From d7e14fc000458de046cfcded04c2fe8438f63919 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 22 Dec 2004 21:19:47 +0000
Subject: [PATCH] * NEWS: Bison-generated parsers no longer default to using
 the alloca function (when available) to extend the parser stack, due to
 widespread problems in unchecked stack-overflow detection. * data/glr.c
 (YYMAXDEPTH): Remove undef when zero.  It's the user's responsibility to set
 it to a positive value.  This lets the user specify a value that is not a
 preprocessor constant. * data/yacc.c (YYMAXDEPTH): Likewise. (YYSTACK_ALLOC):
 Define only if YYSTACK_USE_ALLOCA is nonzero. * doc/bison.texinfo (Stack
 Overflow): YYMAXDEPTH no longer needs to be a compile-time constant. 
 However, explain the constraints on it. Also, explain the constraints on
 YYINITDEPTH. (Table of Symbols): Explain that alloca is no longer the
 default. Explain the user's responsibility if they define YYSTACK_USE_ALLOCA
 to 1.

---
 ChangeLog         | 15 +++++++++++++++
 NEWS              |  6 ++++++
 data/glr.c        |  4 ----
 data/yacc.c       | 12 ++----------
 doc/bison.texinfo | 38 +++++++++++++++++++++++++++++++-------
 5 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 19a3134..f2a114f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
 2004-12-22  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* NEWS: Bison-generated parsers no longer default to using the
+	alloca function (when available) to extend the parser stack, due
+	to widespread problems in unchecked stack-overflow detection.
+	* data/glr.c (YYMAXDEPTH): Remove undef when zero.  It's the user's
+	responsibility to set it to a positive value.  This lets the user
+	specify a value that is not a preprocessor constant.
+	* data/yacc.c (YYMAXDEPTH): Likewise.
+	(YYSTACK_ALLOC): Define only if YYSTACK_USE_ALLOCA is nonzero.
+	* doc/bison.texinfo (Stack Overflow): YYMAXDEPTH no longer needs
+	to be a compile-time constant.  However, explain the constraints on it.
+	Also, explain the constraints on YYINITDEPTH.
+	(Table of Symbols): Explain that alloca is no longer the default.
+	Explain the user's responsibility if they define YYSTACK_USE_ALLOCA
+	to 1.
+
 	* doc/bison.texinfo (Location Default Action): Mention that n must
 	be zero when k is zero.  Suggested by Frank Heckenbach.
 
diff --git a/NEWS b/NEWS
index d51ec81..44b6579 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ Bison News
 
 Changes in version 1.875f:
 
+* Bison-generated parsers no longer default to using the alloca function
+  (when available) to extend the parser stack, due to widespread
+  problems in unchecked stack-overflow detection.  You can "#define
+  YYSTACK_USE_ALLOCA 1" to use alloca anyway, but please read the
+  manual to determine safe values for YYMAXDEPTH in that case.
+
 Changes in version 1.875e, 2004-12-10:
 
 * New directive: %initial-action.
diff --git a/data/glr.c b/data/glr.c
index 97c43bc..eb2a42e 100644
--- a/data/glr.c
+++ b/data/glr.c
@@ -536,10 +536,6 @@ int yydebug;
    SIZE_MAX < YYMAXDEPTH * sizeof (GLRStackItem)
    evaluated with infinite-precision integer arithmetic.  */
 
-#if YYMAXDEPTH == 0
-# undef YYMAXDEPTH
-#endif
-
 #ifndef YYMAXDEPTH
 # define YYMAXDEPTH ]b4_stack_depth_max[
 #endif
diff --git a/data/yacc.c b/data/yacc.c
index 7a416b6..9ce6d27 100644
--- a/data/yacc.c
+++ b/data/yacc.c
@@ -226,14 +226,10 @@ b4_syncline([@oline@], [@ofile@])[
 
