[Nasm-bugs] [Bug 3392515] New: FPE found in nasm assembler

[noreply-nasm at gorcunov.org]

https://bugzilla.nasm.us/show_bug.cgi?id=3392515

            Bug ID: 3392515
           Summary: FPE found in nasm assembler
           Product: NASM
           Version: 2.14 (development)
          Hardware: All
                OS: Linux
            Status: OPEN
          Severity: severe
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: situlingyun at gmail.com
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411669
  --> https://bugzilla.nasm.us/attachment.cgi?id=411669&action=edit
POC to trigger FPE

We find a FPE vulnerability in the latest nasm by fuzzing. We use address
sanitizer to track the vulnerability.

The information is as follows, and attachment is the POC file.



stly at stly-XPS-8700:~/Desktop/TargetFuzz/Benchmark/nasm$
./installed-address/bin/nasm -felf64
./out-AFL-Org4/crashes/id\:000004\,sig\:08\,src\:007049\,op\:arith8\,pos\:246\,val\:-6 

./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:4:
error: parser: instruction expected
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:7:
error: impossible combination of address sizes
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:7:
error: invalid effective address
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:11:
error: impossible combination of address sizes
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:11:
error: invalid effective address
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:13:
error: symbol `h' not defined before use
ASAN:DEADLYSIGNAL
=================================================================
==6597==ERROR: AddressSanitizer: FPE on unknown address 0x0000005715e2 (pc
0x0000005715e2 bp 0x000000000000 sp 0x7ffc2df723e0 T0)
    #0 0x5715e1 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5715e1)
    #1 0x56ef11 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
    #2 0x56e0e7 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
    #3 0x56d790 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
    #4 0x56ce40 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
    #5 0x563da0 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
    #6 0x564b3e 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
    #7 0x56f354 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
    #8 0x56f00b 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f00b)
    #9 0x56e0e7 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
    #10 0x56d790 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
    #11 0x56ce40 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
    #12 0x563da0 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
    #13 0x564b3e 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
    #14 0x56f354 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
    #15 0x56ef11 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
    #16 0x56e0e7 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
    #17 0x56d790 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
    #18 0x56ce40 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
    #19 0x563da0 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
    #20 0x564b3e 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
    #21 0x56f354 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
    #22 0x56ef11 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
    #23 0x56e0e7 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
    #24 0x56d790 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
    #25 0x56ce40 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
    #26 0x563da0 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
    #27 0x5627a4 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5627a4)
    #28 0x51f85e 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x51f85e)
    #29 0x4ec2a9 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x4ec2a9)
    #30 0x7f6d1e6a382f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #31 0x419068 
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x419068)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5715e1) 
==6597==ABORTING

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.