[Nasm-bugs] [Bug 3392750] Heap Buffer Overflow in expand_mmacro

[noreply-nasm at dev.nasm.us]

https://bugzilla.nasm.us/show_bug.cgi?id=3392750

--- Comment #2 from Marco <mvanotti at protonmail.com> ---
After reading the code, to me it looks like the bug lies on the logic to
process empty macro arguments, in is_mmacro (preproc.c)

```
  free_tlist(*comma);
  *comma = NULL;
  if (raw_nparam > found->nparam_min &&
      raw_nparam <= found->nparam_min + found->ndefs) {
      /* Replace empty argument with default parameter */
      params[raw_nparam] =
        found->defaults[raw_nparam - found->nparam_min];
```

This is assigning the last param as the default, but that is inconsistent with
what the documentation says the default params are for.

This is assigning params[raw_nparam] which is different than *nparamp (the
value returned to the caller).

If the behavior that we want is that the macro takes a, k as parameters, then
we should do something like:

```
  *nparamp = nparam = raw_nparam;
```

Right after setting params[raw_nparam].

However, further down the code it seems like a warning is triggered:


```
            } else if (comma) {
                nasm_warn(WARN_MACRO_PARAMS_LEGACY,
                          "dropping trailing empty parameter in call to
multi-line macro `%s'", found->name);
            }
```

Which would imply that the expected behavior would be to NOT add the default
value as the last parameter.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.