 # ifdef YYSTACK_USE_ALLOCA
 #  if YYSTACK_USE_ALLOCA
-#   define YYSTACK_ALLOC alloca
-#  endif
-# else
-#  if defined (alloca) || defined (_ALLOCA_H)
-#   define YYSTACK_ALLOC alloca
-#  else
 #   ifdef __GNUC__
 #    define YYSTACK_ALLOC __builtin_alloca
+#   else
+#    define YYSTACK_ALLOC alloca
 #   endif
 #  endif
 # endif
@@ -648,10 +644,6 @@ int yydebug;
    SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
    evaluated with infinite-precision integer arithmetic.  */
 
-#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0
-# undef YYMAXDEPTH
-#endif
-
 #ifndef YYMAXDEPTH
 # define YYMAXDEPTH ]b4_stack_depth_max[
 #endif
diff --git a/doc/bison.texinfo b/doc/bison.texinfo
index 1a1f341..f026012 100644
--- a/doc/bison.texinfo
+++ b/doc/bison.texinfo
@@ -5574,7 +5574,6 @@ By defining the macro @code{YYMAXDEPTH}, you can control how deep the
 parser stack can become before a stack overflow occurs.  Define the
 macro with a value that is an integer.  This value is the maximum number
 of tokens that can be shifted (and not reduced) before overflow.
-It must be a constant expression whose value is known at compile time.
 
 The stack space allowed is not necessarily allocated.  If you specify a
 large value for @code{YYMAXDEPTH}, the parser actually allocates a small
@@ -5583,14 +5582,26 @@ increasing allocation happens automatically and silently.  Therefore,
 you do not need to make @code{YYMAXDEPTH} painfully small merely to save
 space for ordinary inputs that do not need much stack.
 
+However, do not allow @code{YYMAXDEPTH} to be a value so large that
+arithmetic overflow could occur when calculating the size of the stack
+space.  Also, do not allow @code{YYMAXDEPTH} to be less than
+@code{YYINITDEPTH}.
+
 @cindex default stack limit
 The default value of @code{YYMAXDEPTH}, if you do not define it, is
 10000.
 
 @vindex YYINITDEPTH
 You can control how much stack is allocated initially by defining the
-macro @code{YYINITDEPTH}.  This value too must be a compile-time
-constant integer.  The default is 200.
+macro @code{YYINITDEPTH} to a positive integer.  For the C
+@acronym{LALR}(1) parser, this value must be a compile-time constant
+unless you are assuming C99 or some other target language or compiler
+that allows variable-length arrays.  The default is 200.
+
+Do not allow @code{YYINITDEPTH} to be a value so large that arithmetic
+overflow would occur when calculating the size of the stack space.
+Also, do not allow @code{YYINITDEPTH} to be greater than
+@code{YYMAXDEPTH}.
 
 @c FIXME: C++ output.
 Because of semantical differences between C and C++, the
@@ -7306,10 +7317,23 @@ syntax error.  @xref{Action Features, ,Special Features for Use in Actions}.
 @end deffn
 
 @deffn {Macro} YYSTACK_USE_ALLOCA
-Macro used to control the use of @code{alloca}.  If defined to @samp{0},
-the parser will not use @code{alloca} but @code{malloc} when trying to
-grow its internal stacks.  Do @emph{not} define @code{YYSTACK_USE_ALLOCA}
-to anything else.
+Macro used to control the use of @code{alloca} when the C
+@acronym{LALR}(1) parser needs to extend its stacks.  If defined to 0,
+the parser will use @code{malloc} to extend its stacks.  If defined to
+1, the parser will use @code{alloca}.  Values other than 0 and 1 are
+reserved for future Bison extensions.  If not defined,
+@code{YYSTACK_USE_ALLOCA} defaults to 0.
+
+If you define @code{YYSTACK_USE_ALLOCA} to 1, it is your
+responsibility to make sure that @code{alloca} is visible, e.g., by
+using @acronym{GCC} or by including @code{<stdlib.h>}.  Furthermore,
+in the all-too-common case where your code may run on a host with a
+limited stack and with unreliable stack-overflow checking, you should
+set @code{YYMAXDEPTH} to a value that cannot possibly result in
+unchecked stack overflow on any of your target hosts when
+@code{alloca} is called.  You can inspect the code that Bison
+generates in order to determine the proper numeric values.  This will
+require some expertise in low-level implementation details.
 @end deffn
 
 @deffn {Type} YYSTYPE
-- 
2.7.4