[Nasm-bugs] [Bug 3392513] New: NULL Pointer Dereference in asm/labels.c
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Wed Sep 5 06:52:36 PDT 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392513
Bug ID: 3392513
Summary: NULL Pointer Dereference in asm/labels.c
Product: NASM
Version: unspecified
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: mohdfakhrizulkifli at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411667
--> https://bugzilla.nasm.us/attachment.cgi?id=411667&action=edit
crash poc
insn_is_label remains FALSE and therefore leaving result->label assigned to
NULL which is then dereference in islocal().
[...]
if (i == TOKEN_ID || (insn_is_label && i == TOKEN_INSN)) { <-- not taken
/* there's a label here */
first = false;
result->label = tokval.t_charptr;
i = stdscan(NULL, &tokval);
if (i == ':') { /* skip over the optional colon */
i = stdscan(NULL, &tokval);
} else if (i == 0) {
nasm_error(ERR_WARNING | ERR_WARN_OL | ERR_PASS1,
"label alone on a line without a colon might be in error");
}
if (i != TOKEN_INSN || tokval.t_integer != I_EQU) {
/*
* FIXME: location.segment could be NO_SEG, in which case
* it is possible we should be passing 'absolute.segment'. Look
into this.
* Work out whether that is *really* what we should be doing.
* Generally fix things. I think this is right as it is, but
* am still not certain.
*/
define_label(result->label,
in_absolute ? absolute.segment : location.segment,
location.offset, true);
[...]
static bool islocal(const char *l)
{
if (tasm_compatible_mode) {
if (l[0] == '@' && l[1] == '@')
return true;
}
return (l[0] == '.' && l[1] != '.'); <-- boom
}
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list