[Nasm-bugs] [Bug 3392521] New: There is a heap-buffer-overflow on address 0x602000006d91 in nasm2.14rc15.

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Sun Oct 28 05:35:44 PDT 2018


https://bugzilla.nasm.us/show_bug.cgi?id=3392521

            Bug ID: 3392521
           Summary: There is a heap-buffer-overflow on address
                    0x602000006d91 in nasm2.14rc15.
           Product: NASM
           Version: 2.14 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: critical
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: ganshuitao at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411683
  --> https://bugzilla.nasm.us/attachment.cgi?id=411683&action=edit
Trigger by"./nasm -f bin POC1 -o xxx"

version:nasm2.14rc15
Summary: 

There is a heap-buffer-overflow on address 0x602000006d91 in nasm2.14rc15. 

Description:

The asan debug is as follows:

$./nasm -f bin POC1 -o xxx

=================================================================
==63902==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000006d91 at pc 0x50b10d bp 0x7ffcc3b1b790 sp 0x7ffcc3b1b788
READ of size 1 at 0x602000006d91 thread T0
==63902==WARNING: Trying to symbolize code, but external symbolizer is not
initialized!
    #0 0x50b10c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x50b10c)
    #1 0x4d1db1
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x4d1db1)
    #2 0x480a5c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x480a5c)
    #3 0x7f779444ea3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #4 0x47ba48
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x47ba48)

0x602000006d91 is located 0 bytes to the right of 1-byte region
[0x602000006d90,0x602000006d91)
allocated by thread T0 here:
    #0 0x465959
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x465959)
    #1 0x488d25
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x488d25)
    #2 0x480a5c
(/home/company/real_sanitize/poc_check/nasm/nasm_sanitize_addr+0x480a5c)
    #3 0x7f779444ea3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x0c047fff8d60: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8d70: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8d80: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8d90: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8da0: fa fa 02 fa fa fa 02 fa fa fa 00 fa fa fa 00 fa
=>0x0c047fff8db0: fa fa[01]fa fa fa 04 fa fa fa fd fd fa fa 02 fa
  0x0c047fff8dc0: fa fa fd fa fa fa fd fa fa fa 06 fa fa fa 06 fa
  0x0c047fff8dd0: fa fa 02 fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8de0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8df0: fa fa 00 fa fa fa 00 fa fa fa 06 fa fa fa 00 fa
  0x0c047fff8e00: fa fa 00 fa fa fa 00 fa fa fa 06 fa fa fa 02 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==63902==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.


More information about the Nasm-bugs mailing list