From 07079d78bc849dacc7b90c7fec6949687b344974 Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue, 9 Aug 2016 19:30:40 +0000
Subject: [PATCH] lib: Fix use after free in lexer

Fix occasional bug where deleting flex's input
buffer happens earlier than flex expects

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---
 lib/command_parse.y | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/command_parse.y b/lib/command_parse.y
index 51c2331dc7..bbdf11c6e8 100644
--- a/lib/command_parse.y
+++ b/lib/command_parse.y
@@ -152,7 +152,6 @@ start:
 {
   // tack on the command element
   terminate_graph (startnode, currnode, element);
-  cleanup();
 }
 | sentence_root cmd_token_seq '.' placeholder_token
 {
@@ -165,7 +164,6 @@ start:
 
   // tack on the command element
   terminate_graph (startnode, currnode, element);
-  cleanup();
 }
 
 sentence_root: WORD
@@ -394,7 +392,10 @@ parse_command_format(struct graph_node *start, struct cmd_element *cmd)
   yydebug = 0;
 
   // parse command into DFA
-  yyparse(cmd, start);
+  yyparse (cmd, start);
+
+  /* cleanup */
+  cleanup ();
 
   return start;
 }
@@ -416,7 +417,7 @@ cleanup()
   free (docstr_start);
 
   /* cleanup lexer */
-  cleanup_lexer();
+  cleanup_lexer ();
 
   /* clear state pointers */
   seqhead = NULL;
-- 
2.39.5