[Nasm-bugs] [Bug 3392712] New: double-free in pp_tokline asm/preproc.c:6750
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Mon Aug 3 22:11:08 PDT 2020
https://bugzilla.nasm.us/show_bug.cgi?id=3392712
Bug ID: 3392712
Summary: double-free in pp_tokline asm/preproc.c:6750
Product: NASM
Version: 2.15 (development)
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: prada960808 at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Build from source archive using configure
Created attachment 411800
--> https://bugzilla.nasm.us/attachment.cgi?id=411800&action=edit
poc
Hi, we found a double-free in pp_tokline asm/preproc.c:6750
version : nasm-2.15.04rc3
Please run following command
`nasm -f win -o tmp.o $PoC`
==32583==ERROR: AddressSanitizer: attempting double-free on 0x60c0001d7700 in
thread T0:
#0 0x7fb5dfbf97a8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
#1 0x556ecf725656 in nasm_free nasmlib/alloc.c:108
#2 0x556ecf769767 in pp_tokline asm/preproc.c:6750
#3 0x556ecf76a802 in pp_getline asm/preproc.c:6922
#4 0x556ecf7231dc in assemble_file asm/nasm.c:1718
#5 0x556ecf71e567 in main asm/nasm.c:714
#6 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#7 0x556ecf71b809 in _start
(/mnt/hda2/suhwan/add_project/final/FINAL_TEST_ZONE/program/nasm-2.15.04rc3/install_dir/bin/nasm+0x111809)
0x60c0001d7700 is located 0 bytes inside of 128-byte region
[0x60c0001d7700,0x60c0001d7780)
freed by thread T0 here:
#0 0x7fb5dfbf97a8 in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
#1 0x556ecf725656 in nasm_free nasmlib/alloc.c:108
#2 0x556ecf769767 in pp_tokline asm/preproc.c:6750
#3 0x556ecf76a802 in pp_getline asm/preproc.c:6922
#4 0x556ecf7231dc in assemble_file asm/nasm.c:1718
#5 0x556ecf71e567 in main asm/nasm.c:714
#6 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
previously allocated by thread T0 here:
#0 0x7fb5dfbf9d28 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x556ecf725572 in nasm_calloc nasmlib/alloc.c:72
#2 0x556ecf7541d6 in count_mmac_params asm/preproc.c:2443
#3 0x556ecf765d08 in is_mmacro asm/preproc.c:6004
#4 0x556ecf76722b in expand_mmacro asm/preproc.c:6284
#5 0x556ecf76a766 in pp_tokline asm/preproc.c:6910
#6 0x556ecf76a802 in pp_getline asm/preproc.c:6922
#7 0x556ecf7231dc in assemble_file asm/nasm.c:1718
#8 0x556ecf71e567 in main asm/nasm.c:714
#9 0x7fb5df74bb96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: double-free
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) in __interceptor_free
==32583==ABORTING
This is found by Agency for Defense Development (ADD).
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list