[Nasm-bugs] [Bug 3392606] New: Null-Dereference bug in nasm.c
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Sat Aug 24 03:17:57 PDT 2019
https://bugzilla.nasm.us/show_bug.cgi?id=3392606
Bug ID: 3392606
Summary: Null-Dereference bug in nasm.c
Product: NASM
Version: 2.14.xx
Hardware: PC
OS: Linux
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: jjzuming at outlook.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
the malloc() in the call stack shown below may fail:
#1 Call malloc() in nasm_malloc(), at malloc.c: 75
#2 Call nasm_malloc() in saa_init(), at saa.c: 56
#3 Call saa_init() in main(), at nasm.c: 479
If the malloc() in this call stack fails, it will return NULL. And then
validate_ptr() in nasm_malloc() will check the return value. Since it is NULL,
the program will call nasm_alloc_failed() in validate_ptr(), and then call
nasm_fatal() in nasm_alloc_failed(). In nasm_fatal(), the program will call
nasm_verror() which is a function pointer and it points to nasm_verror_asm().
In nasm_verror_asm(), the program deference a pointer preproc at nasm.c: 1909.
However, The pointer preproc has not been assigned yet and it should be
assigned in main(), at nasm.c: 481. So preproc is NULL, and the program will
crash when preproc is deferenced.
This bug is found by my fuzzing tool and it can be trigger at runtime.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list