[Nasm-bugs] [Bug 3392528] New: There is an illegal address access at asm/preproc.c:4677(function:is_mmacro) in nasm2.14rc16 that will cause dos attack.

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Mon Nov 12 23:42:03 PST 2018


https://bugzilla.nasm.us/show_bug.cgi?id=3392528

            Bug ID: 3392528
           Summary: There is an illegal address access at
                    asm/preproc.c:4677(function:is_mmacro) in nasm2.14rc16
                    that will cause dos attack.
           Product: NASM
           Version: 2.14 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: blocker
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: ganshuitao at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Binary from nasm.us

Created attachment 411688
  --> https://bugzilla.nasm.us/attachment.cgi?id=411688&action=edit
./nasm -f bin POC6 -o xxx

version:nasm2.14rc16
Summary: 

There is an illegal address access at asm/preproc.c:4677(function:is_mmacro) in
nasm2.14rc16 that will cause dos attack. 

Description:

The ubsan debug is as follows:

$./nasm -f bin POC6 -o xxx

ASAN:SIGSEGV
=================================================================
==19284==ERROR: AddressSanitizer: SEGV on unknown address 0x60bc23a416b0 (pc
0x00000042f707 bp 0x000084746b8e sp 
0x7ffd4c38b410 T0)
    #0 0x42f706 in is_mmacro asm/preproc.c:4677
    #1 0x445ce0 in expand_mmacro asm/preproc.c:4766
    #2 0x445ce0 in pp_getline asm/preproc.c:5252
    #3 0x40d791 in assemble_file asm/nasm.c:1442
    #4 0x40640d in main asm/nasm.c:573
    #5 0x7f10f746fa3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #6 0x4072f8 in _start
(/home/company/real_sanitize/poc_check/nasm/nasm_new_addr+0x4072f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV asm/preproc.c:4677 is_mmacro
==19284==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.


More information about the Nasm-bugs mailing list