[Nasm-bugs] [Bug 3392743] New: Heap-buffer-overflow in preproc.c

[noreply-nasm at dev.nasm.us]

https://bugzilla.nasm.us/show_bug.cgi?id=3392743

            Bug ID: 3392743
           Summary: Heap-buffer-overflow in preproc.c
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: dz1833006 at smail.nju.edu.cn
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411812
  --> https://bugzilla.nasm.us/attachment.cgi?id=411812&action=edit
poc file

Version: github-master branch commit:6d95cc8 (2021.2.22)

Cmd: nasm poc -o tmp

Build options:

1. sh autogen.sh
2. CC=clang CXX=clang++ CFLAGS="-fsanitize=address" ./configure --enable-gdb
3. make

ASAN:

==163062==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000003bb8 at pc 0x000000558342 bp 0x7ffda3013d70 sp 0x7ffda3013d68
READ of size 4 at 0x602000003bb8 thread T0
    #0 0x558341 in expand_mmacro /nasm/nasm-master/asm/preproc.c:6627:25
    #1 0x537192 in pp_tokline /nasm/nasm-master/asm/preproc.c:7310:18
    #2 0x534ad9 in pp_getline /nasm/nasm-master/asm/preproc.c:7322:17
    #3 0x4f0937 in assemble_file /nasm/nasm-master/asm/nasm.c:1722:24
    #4 0x4eed0d in main /nasm/nasm-master/asm/nasm.c:717:9
    #5 0x7fd07cbaf0b2 in __libc_start_main
/build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x41c42d in _start /nasm/nasm-master/nasm+0x41c42d)

0x602000003bb8 is located 0 bytes to the right of 8-byte region
[0x602000003bb0,0x602000003bb8)
allocated by thread T0 here:
    #0 0x4c0117 in calloc
/llvm/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
    #1 0x4fa91c in nasm_calloc /nasm/nasm-master/nasmlib/alloc.c:72:9
    #2 0x557e54 in expand_mmacro /nasm/nasm-master/asm/preproc.c:6582:5
    #3 0x537192 in pp_tokline /nasm/nasm-master/asm/preproc.c:7310:18
    #4 0x534ad9 in pp_getline /nasm/nasm-master/asm/preproc.c:7322:17
    #5 0x4f0937 in assemble_file /nasm/nasm-master/asm/nasm.c:1722:24
    #6 0x4eed0d in main /nasm/nasm-master/asm/nasm.c:717:9
    #7 0x7fd07cbaf0b2 in __libc_start_main
/build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow
/nasm/nasm-master/asm/preproc.c:6627:25 in expand_mmacro
Shadow bytes around the buggy address:
  0x0c047fff8720: fa fa 02 fa fa fa fd fa fa fa fd fd fa fa fd fa
  0x0c047fff8730: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 02 fa
  0x0c047fff8740: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fa
  0x0c047fff8750: fa fa fd fa fa fa fd fa fa fa 02 fa fa fa fd fa
  0x0c047fff8760: fa fa fd fd fa fa 00 07 fa fa 05 fa fa fa 05 fa
=>0x0c047fff8770: fa fa fd fa fa fa 00[fa]fa fa fa fa fa fa fa fa
  0x0c047fff8780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff87a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff87b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff87c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.