[Nasm-bugs] [Bug 3392452] New: stack-overflow in nasm

no-reply at bugzilla-nasm.gorcunov.org no-reply at bugzilla-nasm.gorcunov.org
Sun Dec 10 22:20:12 PST 2017


https://bugzilla.nasm.us/show_bug.cgi?id=3392452

            Bug ID: 3392452
           Summary: stack-overflow in nasm
           Product: NASM
           Version: unspecified
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: gy741.kim at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Other (please explain)

Created attachment 411619
  --> https://bugzilla.nasm.us/attachment.cgi?id=411619&action=edit
PoC

Hello.

I found a stack-overflow bug in nasm.

Please confirm.

Thanks.

OS: Ubuntu 16.04 64bit
Version: NASM version 2.14rc0 compiled on Dec 11 2017
Steps to reproduce:
1. Download the .POC files.
2. Compile the source code with ASan.
3. ./nasm $PoC -o /dev/null

```
ASAN:DEADLYSIGNAL
=================================================================
==31503==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd29446ff8 (pc
0x561c7d7c0c20 bp 0x7ffd294470e0 sp 0x7ffd29446ff0 T0)
    #0 0x561c7d7c0c1f in stdscan asm/stdscan.c:130
    #1 0x561c7d7bedad in expr6 asm/eval.c:850
    #2 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #3 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #4 0x561c7d7bd804 in expr3 asm/eval.c:507
    #5 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #6 0x561c7d7bd580 in expr1 asm/eval.c:455
    #7 0x561c7d7bd43e in expr0 asm/eval.c:429
    #8 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #9 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #10 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #11 0x561c7d7bd804 in expr3 asm/eval.c:507
    #12 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #13 0x561c7d7bd580 in expr1 asm/eval.c:455
    #14 0x561c7d7bd43e in expr0 asm/eval.c:429
    #15 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #16 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #17 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #18 0x561c7d7bd804 in expr3 asm/eval.c:507
    #19 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #20 0x561c7d7bd580 in expr1 asm/eval.c:455
    #21 0x561c7d7bd43e in expr0 asm/eval.c:429
    #22 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #23 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #24 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #25 0x561c7d7bd804 in expr3 asm/eval.c:507
    #26 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #27 0x561c7d7bd580 in expr1 asm/eval.c:455
    #28 0x561c7d7bd43e in expr0 asm/eval.c:429
    #29 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #30 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #31 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #32 0x561c7d7bd804 in expr3 asm/eval.c:507
    #33 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #34 0x561c7d7bd580 in expr1 asm/eval.c:455
    #35 0x561c7d7bd43e in expr0 asm/eval.c:429
    #36 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #37 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #38 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #39 0x561c7d7bd804 in expr3 asm/eval.c:507
    #40 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #41 0x561c7d7bd580 in expr1 asm/eval.c:455
    #42 0x561c7d7bd43e in expr0 asm/eval.c:429
    #43 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #44 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #45 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #46 0x561c7d7bd804 in expr3 asm/eval.c:507
    #47 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #48 0x561c7d7bd580 in expr1 asm/eval.c:455
    #49 0x561c7d7bd43e in expr0 asm/eval.c:429
    #50 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #51 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #52 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #53 0x561c7d7bd804 in expr3 asm/eval.c:507
    #54 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #55 0x561c7d7bd580 in expr1 asm/eval.c:455
    #56 0x561c7d7bd43e in expr0 asm/eval.c:429
    #57 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #58 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #59 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #60 0x561c7d7bd804 in expr3 asm/eval.c:507
    #61 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #62 0x561c7d7bd580 in expr1 asm/eval.c:455
    #63 0x561c7d7bd43e in expr0 asm/eval.c:429
    #64 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #65 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #66 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #67 0x561c7d7bd804 in expr3 asm/eval.c:507
    #68 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #69 0x561c7d7bd580 in expr1 asm/eval.c:455
    #70 0x561c7d7bd43e in expr0 asm/eval.c:429
    #71 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #72 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #73 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #74 0x561c7d7bd804 in expr3 asm/eval.c:507
    #75 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #76 0x561c7d7bd580 in expr1 asm/eval.c:455
    #77 0x561c7d7bd43e in expr0 asm/eval.c:429
    #78 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #79 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #80 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #81 0x561c7d7bd804 in expr3 asm/eval.c:507
    #82 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #83 0x561c7d7bd580 in expr1 asm/eval.c:455
    #84 0x561c7d7bd43e in expr0 asm/eval.c:429
    #85 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #86 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #87 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #88 0x561c7d7bd804 in expr3 asm/eval.c:507
    #89 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #90 0x561c7d7bd580 in expr1 asm/eval.c:455
    #91 0x561c7d7bd43e in expr0 asm/eval.c:429
    #92 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #93 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #94 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #95 0x561c7d7bd804 in expr3 asm/eval.c:507
    #96 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #97 0x561c7d7bd580 in expr1 asm/eval.c:455
    #98 0x561c7d7bd43e in expr0 asm/eval.c:429
    #99 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #100 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #101 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #102 0x561c7d7bd804 in expr3 asm/eval.c:507
    #103 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #104 0x561c7d7bd580 in expr1 asm/eval.c:455
    #105 0x561c7d7bd43e in expr0 asm/eval.c:429
    #106 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #107 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #108 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #109 0x561c7d7bd804 in expr3 asm/eval.c:507
    #110 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #111 0x561c7d7bd580 in expr1 asm/eval.c:455
    #112 0x561c7d7bd43e in expr0 asm/eval.c:429
    #113 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #114 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #115 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #116 0x561c7d7bd804 in expr3 asm/eval.c:507
