[Nasm-bugs] [Bug 3392790] New: Infinite loop in paste_tokens()
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Mon Dec 13 03:50:06 PST 2021
https://bugzilla.nasm.us/show_bug.cgi?id=3392790
Bug ID: 3392790
Summary: Infinite loop in paste_tokens()
Product: NASM
Version: 2.16 (development)
Hardware: All
OS: Linux
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: wyxaidai at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Created attachment 411841
--> https://bugzilla.nasm.us/attachment.cgi?id=411841&action=edit
poc
An infinite loop was discovered in gpaste_tokens()
./nasm -f bin ./poc_hang -o 1
./poc_hang:1: warning: unterminated %{ construct [-w+other]
./poc_hang:1: error: parser: instruction expected
./poc_hang:4: error: label or instruction expected at start of line
./poc_hang:10: error: `%macro' expects a parameter count
./poc_hang:10: warning: too many default macro parameters in macro `b_struc$1'
[-w+macro-defaults]
./poc_hang:12: warning: unterminated string [-w+other]
./poc_hang:22: warning: unterminated %{ construct [-w+other]
./poc_hang:35: error: label or instruction expected at start of line
./poc_hang:38: error: parser: instruction expected
./poc_hang:40: warning: unterminated %[ construct [-w+other]
0x00005555555c2025 in paste_tokens (head=head at entry=0x7fffffffdc28,
m=m at entry=0x555555601060 <tmatch>,
mnum=mnum at entry=1, handle_explicit=handle_explicit at entry=true) at
asm/preproc.c:4994
4994 if (!prev_nonspace) {
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────[ REGISTERS
]─────────────────────────────────────────────
*RAX 0x0
RBX 0x555555601068 ◂— 0x0
*RCX 0x131
RDX 0x555555601068 ◂— 0x0
RDI 0xffffff70
RSI 0xf
R8 0x7ffff7d88e50 —▸ 0x7ffff7d88d10 —▸ 0x7ffff7d890d0 —▸ 0x7ffff7d88fd0 —▸
0x7ffff7d88f90 ◂— ...
R9 0xffffff70
R10 0x5c
R11 0x7ffff7faabe0 (main_arena+96) —▸ 0x5555557593d0 ◂— 0x0
R12 0x5555555ffffc ◂— 0xfffc1feefffc2011
R13 0x5555555fff84 ◂— 0xfffc1f19fffc1f29
*R14 0x7ffff7d890d0 —▸ 0x7ffff7d88fd0 —▸ 0x7ffff7d88f90 —▸ 0x7ffff7d88f10 —▸
0x7ffff7d89290 ◂— ...
*R15 0x7ffff7d88d10 —▸ 0x7ffff7d890d0 —▸ 0x7ffff7d88fd0 —▸ 0x7ffff7d88f90 —▸
0x7ffff7d88f10 ◂— ...
*RBP 0x0
RSP 0x7fffffffdbb0 ◂— 0x1
*RIP 0x5555555c2025 (paste_tokens+757) ◂— test rbp, rbp
──────────────────────────────────────────────[ DISASM
]──────────────────────────────────────────────
► 0x5555555c2025 <paste_tokens+757> test rbp, rbp
0x5555555c2028 <paste_tokens+760> je paste_tokens+905
<paste_tokens+905>
↓
0x5555555c20b9 <paste_tokens+905> mov rbp, qword ptr [rsp + 0x18]
0x5555555c20be <paste_tokens+910> mov qword ptr [rsp], 0
0x5555555c20c6 <paste_tokens+918> mov r14, rbp
0x5555555c20c9 <paste_tokens+921> jmp paste_tokens+777
<paste_tokens+777>
↓
0x5555555c2039 <paste_tokens+777> mov r15, qword ptr [r14]
0x5555555c203c <paste_tokens+780> test r15, r15
0x5555555c203f <paste_tokens+783> je paste_tokens+864
<paste_tokens+864>
0x5555555c2041 <paste_tokens+785> mov rdi, r15
0x5555555c2044 <paste_tokens+788> jmp paste_tokens+813
<paste_tokens+813>
──────────────────────────────────────────[ SOURCE (CODE)
]───────────────────────────────────────────
In file: /root/fuckit/nasm/asm/preproc.c
4989 break;
4990
4991 did_paste = true;
4992
4993 /* Left pasting token is start of line, just drop %+ */
► 4994 if (!prev_nonspace) {
4995 prev_next = nextp = head;
4996 t = NULL;
4997 } else {
4998 prev_next = prev_nonspace;
4999 t = *prev_next;
──────────────────────────────────────────────[ STACK
]───────────────────────────────────────────────
00:0000│ rsp 0x7fffffffdbb0 ◂— 0x1
01:0008│ 0x7fffffffdbb8 ◂— 0x0
02:0010│ 0x7fffffffdbc0 —▸ 0x555555601060 (tmatch) ◂— 0x1f0000000f
03:0018│ 0x7fffffffdbc8 —▸ 0x7fffffffdc28 —▸ 0x7ffff7d88e50 —▸
0x7ffff7d88d10 —▸ 0x7ffff7d890d0 ◂— ...
04:0020│ 0x7fffffffdbd0 ◂— 0x101000018
05:0028│ 0x7fffffffdbd8 ◂— 0x1e0081800c278400
06:0030│ 0x7fffffffdbe0 —▸ 0x7fffffffdc28 —▸ 0x7ffff7d88e50 —▸
0x7ffff7d88d10 —▸ 0x7ffff7d890d0 ◂— ...
07:0038│ 0x7fffffffdbe8 ◂— 0x1
────────────────────────────────────────────[ BACKTRACE
]─────────────────────────────────────────────
► f 0 0x5555555c2025 paste_tokens+757
f 1 0x5555555c2260 expand_smacro_noreset+160
f 2 0x5555555c40f3 expand_mmac_params+259
f 3 0x5555555c40f3 expand_mmac_params+259
f 4 0x5555555c764b pp_getline+603
f 5 0x5555555c764b pp_getline+603
f 6 0x5555555b197f assemble_file+911
f 7 0x5555555aef39 main+1273
──────────────────────────────────────────────────────────────────────────────────────────────────────
pwndbg> bt
#0 0x00005555555c2025 in paste_tokens (head=head at entry=0x7fffffffdc28,
m=m at entry=0x555555601060 <tmatch>, mnum=mnum at entry=1,
handle_explicit=handle_explicit at entry=true) at asm/preproc.c:4994
#1 0x00005555555c2260 in expand_smacro_noreset (org_tline=0x7ffff7d88d50) at
asm/preproc.c:5925
#2 0x00005555555c40f3 in expand_smacro (tline=<optimized out>) at
asm/preproc.c:5865
#3 expand_mmac_params (tline=0x0) at asm/preproc.c:5338
#4 0x00005555555c764b in pp_tokline () at asm/preproc.c:7258
#5 pp_getline () at asm/preproc.c:7328
#6 0x00005555555b197f in assemble_file (fname=0x5555557027e0
"/root/fuckit/nasm/out1213/hangs/id:000040,src:000010+001117,op:splice,rep:32",
depend_list=0x0) at asm/nasm.c:1722
#7 0x00005555555aef39 in main (argc=argc at entry=4,
argv=argv at entry=0x7fffffffe208) at asm/nasm.c:717
#8 0x00007ffff7de60b3 in __libc_start_main (main=0x5555555aea40 <main>,
argc=4, argv=0x7fffffffe208, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe1f8) at ../csu/libc-start.c:308
#9 0x00005555555af8fe in _start () at asm/nasm.c:512
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list