[Nasm-bugs] [Bug 3392515] New: FPE found in nasm assembler
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Thu Sep 6 21:15:45 PDT 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392515
Bug ID: 3392515
Summary: FPE found in nasm assembler
Product: NASM
Version: 2.14 (development)
Hardware: All
OS: Linux
Status: OPEN
Severity: severe
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: situlingyun at gmail.com
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411669
--> https://bugzilla.nasm.us/attachment.cgi?id=411669&action=edit
POC to trigger FPE
We find a FPE vulnerability in the latest nasm by fuzzing. We use address
sanitizer to track the vulnerability.
The information is as follows, and attachment is the POC file.
stly at stly-XPS-8700:~/Desktop/TargetFuzz/Benchmark/nasm$
./installed-address/bin/nasm -felf64
./out-AFL-Org4/crashes/id\:000004\,sig\:08\,src\:007049\,op\:arith8\,pos\:246\,val\:-6
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:4:
error: parser: instruction expected
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:7:
error: impossible combination of address sizes
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:7:
error: invalid effective address
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:11:
error: impossible combination of address sizes
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:11:
error: invalid effective address
./out-AFL-Org4/crashes/id:000004,sig:08,src:007049,op:arith8,pos:246,val:-6:13:
error: symbol `h' not defined before use
ASAN:DEADLYSIGNAL
=================================================================
==6597==ERROR: AddressSanitizer: FPE on unknown address 0x0000005715e2 (pc
0x0000005715e2 bp 0x000000000000 sp 0x7ffc2df723e0 T0)
#0 0x5715e1
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5715e1)
#1 0x56ef11
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
#2 0x56e0e7
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
#3 0x56d790
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
#4 0x56ce40
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
#5 0x563da0
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
#6 0x564b3e
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
#7 0x56f354
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
#8 0x56f00b
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f00b)
#9 0x56e0e7
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
#10 0x56d790
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
#11 0x56ce40
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
#12 0x563da0
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
#13 0x564b3e
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
#14 0x56f354
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
#15 0x56ef11
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
#16 0x56e0e7
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
#17 0x56d790
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
#18 0x56ce40
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
#19 0x563da0
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
#20 0x564b3e
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x564b3e)
#21 0x56f354
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56f354)
#22 0x56ef11
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ef11)
#23 0x56e0e7
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56e0e7)
#24 0x56d790
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56d790)
#25 0x56ce40
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x56ce40)
#26 0x563da0
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x563da0)
#27 0x5627a4
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5627a4)
#28 0x51f85e
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x51f85e)
#29 0x4ec2a9
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x4ec2a9)
#30 0x7f6d1e6a382f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#31 0x419068
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x419068)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE
(/home/stly/Desktop/TargetFuzz/Benchmark/nasm/installed-address/bin/nasm+0x5715e1)
==6597==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list