[Nasm-bugs] [Bug 3392452] New: stack-overflow in nasm
no-reply at bugzilla-nasm.gorcunov.org
no-reply at bugzilla-nasm.gorcunov.org
Sun Dec 10 22:20:12 PST 2017
https://bugzilla.nasm.us/show_bug.cgi?id=3392452
Bug ID: 3392452
Summary: stack-overflow in nasm
Product: NASM
Version: unspecified
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: gy741.kim at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Other (please explain)
Created attachment 411619
--> https://bugzilla.nasm.us/attachment.cgi?id=411619&action=edit
PoC
Hello.
I found a stack-overflow bug in nasm.
Please confirm.
Thanks.
OS: Ubuntu 16.04 64bit
Version: NASM version 2.14rc0 compiled on Dec 11 2017
Steps to reproduce:
1. Download the .POC files.
2. Compile the source code with ASan.
3. ./nasm $PoC -o /dev/null
```
ASAN:DEADLYSIGNAL
=================================================================
==31503==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd29446ff8 (pc
0x561c7d7c0c20 bp 0x7ffd294470e0 sp 0x7ffd29446ff0 T0)
#0 0x561c7d7c0c1f in stdscan asm/stdscan.c:130
#1 0x561c7d7bedad in expr6 asm/eval.c:850
#2 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#3 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#4 0x561c7d7bd804 in expr3 asm/eval.c:507
#5 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#6 0x561c7d7bd580 in expr1 asm/eval.c:455
#7 0x561c7d7bd43e in expr0 asm/eval.c:429
#8 0x561c7d7bedc4 in expr6 asm/eval.c:851
#9 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#10 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#11 0x561c7d7bd804 in expr3 asm/eval.c:507
#12 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#13 0x561c7d7bd580 in expr1 asm/eval.c:455
#14 0x561c7d7bd43e in expr0 asm/eval.c:429
#15 0x561c7d7bedc4 in expr6 asm/eval.c:851
#16 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#17 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#18 0x561c7d7bd804 in expr3 asm/eval.c:507
#19 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#20 0x561c7d7bd580 in expr1 asm/eval.c:455
#21 0x561c7d7bd43e in expr0 asm/eval.c:429
#22 0x561c7d7bedc4 in expr6 asm/eval.c:851
#23 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#24 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#25 0x561c7d7bd804 in expr3 asm/eval.c:507
#26 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#27 0x561c7d7bd580 in expr1 asm/eval.c:455
#28 0x561c7d7bd43e in expr0 asm/eval.c:429
#29 0x561c7d7bedc4 in expr6 asm/eval.c:851
#30 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#31 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#32 0x561c7d7bd804 in expr3 asm/eval.c:507
#33 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#34 0x561c7d7bd580 in expr1 asm/eval.c:455
#35 0x561c7d7bd43e in expr0 asm/eval.c:429
#36 0x561c7d7bedc4 in expr6 asm/eval.c:851
#37 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#38 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#39 0x561c7d7bd804 in expr3 asm/eval.c:507
#40 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#41 0x561c7d7bd580 in expr1 asm/eval.c:455
#42 0x561c7d7bd43e in expr0 asm/eval.c:429
#43 0x561c7d7bedc4 in expr6 asm/eval.c:851
#44 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#45 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#46 0x561c7d7bd804 in expr3 asm/eval.c:507
#47 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#48 0x561c7d7bd580 in expr1 asm/eval.c:455
#49 0x561c7d7bd43e in expr0 asm/eval.c:429
#50 0x561c7d7bedc4 in expr6 asm/eval.c:851
#51 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#52 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#53 0x561c7d7bd804 in expr3 asm/eval.c:507
#54 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#55 0x561c7d7bd580 in expr1 asm/eval.c:455
#56 0x561c7d7bd43e in expr0 asm/eval.c:429
#57 0x561c7d7bedc4 in expr6 asm/eval.c:851
#58 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#59 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#60 0x561c7d7bd804 in expr3 asm/eval.c:507
#61 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#62 0x561c7d7bd580 in expr1 asm/eval.c:455
#63 0x561c7d7bd43e in expr0 asm/eval.c:429
#64 0x561c7d7bedc4 in expr6 asm/eval.c:851
#65 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#66 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#67 0x561c7d7bd804 in expr3 asm/eval.c:507
#68 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#69 0x561c7d7bd580 in expr1 asm/eval.c:455
#70 0x561c7d7bd43e in expr0 asm/eval.c:429
#71 0x561c7d7bedc4 in expr6 asm/eval.c:851
