[Nasm-bugs] [Bug 3392792] New: NULL pointer dereference in paste_tokens (asm/preproc.c)

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Fri Feb 11 21:16:31 PST 2022

Next message (by thread): [Nasm-bugs] [Bug 3392793] New: Stack use-after-scope in expand_mmac_params.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392792

            Bug ID: 3392792
           Summary: NULL pointer dereference in paste_tokens
                    (asm/preproc.c)
           Product: NASM
           Version: 2.16 (development)
          Hardware: PC
                OS: Linux
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: mvanotti at protonmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411842
  --> https://bugzilla.nasm.us/attachment.cgi?id=411842&action=edit
Reproducer File (same as in bug comment)

There is a NULL pointer dereference in asm/preproc.c in the paste_tokens
function.

This can be detected by AddressSanitizer, by building with the following flags:

```
./configure --enable-sanitizer
```

Reproducer:

```
%macro f 1
%m%-1:
%endmacro
f cxz
```

output:

```
$ ASAN_OPTIONS="detect_leaks=0:detect_stack_use_after_return=1" ./nasm -felf64
-o /tmp/aaaa test.asm
test.asm:4: error: condition code `cxz' is not invertible
test.asm:2: ... from macro `f' defined here
asm/preproc.c:5092:30: runtime error: member access within null pointer of type
'Token' (aka 'struct Token')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30
in 
asm/preproc.c:5092:30: runtime error: load of null pointer of type 'Token *'
(aka 'struct Token *')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30
in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==44470==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x55dbd3bbe15f bp 0x7ffc55486cb0 sp 0x7ffc55486910 T0)
==44470==The signal is caused by a READ memory access.
==44470==Hint: address points to the zero page.
    #0 0x55dbd3bbe15f in paste_tokens /home/user/nasm/asm/preproc.c:5092:30
    #1 0x55dbd3bc6d3e in expand_mmac_params
/home/user/nasm/asm/preproc.c:5386:9
    #2 0x55dbd3ba0e74 in pp_tokline /home/user/nasm/asm/preproc.c:7258:21
    #3 0x55dbd3b9d089 in pp_getline /home/user/nasm/asm/preproc.c:7328:17
    #4 0x55dbd3b241cd in assemble_file /home/user/nasm/asm/nasm.c:1722:24
    #5 0x55dbd3b21a21 in main /home/user/nasm/asm/nasm.c:717:9
    #6 0x7fc879c710b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x55dbd3a6e46d in _start (/home/user/nasm/nasm+0x24146d) (BuildId:
3fc13de32457a8981b73bda01728cd257f86782c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/nasm/asm/preproc.c:5092:30 in
paste_tokens
==44470==ABORTING
```

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.

Next message (by thread): [Nasm-bugs] [Bug 3392793] New: Stack use-after-scope in expand_mmac_params.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list