[Nasm-bugs] [Bug 3392507] New: memory corruption of nasm when handling a crafed file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Wed Aug 22 07:29:42 PDT 2018 

https://bugzilla.nasm.us/show_bug.cgi?id=3392507

            Bug ID: 3392507
           Summary: memory corruption of nasm when handling a crafed file
                    due to  function assemble_file(inname, depend_ptr) at
                    asm/nasm.c:482
           Product: NASM
           Version: 2.13.xx
          Hardware: All
                OS: Linux
            Status: OPEN
          Severity: critical
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: situlingyun at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Binary from nasm.us

Created attachment 411660
  --> https://bugzilla.nasm.us/attachment.cgi?id=411660&action=edit
POC to trigger the crash

memory corruption of nasm when handling a crafed file due to  function
assemble_file(inname, depend_ptr) at asm/nasm.c:482.

The crash dump is as follows:

stly at stly-XPS-8700:~/Desktop/TargetFuzz/Benchmark/nasm$ ./installed/bin/nasm
-felf64
./out-AFL-Org2/crashes/id\:000000\,sig\:11\,src\:000101\,op\:havoc\,rep\:16 
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
unknown preprocessor directive `%ar'
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
label or instruction expected at start of line
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
`%$localsize': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
`%$localsize': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
expression syntax error
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
`%$localsize': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
`%$localsize': context stack is empty
./out-AFL-Org2/crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error:
expression syntax error
Segmentation fault

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list