[Nasm-bugs] [Bug 3392750] Heap Buffer Overflow in expand_mmacro
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Sun May 2 16:44:13 PDT 2021
https://bugzilla.nasm.us/show_bug.cgi?id=3392750
--- Comment #2 from Marco <mvanotti at protonmail.com> ---
After reading the code, to me it looks like the bug lies on the logic to
process empty macro arguments, in is_mmacro (preproc.c)
```
free_tlist(*comma);
*comma = NULL;
if (raw_nparam > found->nparam_min &&
raw_nparam <= found->nparam_min + found->ndefs) {
/* Replace empty argument with default parameter */
params[raw_nparam] =
found->defaults[raw_nparam - found->nparam_min];
```
This is assigning the last param as the default, but that is inconsistent with
what the documentation says the default params are for.
This is assigning params[raw_nparam] which is different than *nparamp (the
value returned to the caller).
If the behavior that we want is that the macro takes a, k as parameters, then
we should do something like:
```
*nparamp = nparam = raw_nparam;
```
Right after setting params[raw_nparam].
However, further down the code it seems like a warning is triggered:
```
} else if (comma) {
nasm_warn(WARN_MACRO_PARAMS_LEGACY,
"dropping trailing empty parameter in call to
multi-line macro `%s'", found->name);
}
```
Which would imply that the expected behavior would be to NOT add the default
value as the last parameter.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list