and what effects it could have, I can't even speculate at.

I can reproduce this at will locally, but since trapping it involves a
patched version of gcc, it's rather difficult to provide a test case.

[I'm using the debian bison package of version 1.875, and there
doesn't seem to be anything relevant in the ChangeLog for cvs or
1.875a.]

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ | Dept. of Computing,
 `. `'                          | Imperial College,
   `-             -><-          | London, UK

pgpkCCBhgAwtu.pgp
Description: PGP signature