[Nasm-bugs] [Bug 3392756] New: Infinite loop in function paste_tokens() in asm/preproc.c

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Tue May 11 21:24:57 PDT 2021


https://bugzilla.nasm.us/show_bug.cgi?id=3392756

            Bug ID: 3392756
           Summary: Infinite loop in function paste_tokens() in
                    asm/preproc.c
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: polaalemu at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411818
  --> https://bugzilla.nasm.us/attachment.cgi?id=411818&action=edit
infinite_loop_paste_tokens

In function paste_tokens() in asm/preproc.c.
The while loop at line 4977 will result in infinite loop in certain condition.  


**Version** 
NASM version 2.16rc0,commit 39bb9d7

**env**
ubuntu 20.04 x86_64 
gcc version 9.3.0

**reproduce**

./bin/nasm -felf64  [poc]



**detail info** 


         *head                                                                  
     +------------------+          +----------------+                           
     |   0x7ffff461f7c0 |--------->| 0x7ffff461f900 |                           
     +------------------+          +----------------+                           
       next = 0x7ffff461f900,      next = 0x7ffff461f940,                       
       type = TOKEN_ID,            type = TOKEN_PASTE,                          


     loop1                                                                      
             tok = *head       = 0x7ffff461f7c0                                 
             next = tok->next  = 0x7ffff461f900                                 

     loop2                                                                      
             tok  = 0x7ffff461f900                                              
             next = 0x7ffff461f940                                              

             tok->type = TOKEN_PASTE     
             prev_nonspace = 0    at line  4994                                 
             then:                                                              
                 prev_next = nextp = head; = 0x7fffffffdc40          
                 t = NULL                                                  

             next = *nextp; = 0x7ffff461f7c0   line 5010                        


             t = NULL    at line 5025
             then:                                                              
                 *prev_next = tok = next; = 0x7ffff461f7c0   

             tok = next; = 0x7ffff461f7c0      // loop happened                 



      repoeter: chiba of topsec alphalab

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.


More information about the Nasm-bugs mailing list