[Nasm-bugs] [Bug 3392712] New: double-free in pp_tokline asm/preproc.c:6750

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Mon Aug 3 22:11:08 PDT 2020

Previous message (by thread): [Nasm-bugs] [Bug 3392711] A heap-buffer-overflow in preproc.c:410:10 causes segment fault
Next message (by thread): [Nasm-bugs] [Bug 3392712] double-free in pp_tokline asm/preproc.c:6750
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392712

            Bug ID: 3392712
           Summary: double-free in pp_tokline asm/preproc.c:6750
           Product: NASM
           Version: 2.15 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: prada960808 at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Build from source archive using configure

Created attachment 411800
  --> https://bugzilla.nasm.us/attachment.cgi?id=411800&action=edit
poc

Hi, we found a double-free in pp_tokline asm/preproc.c:6750
version : nasm-2.15.04rc3

Please run following command
`nasm -f win -o tmp.o $PoC`


==32583==ERROR: AddressSanitizer: attempting double-free on 0x60c0001d7700 in
thread T0:
    #0 0x7fb5dfbf97a8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x556ecf725656 in nasm_free nasmlib/alloc.c:108
    #2 0x556ecf769767 in pp_tokline asm/preproc.c:6750
    #3 0x556ecf76a802 in pp_getline asm/preproc.c:6922
    #4 0x556ecf7231dc in assemble_file asm/nasm.c:1718
    #5 0x556ecf71e567 in main asm/nasm.c:714
    #6 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #7 0x556ecf71b809 in _start
(/mnt/hda2/suhwan/add_project/final/FINAL_TEST_ZONE/program/nasm-2.15.04rc3/install_dir/bin/nasm+0x111809)

0x60c0001d7700 is located 0 bytes inside of 128-byte region
[0x60c0001d7700,0x60c0001d7780)
freed by thread T0 here:
    #0 0x7fb5dfbf97a8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x556ecf725656 in nasm_free nasmlib/alloc.c:108
    #2 0x556ecf769767 in pp_tokline asm/preproc.c:6750
    #3 0x556ecf76a802 in pp_getline asm/preproc.c:6922
    #4 0x556ecf7231dc in assemble_file asm/nasm.c:1718
    #5 0x556ecf71e567 in main asm/nasm.c:714
    #6 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

previously allocated by thread T0 here:
    #0 0x7fb5dfbf9d28 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x556ecf725572 in nasm_calloc nasmlib/alloc.c:72
    #2 0x556ecf7541d6 in count_mmac_params asm/preproc.c:2443
    #3 0x556ecf765d08 in is_mmacro asm/preproc.c:6004
    #4 0x556ecf76722b in expand_mmacro asm/preproc.c:6284
    #5 0x556ecf76a766 in pp_tokline asm/preproc.c:6910
    #6 0x556ecf76a802 in pp_getline asm/preproc.c:6922
    #7 0x556ecf7231dc in assemble_file asm/nasm.c:1718
    #8 0x556ecf71e567 in main asm/nasm.c:714
    #9 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: double-free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) in __interceptor_free
==32583==ABORTING


This is found by Agency for Defense Development (ADD).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392711] A heap-buffer-overflow in preproc.c:410:10 causes segment fault
Next message (by thread): [Nasm-bugs] [Bug 3392712] double-free in pp_tokline asm/preproc.c:6750
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list