[Nasm-bugs] [Bug 3392507] memory corruption of nasm when handling a crafed file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Wed Aug 22 08:00:03 PDT 2018 

https://bugzilla.nasm.us/show_bug.cgi?id=3392507

stuartly <situlingyun at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.13.xx                     |2.14 (development)

--- Comment #1 from stuartly <situlingyun at gmail.com> ---
I test it on the latest version of nasm-2.14rc15, there is the same problem.


stly at stly-XPS-8700:~/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15$ ^Cconfigure
--disable-shared CFLAGS="-fsanitize=address -ggdb" CXXFLAGS="-fsanitize=address
-ggdb" --prefix=$PWD/installed2
stly at stly-XPS-8700:~/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15$
./installed/bin/nasm -felf64
./crashes/id\:000000\,sig\:11\,src\:000101\,op\:havoc\,rep\:16./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4:
error: unknown preprocessor directive `%ar'
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error:
`%$locazeBflat': context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:4: error: label or
instruction expected at start of line
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: `%$localsize':
context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: `%$localsize':
context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: expression
syntax error
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: `%$localsize':
context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: `%$localsize':
context stack is empty
./crashes/id:000000,sig:11,src:000101,op:havoc,rep:16:5: error: expression
syntax error
ASAN:DEADLYSIGNAL
=================================================================
==25104==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000044cba9 bp 0x7ffc13de9490 sp 0x7ffc13de8c00 T0)
    #0 0x44cba8 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x44cba8)
    #1 0x6092a9 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x6092a9)
    #2 0x53e2e9 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x53e2e9)
    #3 0x52d077 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x52d077)
    #4 0x4ed83e 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x4ed83e)
    #5 0x7fccc4f5d82f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #6 0x419068 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x419068)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm-2.14rc15/installed/bin/nasm+0x44cba8) 
==25104==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list