[Nasm-bugs] [Bug 3392609] New: Stack buffer overflow found when specifying addresses and offset
noreply-nasm at gorcunov.org
noreply-nasm at gorcunov.org
Mon Sep 16 05:36:04 PDT 2019
https://bugzilla.nasm.us/show_bug.cgi?id=3392609
Bug ID: 3392609
Summary: Stack buffer overflow found when specifying addresses
and offset
Product: NASM
Version: 2.15 (development)
Hardware: PC
OS: Linux
Status: OPEN
Severity: major
Priority: Medium
Component: Disassembler
Assignee: nobody at nasm.us
Reporter: tureqsec at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Hi,
I've observed that in the latest commit
a6358096202e1b3bec58decabaad007f4957392c there is a possibility of a buffer
overflow on Ubuntu 19.04. I've managed to get the stack smash warning with the
following:
```
$ ./ndisasm -v
NDISASM version 2.15rc0 compiled on Sep 16 2019
$ python3 -c 'fp = open("test.bin", "wb"); fp.write(b"A" * 0x149); fp.close()'
$ ./ndisasm -u -o148h -s23eh -k 0,149h ./test.bin
```
output:
```
...
0000028F 41 db 0x41
00000290 41 db 0x41
*** stack smashing detected ***: <unknown> terminated
Aborted (core dumped)
```
I've tried to move this further by recompiling with -fno-stack-protector flag
and observed the following after executing the following commands:
```
$ python3 -c 'fp = open("test.bin", "wb"); fp.write(b"A" * 0x17c); fp.close()'
$ ./ndisasm -u -o166h -s2e0h -k 0,17ah test.bin
```
output:
```
...
000002E0 41 db 0x41
000002E1 41 db 0x41
Segmentation fault (core dumped)
$ dmesg
...
[29737.611225] ndisasm[32299]: segfault at 7f1e41414141 ip 00007f1e41414141 sp
00007ffdcfd8a130 error 14 in libc-2.29.so[7f1e59a82000+25000]
[29737.611237] Code: Bad RIP value.
...
$ gdb -q ./ndisasm ./core
Reading symbols from ./ndisasm...
[New LWP 3345]
Core was generated by `./ndisasm -u -o166h -s2e0h -k 0 17ah test.bin'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f5041414141 in ?? ()
```
I've also observed the same behaviour on ndisasm binary 2.14 that is shipped
with Ubuntu 19.04.
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list