[Nasm-bugs] [Bug 3392476] New: memory alignment error in do_ea (disasm.c)
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Mon Apr 23 12:53:16 PDT 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392476
Bug ID: 3392476
Summary: memory alignment error in do_ea (disasm.c)
Product: NASM
Version: 2.13.xx
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Disassembler
Assignee: nobody at nasm.us
Reporter: traceprobe at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411637
--> https://bugzilla.nasm.us/attachment.cgi?id=411637&action=edit
2.13.3 alignment error; 2.14rc heap-buffer-overflow
On latest stable version (2.13.3), there is a memory alignment error in do_ea
function of disasm.c file, which could be triggered by the POC below. The issue
may not result in crash, but could cause other abnormal program behavior or
other unspecified impacts.
Also, the same POC file may result in heap out-of-bound read on
nasm-2.14rc0-20180420.tar.gz.
To reproduce:
1) download nasm-2.13.03.tar.gz
2) build nasm with ASAN enabled;
3) execute: bin/ndisasm -b 32 $POC
273 static uint8_t *do_ea(uint8_t *data, int modrm, int asize,
274 int segsize, enum ea_type type,
275 operand *op, insn *ins)
...
449 switch (mod) {
462 case 2:
463 op->segment |= SEG_DISP32;
464 op->offset = gets32(data); // issue
465 data += 4;
466 break;
467 }
468 return data;
469 }
470 }
he error log is attached:
disasm/disasm.c:464:26: runtime error: load of misaligned address
0x7ffc53ca36a3 for type 'uint32_t', which requires 4 byte alignment
0x7ffc53ca36a3: note: pointer points here
00 c5 c5 b3 c5 b2 c5 c5 c5 c5 c5 40 c5 00 10 c5 c5 29 15 ca 08 00 00 f2 c5 c5
d2 cd c5 c5 c5 c5
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list