[Nasm-bugs] [Bug 3392473] New: Arithmetic Exception in nasm 2.14rc0

no-reply at bugzilla.nasm.us no-reply at bugzilla.nasm.us
Tue Apr 10 12:10:09 PDT 2018 

https://bugzilla.nasm.us/show_bug.cgi?id=3392473

            Bug ID: 3392473
           Summary: Arithmetic Exception in nasm 2.14rc0
           Product: NASM
           Version: 2.14 (development)
          Hardware: All
                OS: Linux
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: jxx13 at psu.edu
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411634
  --> https://bugzilla.nasm.us/attachment.cgi?id=411634&action=edit
PoC to trigger the arithmetic exception

1. Trigger method:

wget https://www.nasm.us/pub/nasm/releasebuilds/2.14rc0/nasm-2.14rc0.tar.gz
tar -xvf nasm-2.14rc0.tar.gz 
cd nasm-2.14rc0/
./configure
make
# Download PoC file
gdb ./nasm
(gdb) r poc
# You will see Arithmetic Exception

2. Stack trace

Program received signal SIGFPE, Arithmetic exception.
0x00000000004cb1c2 in expr5 (critical=0) at ../asm/eval.c:611
611                                    ((uint64_t)reloc_value(f)));
(gdb) info stack
#0  0x00000000004cb1c2 in expr5 (critical=0) at ../asm/eval.c:611
#1  0x00000000004cad1c in expr4 (critical=0) at ../asm/eval.c:540
#2  0x00000000004cab7c in expr3 (critical=0) at ../asm/eval.c:506
#3  0x00000000004caa3e in expr2 (critical=0) at ../asm/eval.c:480
#4  0x00000000004ca8fe in expr1 (critical=0) at ../asm/eval.c:454
#5  0x00000000004c7c0e in expr0 (critical=0) at ../asm/eval.c:428
#6  0x00000000004c8325 in expr6 (critical=<optimized out>) at ../asm/eval.c:850
#7  0x00000000004caec0 in expr5 (critical=0) at ../asm/eval.c:565
#8  0x00000000004cad74 in expr4 (critical=0) at ../asm/eval.c:546
#9  0x00000000004cab7c in expr3 (critical=0) at ../asm/eval.c:506
#10 0x00000000004caa3e in expr2 (critical=0) at ../asm/eval.c:480
#11 0x00000000004ca8fe in expr1 (critical=0) at ../asm/eval.c:454
#12 0x00000000004c7c0e in expr0 (critical=0) at ../asm/eval.c:428
#13 0x00000000004c8325 in expr6 (critical=<optimized out>) at ../asm/eval.c:850
#14 0x00000000004caec0 in expr5 (critical=0) at ../asm/eval.c:565
#15 0x00000000004cad1c in expr4 (critical=0) at ../asm/eval.c:540
#16 0x00000000004cab7c in expr3 (critical=0) at ../asm/eval.c:506
#17 0x00000000004caa3e in expr2 (critical=0) at ../asm/eval.c:480
#18 0x00000000004ca8fe in expr1 (critical=0) at ../asm/eval.c:454
#19 0x00000000004c7c0e in expr0 (critical=0) at ../asm/eval.c:428
#20 0x00000000004c8325 in expr6 (critical=<optimized out>) at ../asm/eval.c:850
#21 0x00000000004caec0 in expr5 (critical=0) at ../asm/eval.c:565
#22 0x00000000004cad1c in expr4 (critical=0) at ../asm/eval.c:540
#23 0x00000000004cab7c in expr3 (critical=0) at ../asm/eval.c:506
#24 0x00000000004caa3e in expr2 (critical=0) at ../asm/eval.c:480
#25 0x00000000004ca8fe in expr1 (critical=0) at ../asm/eval.c:454
#26 0x00000000004c7c0e in expr0 (critical=0) at ../asm/eval.c:428
#27 0x00000000004c8325 in expr6 (critical=<optimized out>) at ../asm/eval.c:850
#28 0x00000000004caec0 in expr5 (critical=0) at ../asm/eval.c:565
#29 0x00000000004cad1c in expr4 (critical=0) at ../asm/eval.c:540
#30 0x00000000004cab7c in expr3 (critical=0) at ../asm/eval.c:506
#31 0x00000000004caa3e in expr2 (critical=0) at ../asm/eval.c:480
#32 0x00000000004ca8fe in expr1 (critical=0) at ../asm/eval.c:454
#33 0x00000000004c7c0e in expr0 (critical=0) at ../asm/eval.c:428
#34 0x00000000004c76c8 in evaluate (sc=<optimized out>, scprivate=<optimized
out>, tv=<optimized out>, fwref=<optimized out>, critical=<optimized out>,
hints=<optimized out>) at ../asm/eval.c:979
#35 0x00000000004a0a83 in parse_line (pass=<optimized out>,
buffer=0x60f00000d510 "times (((\vchaxax-F-----P-7*-(-c",
result=0x7fffffffe0a0, ldef=<optimized out>) at ../asm/parser.c:509
#36 0x0000000000480310 in assemble_file (fname=<optimized out>,
depend_ptr=<optimized out>) at ../asm/nasm.c:1245
#37 main (argc=<optimized out>, argv=<optimized out>) at ../asm/nasm.c:453

In function expr5, the return value of reloc_value(f) is zero.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list