[Nasm-bugs] [Bug 3392431] New: There is a SEGV on unknown address 0x000000000018 in nasm.
no-reply at bugzilla-nasm.gorcunov.org
no-reply at bugzilla-nasm.gorcunov.org
Mon Aug 28 01:15:57 PDT 2017
https://bugzilla.nasm.us/show_bug.cgi?id=3392431
Bug ID: 3392431
Summary: There is a SEGV on unknown address 0x000000000018 in
nasm.
Product: NASM
Version: unspecified
Hardware: All
OS: All
Status: OPEN
Severity: blocker
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: v.owl337 at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Binary from nasm.us
Created attachment 411609
--> https://bugzilla.nasm.us/attachment.cgi?id=411609&action=edit
./nasm -f bin POC11 -o tmp
Description:
The debugging information is as follows:
$ ./nasm -f bin POC11 -o tmp
...
id:000643,sig:11,src:009027,op:havoc,rep:64:28: error: symbol `t' redefined
id:000643,sig:11,src:009027,op:havoc,rep:64:33: error: parser: instruction
expected
id:000643,sig:11,src:009027,op:havoc,rep:64:34: error: label or instruction
expected at start of line
id:000643,sig:11,src:009027,op:havoc,rep:64:35: error: parser: instruction
expected
id:000643,sig:11,src:009027,op:havoc,rep:64:88: error: label or instruction
expected at start of line
id:000643,sig:11,src:009027,op:havoc,rep:64:95: error: macro call expects
terminating `)'
id:000643,sig:11,src:009027,op:havoc,rep:64:95: error: parser: instruction
expected
id:000643,sig:11,src:009027,op:havoc,rep:64:96: error: `%0': not in a macro
call
id:000643,sig:11,src:009027,op:havoc,rep:64:96: error: expression syntax error
id:000643,sig:11,src:009027,op:havoc,rep:64:97: error: unknown preprocessor
directive `%rota'
id:000643,sig:11,src:009027,op:havoc,rep:64:97: error: label or instruction
expected at start of line
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: `%%top': not in a macro
call
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: macro call expects
terminating `)'
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: macro call expects
terminating `)'
Segmentation fault
The GDB debugging information is as follows:
(gdb) set args -f bin POC11 -o tmp
(gdb) r
...
id:000643,sig:11,src:009027,op:havoc,rep:64:96: error: expression syntax error
id:000643,sig:11,src:009027,op:havoc,rep:64:97: error: unknown preprocessor
directive `%rota'
id:000643,sig:11,src:009027,op:havoc,rep:64:97: error: label or instruction
expected at start of line
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: `%%top': not in a macro
call
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: macro call expects
terminating `)'
Breakpoint 2, expand_smacro (tline=<optimized out>) at asm/preproc.c:4415
4415 pt = *ptail = new_Token(tline,
ttt->type,
(gdb) c 53
Will ignore next 51 crossings of breakpoint 2. Continuing.
id:000643,sig:11,src:009027,op:havoc,rep:64:98: error: macro call expects
terminating `)'
Breakpoint 2, expand_smacro (tline=<optimized out>) at asm/preproc.c:4415
4415 pt = *ptail = new_Token(tline,
ttt->type,
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x000000000056d5d6 in expand_smacro (tline=<optimized out>) at
asm/preproc.c:4415
4415 pt = *ptail = new_Token(tline,
ttt->type,
(gdb) bt
#0 expand_smacro (tline=<optimized out>) at asm/preproc.c:4415
#1 0x000000000051c561 in pp_getline () at asm/preproc.c:5210
#2 0x0000000000483517 in assemble_file (fname=<optimized out>,
depend_ptr=<optimized out>) at asm/nasm.c:1233
#3 main (argc=<optimized out>, argv=<optimized out>) at asm/nasm.c:453
(gdb) c
Continuing.
ASAN:SIGSEGV
=================================================================
==9792==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc
0x00000056d5d6 sp 0x7fffffffdda0 bp 0x7fffffffdee0 T0)
==9792==WARNING: Trying to symbolize code, but external symbolizer is not
initialized!
#0 0x56d5d5
(/home/company/check_nasm/nasm-2.14rc0/install_asan/bin/nasm+0x56d5d5)
#1 0x51c560
(/home/company/check_nasm/nasm-2.14rc0/install_asan/bin/nasm+0x51c560)
#2 0x483516
(/home/company/check_nasm/nasm-2.14rc0/install_asan/bin/nasm+0x483516)
#3 0x7ffff6ee6a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#4 0x47e7e8
(/home/company/check_nasm/nasm-2.14rc0/install_asan/bin/nasm+0x47e7e8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==9792==ABORTING
[Inferior 1 (process 9792) exited with code 01]
(gdb)
Tirgged in:
expand_smacro (tline=<optimized out>) at asm/preproc.c:4415
4415 pt = *ptail = new_Token(tline,
ttt->type,
Credits:
This vulnerability is detected by team OWL337, with our custom fuzzer collAFL.
Please contact ganshuitao at gmail.com and chaoz at tsinghua.edu.cn if you need
more info about the team, the tool or the vulnerability.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list