[Nasm-bugs] [Bug 3392711] New: A heap-buffer-overflow in preproc.c:410:10 causes segment fault

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Sun Aug 2 20:13:23 PDT 2020

Previous message (by thread): [Nasm-bugs] [Bug 3392710] nasm-2.15.03-0.fc31.x86_64 can't be installed on CentOS 7.8 x86_64
Next message (by thread): [Nasm-bugs] [Bug 3392711] A heap-buffer-overflow in preproc.c:410:10 causes segment fault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392711

            Bug ID: 3392711
           Summary: A heap-buffer-overflow in preproc.c:410:10 causes
                    segment fault
           Product: NASM
           Version: 2.15 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: seviezhou at 163.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411799
  --> https://bugzilla.nasm.us/attachment.cgi?id=411799&action=edit
heap-overflow-set_text_free-preproc-410

## System info

Ubuntu X64, gcc (Ubuntu 5.5.0-12ubuntu1), nasm (latest nasm-2.15.04rc3)

## Command line

./nasm -fmacho64 -g -o /dev/null ./heap-overflow-set_text_free-preproc-410

## Output

```
free(): invalid pointer
Aborted (core dumped)
```

## AddressSanitizer output

```
=================================================================
==49566==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000002a55 at pc 0x0000004d7972 bp 0x7ffd2b364ec0 sp 0x7ffd2b364670
READ of size 4 at 0x602000002a55 thread T0
    #0 0x4d7971 in __asan_memcpy (/home/seviezhou/nasm/nasm+0x4d7971)
    #1 0x58d0a0 in set_text_free /home/seviezhou/nasm/asm/preproc.c:410:10
    #2 0x58b952 in expand_one_smacro /home/seviezhou/nasm/asm/preproc.c:5636:6
    #3 0x587fc6 in expand_smacro_noreset
/home/seviezhou/nasm/asm/preproc.c:5783:27
    #4 0x55b1d9 in expand_smacro /home/seviezhou/nasm/asm/preproc.c:5731:12
    #5 0x55b1d9 in pp_tokline /home/seviezhou/nasm/asm/preproc.c:6909
    #6 0x551a34 in pp_getline /home/seviezhou/nasm/asm/preproc.c:6922:17
    #7 0x509ca2 in assemble_file /home/seviezhou/nasm/asm/nasm.c:1718:24
    #8 0x509ca2 in main /home/seviezhou/nasm/asm/nasm.c:714
    #9 0x7f7281060b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #10 0x41a699 in _start (/home/seviezhou/nasm/nasm+0x41a699)

0x602000002a55 is located 0 bytes to the right of 5-byte region
[0x602000002a50,0x602000002a55)
allocated by thread T0 here:
    #0 0x4d8910 in __interceptor_malloc (/home/seviezhou/nasm/nasm+0x4d8910)
    #1 0x51463d in nasm_malloc /home/seviezhou/nasm/nasmlib/alloc.c:55:9
    #2 0x587fc6 in expand_smacro_noreset
/home/seviezhou/nasm/asm/preproc.c:5783:27
    #3 0x55b1d9 in expand_smacro /home/seviezhou/nasm/asm/preproc.c:5731:12
    #4 0x55b1d9 in pp_tokline /home/seviezhou/nasm/asm/preproc.c:6909
    #5 0x551a34 in pp_getline /home/seviezhou/nasm/asm/preproc.c:6922:17
    #6 0x7f7281060b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/seviezhou/nasm/nasm+0x4d7971) in __asan_memcpy
Shadow bytes around the buggy address:
  0x0c047fff84f0: fa fa 00 03 fa fa 00 03 fa fa 00 07 fa fa 00 07
  0x0c047fff8500: fa fa 00 07 fa fa 00 07 fa fa 00 07 fa fa 00 07
  0x0c047fff8510: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8520: fa fa fd fa fa fa 05 fa fa fa 05 fa fa fa 00 04
  0x0c047fff8530: fa fa 00 04 fa fa fd fa fa fa fd fa fa fa fd fa
=>0x0c047fff8540: fa fa fd fa fa fa fd fa fa fa[05]fa fa fa fa fa
  0x0c047fff8550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==49566==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392710] nasm-2.15.03-0.fc31.x86_64 can't be installed on CentOS 7.8 x86_64
Next message (by thread): [Nasm-bugs] [Bug 3392711] A heap-buffer-overflow in preproc.c:410:10 causes segment fault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list