    #117 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #118 0x561c7d7bd580 in expr1 asm/eval.c:455
    #119 0x561c7d7bd43e in expr0 asm/eval.c:429
    #120 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #121 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #122 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #123 0x561c7d7bd804 in expr3 asm/eval.c:507
    #124 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #125 0x561c7d7bd580 in expr1 asm/eval.c:455
    #126 0x561c7d7bd43e in expr0 asm/eval.c:429
    #127 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #128 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #129 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #130 0x561c7d7bd804 in expr3 asm/eval.c:507
    #131 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #132 0x561c7d7bd580 in expr1 asm/eval.c:455
    #133 0x561c7d7bd43e in expr0 asm/eval.c:429
    #134 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #135 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #136 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #137 0x561c7d7bd804 in expr3 asm/eval.c:507
    #138 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #139 0x561c7d7bd580 in expr1 asm/eval.c:455
    #140 0x561c7d7bd43e in expr0 asm/eval.c:429
    #141 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #142 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #143 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #144 0x561c7d7bd804 in expr3 asm/eval.c:507
    #145 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #146 0x561c7d7bd580 in expr1 asm/eval.c:455
    #147 0x561c7d7bd43e in expr0 asm/eval.c:429
    #148 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #149 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #150 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #151 0x561c7d7bd804 in expr3 asm/eval.c:507
    #152 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #153 0x561c7d7bd580 in expr1 asm/eval.c:455
    #154 0x561c7d7bd43e in expr0 asm/eval.c:429
    #155 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #156 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #157 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #158 0x561c7d7bd804 in expr3 asm/eval.c:507
    #159 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #160 0x561c7d7bd580 in expr1 asm/eval.c:455
    #161 0x561c7d7bd43e in expr0 asm/eval.c:429
    #162 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #163 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #164 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #165 0x561c7d7bd804 in expr3 asm/eval.c:507
    #166 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #167 0x561c7d7bd580 in expr1 asm/eval.c:455
    #168 0x561c7d7bd43e in expr0 asm/eval.c:429
    #169 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #170 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #171 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #172 0x561c7d7bd804 in expr3 asm/eval.c:507
    #173 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #174 0x561c7d7bd580 in expr1 asm/eval.c:455
    #175 0x561c7d7bd43e in expr0 asm/eval.c:429
    #176 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #177 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #178 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #179 0x561c7d7bd804 in expr3 asm/eval.c:507
    #180 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #181 0x561c7d7bd580 in expr1 asm/eval.c:455
    #182 0x561c7d7bd43e in expr0 asm/eval.c:429
    #183 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #184 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #185 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #186 0x561c7d7bd804 in expr3 asm/eval.c:507
    #187 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #188 0x561c7d7bd580 in expr1 asm/eval.c:455
    #189 0x561c7d7bd43e in expr0 asm/eval.c:429
    #190 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #191 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #192 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #193 0x561c7d7bd804 in expr3 asm/eval.c:507
    #194 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #195 0x561c7d7bd580 in expr1 asm/eval.c:455
    #196 0x561c7d7bd43e in expr0 asm/eval.c:429
    #197 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #198 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #199 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #200 0x561c7d7bd804 in expr3 asm/eval.c:507
    #201 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #202 0x561c7d7bd580 in expr1 asm/eval.c:455
    #203 0x561c7d7bd43e in expr0 asm/eval.c:429
    #204 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #205 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #206 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #207 0x561c7d7bd804 in expr3 asm/eval.c:507
    #208 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #209 0x561c7d7bd580 in expr1 asm/eval.c:455
    #210 0x561c7d7bd43e in expr0 asm/eval.c:429
    #211 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #212 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #213 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #214 0x561c7d7bd804 in expr3 asm/eval.c:507
    #215 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #216 0x561c7d7bd580 in expr1 asm/eval.c:455
    #217 0x561c7d7bd43e in expr0 asm/eval.c:429
    #218 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #219 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #220 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #221 0x561c7d7bd804 in expr3 asm/eval.c:507
    #222 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #223 0x561c7d7bd580 in expr1 asm/eval.c:455
    #224 0x561c7d7bd43e in expr0 asm/eval.c:429
    #225 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #226 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #227 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #228 0x561c7d7bd804 in expr3 asm/eval.c:507
    #229 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #230 0x561c7d7bd580 in expr1 asm/eval.c:455
    #231 0x561c7d7bd43e in expr0 asm/eval.c:429
    #232 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #233 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #234 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #235 0x561c7d7bd804 in expr3 asm/eval.c:507
    #236 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #237 0x561c7d7bd580 in expr1 asm/eval.c:455
    #238 0x561c7d7bd43e in expr0 asm/eval.c:429
    #239 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #240 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #241 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #242 0x561c7d7bd804 in expr3 asm/eval.c:507
    #243 0x561c7d7bd6c2 in expr2 asm/eval.c:481
    #244 0x561c7d7bd580 in expr1 asm/eval.c:455
    #245 0x561c7d7bd43e in expr0 asm/eval.c:429
    #246 0x561c7d7bedc4 in expr6 asm/eval.c:851
    #247 0x561c7d7bdaa2 in expr5 asm/eval.c:566
    #248 0x561c7d7bd9b0 in expr4 asm/eval.c:541
    #249 0x561c7d7bd804 in expr3 asm/eval.c:507
    #250 0x561c7d7bd6c2 in expr2 asm/eval.c:481

SUMMARY: AddressSanitizer: stack-overflow asm/stdscan.c:130 in stdscan
==31503==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.


More information about the Nasm-bugs mailing list