From 068d36032a0e024afd60098fe4f41b94db2b0b73 Mon Sep 17 00:00:00 2001
From: Kevin Lo <kevlo@FreeBSD.org>
Date: Fri, 18 Jul 2008 15:05:14 +0000
Subject: [PATCH] Fix a longstanding bug, from Otto Moerbeck: if we're reducing
 a rule that has an empty right hand side and the yacc stackpointer is
 pointing at the very end of the allocated stack, we end up accessing the
 stack out of bounds by the implicit $$ = $1 action

Obtained from:	OpenBSD
---
 usr.bin/yacc/skeleton.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/yacc/skeleton.c b/usr.bin/yacc/skeleton.c
index f765c912f5c8..c1263d9e2872 100644
--- a/usr.bin/yacc/skeleton.c
+++ b/usr.bin/yacc/skeleton.c
@@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
 const char *banner[] =
 {
     "#include <stdlib.h>",
+    "#include <string.h>",
     "#ifndef lint",
     "#ifdef __unused",
     "__unused",
@@ -331,7 +332,10 @@ const char *body[] =
     "                YYPREFIX, yystate, yyn, yyrule[yyn]);",
     "#endif",
     "    yym = yylen[yyn];",
-    "    yyval = yyvsp[1-yym];",
+    "    if (yym)",
+    "        yyval = yyvsp[1-yym];",
+    "    else",
+    "    memset(&yyval, 0, sizeof yyval);",
     "    switch (yyn)",
     "    {",
     0