new file mode 100644
@@ -0,0 +1,68 @@
+From febeb977936f9519a25d9fbd10ff8256358cdb97 Mon Sep 17 00:00:00 2001
+From: Ulya Trofimovich <skvadrik@gmail.com>
+Date: Tue, 3 Feb 2026 21:33:11 +0000
+Subject: [PATCH] Fix null pointer dereference when actions are used without
+ rules.
+
+Null pointer dereference happened because the root TNFA state was null:
+there were no rules for a block, but determinization still happened.
+
+In this case re2c should emit an error and never even attempt
+determinization. It was properly handled for blocks with start
+conditions, but not for normal blocks.
+
+This addresses #571 "[Bug] Segmentation Fault (NULL Dereference) in
+re2c::closure_leftmost_dfs during determinization".
+
+CVE: CVE-2026-2903
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/parse/ast.cc | 19 +++++++++++++++----
+ test/conditions/cond_error_10.c | 2 +-
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/src/parse/ast.cc b/src/parse/ast.cc
+index 91865e801..986cfb7da 100644
+--- a/src/parse/ast.cc
++++ b/src/parse/ast.cc
+@@ -332,10 +332,6 @@ Ret check_and_merge_special_rules(AstGrams& grams, const opt_t* opts, Msg& msg,
+ all_conds_have_it = false; \
+ } else if (g.name == STAR_COND) { \
+ star_action = g.action[0]; \
+- } else if (g.rules.empty()) { \
+- RET_FAIL(msg.error(g.action[0]->loc, \
+- "%s action for non-existing condition `%s` found", \
+- str, g.name.c_str())); \
+ } \
+ } \
+ if (star_action && all_conds_have_it) { \
+@@ -422,6 +418,21 @@ Ret check_and_merge_special_rules(AstGrams& grams, const opt_t* opts, Msg& msg,
+ }
+ }
+
++ for (const AstGram& g : grams) {
++ if (g.rules.empty()) {
++#define CHECK_ACTION(action, str) do { \
++ if (!g.action.empty()) { \
++ RET_FAIL(msg.error(g.action[0]->loc, \
++ "%s action %sbut no rules found", str, incond(g.name).c_str())); \
++ } \
++} while(0)
++ CHECK_ACTION(entry, "entry");
++ CHECK_ACTION(pre_rule, "pre-rule");
++ CHECK_ACTION(post_rule, "post-rule");
++#undef CHECK_ACTION
++ }
++ }
++
+ // zero condition must be the first one.
+ auto zero = std::find_if(
+ grams.begin(), grams.end(), [](const AstGram& g) { return g.name == ZERO_COND; });
+diff --git a/test/conditions/cond_error_10.c b/test/conditions/cond_error_10.c
+index 571028a22..3bfde301b 100644
+--- a/test/conditions/cond_error_10.c
++++ b/test/conditions/cond_error_10.c
+@@ -1 +1 @@
+-conditions/cond_error_10.re:7:5: error: pre-rule action for non-existing condition `c` found
++conditions/cond_error_10.re:7:5: error: pre-rule action in condition 'c' but no rules found
@@ -6,7 +6,9 @@ SECTION = "devel"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d"
-SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
+SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \
+ file://CVE-2026-2903.patch"
+
SRC_URI[sha256sum] = "6b6b865924447ef992d5db4e52fb9307e5f65f26edd43efa91395da810f4280a"
GITHUB_BASE_URI = "https://github.com/skvadrik/re2c/releases"
Backport a patch from upstream to fix CVE-2026-2903. Signed-off-by: Ross Burton <ross.burton@arm.com> --- .../re2c/re2c/CVE-2026-2903.patch | 68 +++++++++++++++++++ meta/recipes-support/re2c/re2c_4.4.bb | 4 +- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/re2c/re2c/CVE-2026-2903.patch