[Nasm-bugs] [Bug 3392792] New: NULL pointer dereference in paste_tokens (asm/preproc.c)
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Fri Feb 11 21:16:31 PST 2022
https://bugzilla.nasm.us/show_bug.cgi?id=3392792
Bug ID: 3392792
Summary: NULL pointer dereference in paste_tokens
(asm/preproc.c)
Product: NASM
Version: 2.16 (development)
Hardware: PC
OS: Linux
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: mvanotti at protonmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Created attachment 411842
--> https://bugzilla.nasm.us/attachment.cgi?id=411842&action=edit
Reproducer File (same as in bug comment)
There is a NULL pointer dereference in asm/preproc.c in the paste_tokens
function.
This can be detected by AddressSanitizer, by building with the following flags:
```
./configure --enable-sanitizer
```
Reproducer:
```
%macro f 1
%m%-1:
%endmacro
f cxz
```
output:
```
$ ASAN_OPTIONS="detect_leaks=0:detect_stack_use_after_return=1" ./nasm -felf64
-o /tmp/aaaa test.asm
test.asm:4: error: condition code `cxz' is not invertible
test.asm:2: ... from macro `f' defined here
asm/preproc.c:5092:30: runtime error: member access within null pointer of type
'Token' (aka 'struct Token')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30
in
asm/preproc.c:5092:30: runtime error: load of null pointer of type 'Token *'
(aka 'struct Token *')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30
in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==44470==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x55dbd3bbe15f bp 0x7ffc55486cb0 sp 0x7ffc55486910 T0)
==44470==The signal is caused by a READ memory access.
==44470==Hint: address points to the zero page.
#0 0x55dbd3bbe15f in paste_tokens /home/user/nasm/asm/preproc.c:5092:30
#1 0x55dbd3bc6d3e in expand_mmac_params
/home/user/nasm/asm/preproc.c:5386:9
#2 0x55dbd3ba0e74 in pp_tokline /home/user/nasm/asm/preproc.c:7258:21
#3 0x55dbd3b9d089 in pp_getline /home/user/nasm/asm/preproc.c:7328:17
#4 0x55dbd3b241cd in assemble_file /home/user/nasm/asm/nasm.c:1722:24
#5 0x55dbd3b21a21 in main /home/user/nasm/asm/nasm.c:717:9
#6 0x7fc879c710b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x55dbd3a6e46d in _start (/home/user/nasm/nasm+0x24146d) (BuildId:
3fc13de32457a8981b73bda01728cd257f86782c)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/nasm/asm/preproc.c:5092:30 in
paste_tokens
==44470==ABORTING
```
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list