#72 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#73 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#74 0x561c7d7bd804 in expr3 asm/eval.c:507
#75 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#76 0x561c7d7bd580 in expr1 asm/eval.c:455
#77 0x561c7d7bd43e in expr0 asm/eval.c:429
#78 0x561c7d7bedc4 in expr6 asm/eval.c:851
#79 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#80 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#81 0x561c7d7bd804 in expr3 asm/eval.c:507
#82 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#83 0x561c7d7bd580 in expr1 asm/eval.c:455
#84 0x561c7d7bd43e in expr0 asm/eval.c:429
#85 0x561c7d7bedc4 in expr6 asm/eval.c:851
#86 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#87 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#88 0x561c7d7bd804 in expr3 asm/eval.c:507
#89 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#90 0x561c7d7bd580 in expr1 asm/eval.c:455
#91 0x561c7d7bd43e in expr0 asm/eval.c:429
#92 0x561c7d7bedc4 in expr6 asm/eval.c:851
#93 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#94 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#95 0x561c7d7bd804 in expr3 asm/eval.c:507
#96 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#97 0x561c7d7bd580 in expr1 asm/eval.c:455
#98 0x561c7d7bd43e in expr0 asm/eval.c:429
#99 0x561c7d7bedc4 in expr6 asm/eval.c:851
#100 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#101 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#102 0x561c7d7bd804 in expr3 asm/eval.c:507
#103 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#104 0x561c7d7bd580 in expr1 asm/eval.c:455
#105 0x561c7d7bd43e in expr0 asm/eval.c:429
#106 0x561c7d7bedc4 in expr6 asm/eval.c:851
#107 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#108 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#109 0x561c7d7bd804 in expr3 asm/eval.c:507
#110 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#111 0x561c7d7bd580 in expr1 asm/eval.c:455
#112 0x561c7d7bd43e in expr0 asm/eval.c:429
#113 0x561c7d7bedc4 in expr6 asm/eval.c:851
#114 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#115 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#116 0x561c7d7bd804 in expr3 asm/eval.c:507
#117 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#118 0x561c7d7bd580 in expr1 asm/eval.c:455
#119 0x561c7d7bd43e in expr0 asm/eval.c:429
#120 0x561c7d7bedc4 in expr6 asm/eval.c:851
#121 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#122 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#123 0x561c7d7bd804 in expr3 asm/eval.c:507
#124 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#125 0x561c7d7bd580 in expr1 asm/eval.c:455
#126 0x561c7d7bd43e in expr0 asm/eval.c:429
#127 0x561c7d7bedc4 in expr6 asm/eval.c:851
#128 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#129 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#130 0x561c7d7bd804 in expr3 asm/eval.c:507
#131 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#132 0x561c7d7bd580 in expr1 asm/eval.c:455
#133 0x561c7d7bd43e in expr0 asm/eval.c:429
#134 0x561c7d7bedc4 in expr6 asm/eval.c:851
#135 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#136 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#137 0x561c7d7bd804 in expr3 asm/eval.c:507
#138 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#139 0x561c7d7bd580 in expr1 asm/eval.c:455
#140 0x561c7d7bd43e in expr0 asm/eval.c:429
#141 0x561c7d7bedc4 in expr6 asm/eval.c:851
#142 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#143 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#144 0x561c7d7bd804 in expr3 asm/eval.c:507
#145 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#146 0x561c7d7bd580 in expr1 asm/eval.c:455
#147 0x561c7d7bd43e in expr0 asm/eval.c:429
#148 0x561c7d7bedc4 in expr6 asm/eval.c:851
#149 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#150 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#151 0x561c7d7bd804 in expr3 asm/eval.c:507
#152 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#153 0x561c7d7bd580 in expr1 asm/eval.c:455
#154 0x561c7d7bd43e in expr0 asm/eval.c:429
#155 0x561c7d7bedc4 in expr6 asm/eval.c:851
#156 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#157 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#158 0x561c7d7bd804 in expr3 asm/eval.c:507
#159 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#160 0x561c7d7bd580 in expr1 asm/eval.c:455
#161 0x561c7d7bd43e in expr0 asm/eval.c:429
#162 0x561c7d7bedc4 in expr6 asm/eval.c:851
