[Nasm-bugs] [Bug 3392750] Heap Buffer Overflow in expand_mmacro

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Sun May 2 16:44:13 PDT 2021


--- Comment #2 from Marco <mvanotti at protonmail.com> ---
After reading the code, to me it looks like the bug lies on the logic to
process empty macro arguments, in is_mmacro (preproc.c)

  *comma = NULL;
  if (raw_nparam > found->nparam_min &&
      raw_nparam <= found->nparam_min + found->ndefs) {
      /* Replace empty argument with default parameter */
      params[raw_nparam] =
        found->defaults[raw_nparam - found->nparam_min];

This is assigning the last param as the default, but that is inconsistent with
what the documentation says the default params are for.

This is assigning params[raw_nparam] which is different than *nparamp (the
value returned to the caller).

If the behavior that we want is that the macro takes a, k as parameters, then
we should do something like:

  *nparamp = nparam = raw_nparam;

Right after setting params[raw_nparam].

However, further down the code it seems like a warning is triggered:

            } else if (comma) {
                          "dropping trailing empty parameter in call to
multi-line macro `%s'", found->name);

Which would imply that the expected behavior would be to NOT add the default
value as the last parameter.

You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list