From 2ec6df3b0730224ed42a5dd54bf20d5d04b7c808 Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin.tolmer@gmail.com>
Date: Wed, 11 Nov 2020 18:55:15 +0100
Subject: [PATCH] glr2.cc: fix memory corruption bug

* data/skeletons/glr2.cc (yyremoveDeletes): Remove double-increment in
the loop.
(glr_state::copyFrom): Handle gracefully when other is resolved.
---
 data/skeletons/glr2.cc | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/data/skeletons/glr2.cc b/data/skeletons/glr2.cc
index 748d51de..f334478e 100644
--- a/data/skeletons/glr2.cc
+++ b/data/skeletons/glr2.cc
@@ -799,7 +799,11 @@ public:
   void copyFrom(const glr_state& other) {
     *this = other;
     setPred(other.pred());
-    setFirstVal(other.firstVal());
+    if (other.yyresolved) {
+      semanticVal() = other.semanticVal();
+    } else {
+      setFirstVal(other.firstVal());
+    }
   }
 
   /** Type tag for   If true, yysval applies, otherwise
@@ -945,9 +949,9 @@ class glr_state_set {
   inline void
   yyremoveDeletes ()
   {
-    std::ptrdiff_t newsize = static_cast<std::ptrdiff_t>(yystates.size());
+    size_t newsize = yystates.size();
     /* j is the number of live stacks we have seen.  */
-    for (size_t i = 0, j = 0; i < yystates.size(); ++i)
+    for (size_t i = 0, j = 0; j < newsize; ++i)
       {
         if (yystates[i] == YY_NULLPTR)
           {
@@ -972,10 +976,9 @@ class glr_state_set {
               }
             j += 1;
           }
-        i += 1;
       }
-    yystates.erase(yystates.begin() + newsize, yystates.end());
-    yylookaheadNeeds.erase(yylookaheadNeeds.begin() + newsize,
+    yystates.erase(yystates.begin() + static_cast<std::ptrdiff_t>(newsize), yystates.end());
+    yylookaheadNeeds.erase(yylookaheadNeeds.begin() + static_cast<std::ptrdiff_t>(newsize),
                            yylookaheadNeeds.end());
   }