[Nasm-bugs] [Bug 3392576] asm/pragma.c: NULL-ptr dereference in limit pragma parser

[noreply-nasm at gorcunov.org]

https://bugzilla.nasm.us/show_bug.cgi?id=3392576

--- Comment #2 from Purushothama <ppadmana at in.ibm.com> ---
(In reply to Ren Kimura from comment #0)
> Created attachment 411720 [details]
> Proof of Concept ASM file
> 
> If "%pragma limit" doesn't follow any words, asm parser reaches end of file 
> and nasm_get_word() returns NULL.
> 
> However process_pragma() still try to continue parse parameters of limit
> pragma, 
> that is intended to be located at next word.
> 
> As a result nasm_set_limit() is called with NULL pointer, cause NULL-ptr
> dereference.
> 
> ./nasm-2.14.02/nasm -felf64 ~/nullderef_nasm-2.14.02_pragma_limit
> Segmentation fault (core dumped)
> 
> (gdb) bt
> #0  __strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:199
> #1  0x000000000040268d in nasm_set_limit (limit=0x0, valstr=0x0) at
> asm/nasm.c:199
> #2  0x0000000000442fd4 in search_pragma_list (list=<optimized out>,
> default_name=0x0, generic_handler=0x0, 
>     pragma=0x7fffffffe0a0) at asm/pragma.c:137
> #3  0x0000000000442b83 in process_pragma (str=<optimized out>) at
> asm/pragma.c:218
> #4  0x000000000043f22d in process_directives (directive=0x7a4021 "pragma")
> at asm/directiv.c:503
> #5  0x0000000000407eaa in assemble_file (fname=<optimized out>,
> depend_ptr=<optimized out>) at asm/nasm.c:1498
> #6  main (argc=<optimized out>, argv=<optimized out>) at asm/nasm.c:617
> (gdb) up
> #1  0x000000000040268d in nasm_set_limit (limit=0x0, valstr=0x0) at
> asm/nasm.c:199
> 199             if (!nasm_stricmp(limit, limit_info[i].name))
> (gdb) p/x limit
> $1 = 0x0
> 
> Thanks
> Ren

Hi Ren,
Will this issue affect 2.13.03 ?

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.