#163 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#164 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#165 0x561c7d7bd804 in expr3 asm/eval.c:507
#166 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#167 0x561c7d7bd580 in expr1 asm/eval.c:455
#168 0x561c7d7bd43e in expr0 asm/eval.c:429
#169 0x561c7d7bedc4 in expr6 asm/eval.c:851
#170 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#171 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#172 0x561c7d7bd804 in expr3 asm/eval.c:507
#173 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#174 0x561c7d7bd580 in expr1 asm/eval.c:455
#175 0x561c7d7bd43e in expr0 asm/eval.c:429
#176 0x561c7d7bedc4 in expr6 asm/eval.c:851
#177 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#178 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#179 0x561c7d7bd804 in expr3 asm/eval.c:507
#180 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#181 0x561c7d7bd580 in expr1 asm/eval.c:455
#182 0x561c7d7bd43e in expr0 asm/eval.c:429
#183 0x561c7d7bedc4 in expr6 asm/eval.c:851
#184 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#185 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#186 0x561c7d7bd804 in expr3 asm/eval.c:507
#187 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#188 0x561c7d7bd580 in expr1 asm/eval.c:455
#189 0x561c7d7bd43e in expr0 asm/eval.c:429
#190 0x561c7d7bedc4 in expr6 asm/eval.c:851
#191 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#192 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#193 0x561c7d7bd804 in expr3 asm/eval.c:507
#194 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#195 0x561c7d7bd580 in expr1 asm/eval.c:455
#196 0x561c7d7bd43e in expr0 asm/eval.c:429
#197 0x561c7d7bedc4 in expr6 asm/eval.c:851
#198 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#199 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#200 0x561c7d7bd804 in expr3 asm/eval.c:507
#201 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#202 0x561c7d7bd580 in expr1 asm/eval.c:455
#203 0x561c7d7bd43e in expr0 asm/eval.c:429
#204 0x561c7d7bedc4 in expr6 asm/eval.c:851
#205 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#206 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#207 0x561c7d7bd804 in expr3 asm/eval.c:507
#208 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#209 0x561c7d7bd580 in expr1 asm/eval.c:455
#210 0x561c7d7bd43e in expr0 asm/eval.c:429
#211 0x561c7d7bedc4 in expr6 asm/eval.c:851
#212 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#213 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#214 0x561c7d7bd804 in expr3 asm/eval.c:507
#215 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#216 0x561c7d7bd580 in expr1 asm/eval.c:455
#217 0x561c7d7bd43e in expr0 asm/eval.c:429
#218 0x561c7d7bedc4 in expr6 asm/eval.c:851
#219 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#220 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#221 0x561c7d7bd804 in expr3 asm/eval.c:507
#222 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#223 0x561c7d7bd580 in expr1 asm/eval.c:455
#224 0x561c7d7bd43e in expr0 asm/eval.c:429
#225 0x561c7d7bedc4 in expr6 asm/eval.c:851
#226 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#227 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#228 0x561c7d7bd804 in expr3 asm/eval.c:507
#229 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#230 0x561c7d7bd580 in expr1 asm/eval.c:455
#231 0x561c7d7bd43e in expr0 asm/eval.c:429
#232 0x561c7d7bedc4 in expr6 asm/eval.c:851
#233 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#234 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#235 0x561c7d7bd804 in expr3 asm/eval.c:507
#236 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#237 0x561c7d7bd580 in expr1 asm/eval.c:455
#238 0x561c7d7bd43e in expr0 asm/eval.c:429
#239 0x561c7d7bedc4 in expr6 asm/eval.c:851
#240 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#241 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#242 0x561c7d7bd804 in expr3 asm/eval.c:507
#243 0x561c7d7bd6c2 in expr2 asm/eval.c:481
#244 0x561c7d7bd580 in expr1 asm/eval.c:455
#245 0x561c7d7bd43e in expr0 asm/eval.c:429
#246 0x561c7d7bedc4 in expr6 asm/eval.c:851
#247 0x561c7d7bdaa2 in expr5 asm/eval.c:566
#248 0x561c7d7bd9b0 in expr4 asm/eval.c:541
#249 0x561c7d7bd804 in expr3 asm/eval.c:507
#250 0x561c7d7bd6c2 in expr2 asm/eval.c:481
SUMMARY: AddressSanitizer: stack-overflow asm/stdscan.c:130 in stdscan
==31503==ABORTING
```
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list