[Nasm-bugs] [Bug 3392566] New: OOB write in nasm_quote

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Fri Apr 19 00:01:45 PDT 2019

Previous message (by thread): [Nasm-bugs] [Bug 3392565] equ allows colon after the expression to calculate
Next message (by thread): [Nasm-bugs] [Bug 3392567] New: [Feature request] Listing preprocessor define results in list file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392566

            Bug ID: 3392566
           Summary: OOB write in nasm_quote
           Product: NASM
           Version: 2.15 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: deian at cs.ucsd.edu
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Unknown

I believe there is an out-of-bounds read in nasm_quote, when called with a huge
length [1]:

char  *nasm_quote(const char *str, size_t len)
{
  ...
    nstr = nasm_malloc(len+3);                         // overflow, thus create
small buffer
    nstr[0] = nstr[len+1] = sq_ok ? '\'' : '\"';
    nstr[len+2] = '\0';
    if (len > 0)
      memcpy(nstr+1, str, len);                       // copy huge amounts of
data
  ...

Apologies if this turns out to not be a concern.

[1] https://repo.or.cz/nasm.git/blob/HEAD:/asm/quote.c#l106

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.

Previous message (by thread): [Nasm-bugs] [Bug 3392565] equ allows colon after the expression to calculate
Next message (by thread): [Nasm-bugs] [Bug 3392567] New: [Feature request] Listing preprocessor define results in list file
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list