Date: Wed, 09 May 2007 12:33:24 -0600 From: Scott Long <scottl@samsco.org> To: "Wojciech A. Koszek" <wkoszek@FreeBSD.org>, freebsd-current@FreeBSD.org, jasone@FreeBSD.org Subject: Re: yacc(1) causes a fault -- "fault VA = 0xa5a5a5b1" Message-ID: <464213F4.5030704@samsco.org> In-Reply-To: <20070509185905.GA29365@FreeBSD.czest.pl> References: <20070509185905.GA29365@FreeBSD.czest.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech A. Koszek wrote: > Hi, > > I have a file: > > http://people.freebsd.org/~wkoszek/traces/grammar.y > > I run this command: > > yacc -d -o grammar.c grammar.y > > While I get a following warning on RELENG_6 machines: > > $ yacc -d -o grammar.c grammar.y > yacc: w - line 36 of "grammar.y", the default action assigns an > undefined value to $$ > yacc: w - the symbol NUMBER is undefined > > On various -CURRENT boxes I see: > > $ yacc -d -o grammar.c grammar.y > fatal process exception: page fault, fault VA = 0xa5a5a5b1 > zsh: segmentation fault (core dumped) yacc -d -o grammar.c grammar.y > > Sounds like a regression in malloc(3) ? > > Thanks, > No, that looks like a use-after-free, with malloc filling the freed memory with trash. It's a debugging option that is turned off in RELENG_N branches and left on in HEAD, for precisely this reason. Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464213F4.5030704>