[Nasm-bugs] [Bug 3392520] New: There is a global-buffer-overflow on address 0x000000780ba8 in nasm2.14rc15.
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Sun Oct 28 05:34:03 PDT 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392520
Bug ID: 3392520
Summary: There is a global-buffer-overflow on address
0x000000780ba8 in nasm2.14rc15.
Product: NASM
Version: 2.14 (development)
Hardware: All
OS: All
Status: OPEN
Severity: critical
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: ganshuitao at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411682
--> https://bugzilla.nasm.us/attachment.cgi?id=411682&action=edit
Trigger by"./nasm -f bin POC0 -o xxx"
version:nasm2.14rc15
Summary:
There is a global-buffer-overflow on address 0x000000780ba8 in nasm2.14rc15.
Description:
The asan debug is as follows:
$./nasm -f bin POC0 -o xxx
=================================================================
==63939==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000780ba8 at pc 0x4c7821 bp 0x7ffd8c9dc270 sp 0x7ffd8c9dc268
READ of size 8 at 0x000000780ba8 thread T0
==63939==WARNING: Trying to symbolize code, but external symbolizer is not
initialized!
#0 0x4c7820
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x4c7820)
#1 0x47f325
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47f325)
#2 0x7fc5b6562a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#3 0x47ba48
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47ba48)
0x000000780ba8 is located 0 bytes to the right of global variable
'nasm_reg_flags' from 'x86/regflags.c' (0x780420) of size 1928
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0000800e8120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e8130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e8140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e8150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800e8170: 00 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0000800e8180: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0000800e8190: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0000800e81a0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0000800e81b0: f9 f9 f9 f9 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9
0x0000800e81c0: 06 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==63939==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list