[Nasm-bugs] [Bug 3392520] New: There is a global-buffer-overflow on address 0x000000780ba8 in nasm2.14rc15.

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Sun Oct 28 05:34:03 PDT 2018 

https://bugzilla.nasm.us/show_bug.cgi?id=3392520

            Bug ID: 3392520
           Summary: There is a  global-buffer-overflow on address
                    0x000000780ba8 in nasm2.14rc15.
           Product: NASM
           Version: 2.14 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: critical
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: ganshuitao at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411682
  --> https://bugzilla.nasm.us/attachment.cgi?id=411682&action=edit
Trigger by"./nasm -f bin POC0 -o xxx"

version:nasm2.14rc15
Summary: 

There is a  global-buffer-overflow on address 0x000000780ba8 in nasm2.14rc15. 

Description:

The asan debug is as follows:

$./nasm -f bin POC0 -o xxx

=================================================================
==63939==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000780ba8 at pc 0x4c7821 bp 0x7ffd8c9dc270 sp 0x7ffd8c9dc268
READ of size 8 at 0x000000780ba8 thread T0
==63939==WARNING: Trying to symbolize code, but external symbolizer is not
initialized!
    #0 0x4c7820
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x4c7820)
    #1 0x47f325
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47f325)
    #2 0x7fc5b6562a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #3 0x47ba48
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47ba48)

0x000000780ba8 is located 0 bytes to the right of global variable
'nasm_reg_flags' from 'x86/regflags.c' (0x780420) of size 1928
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x0000800e8120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800e8130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800e8140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800e8150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800e8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800e8170: 00 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0000800e8180: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0000800e8190: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0000800e81a0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0000800e81b0: f9 f9 f9 f9 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9
  0x0000800e81c0: 06 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==63939==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list