[Nasm-bugs] [Bug 3392606] New: Null-Dereference bug in nasm.c

[noreply-nasm at gorcunov.org]

https://bugzilla.nasm.us/show_bug.cgi?id=3392606

            Bug ID: 3392606
           Summary: Null-Dereference bug in nasm.c
           Product: NASM
           Version: 2.14.xx
          Hardware: PC
                OS: Linux
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: jjzuming at outlook.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

the malloc() in the call stack shown below may fail:
#1 Call malloc() in nasm_malloc(), at malloc.c: 75
#2 Call nasm_malloc() in saa_init(), at saa.c: 56
#3 Call saa_init() in main(), at nasm.c: 479

If the malloc() in this call stack fails, it will return NULL. And then
validate_ptr() in nasm_malloc() will check the return value. Since it is NULL,
the program will call nasm_alloc_failed() in validate_ptr(), and then call
nasm_fatal() in nasm_alloc_failed(). In nasm_fatal(), the program will call
nasm_verror() which is a function pointer and it points to nasm_verror_asm().
In nasm_verror_asm(), the program deference a pointer preproc at nasm.c: 1909.

However, The pointer preproc has not been assigned yet and it should be
assigned in main(), at nasm.c: 481. So preproc is NULL, and the program will
crash when preproc is deferenced.

This bug is found by my fuzzing tool and it can be trigger at runtime.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.