[Nasm-bugs] [Bug 3392796] New: NULL pointer dereference in do_directive caused by %exitmacro

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Sun Mar 27 16:43:52 PDT 2022

Previous message (by thread): [Nasm-bugs] [Bug 3392795] Heap use-after-free on set_text
Next message (by thread): [Nasm-bugs] [Bug 3392796] NULL pointer dereference in do_directive caused by %exitmacro
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392796

            Bug ID: 3392796
           Summary: NULL pointer dereference in do_directive caused by
                    %exitmacro
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: Linux
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: mvanotti at protonmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411845
  --> https://bugzilla.nasm.us/attachment.cgi?id=411845&action=edit
reproducer

The following sample input causes a NULL pointer dereference in the
`do_directive` function:

```
%ifnctx
%macro mc
%endif
%exitmacro
%endmacro
mc
```

Error (Address Sanitizer enabled):

```
$ ./nasm -f elf64 -g -FDWARF -o /tmp/t.o manual
manual:2: error: `%macro' expects a parameter count
asm/preproc.c:4311:37: runtime error: member access within null pointer of type
'Cond' (aka 'struct Cond')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:4311:37
in 
asm/preproc.c:4311:37: runtime error: load of null pointer of type 'Cond *'
(aka 'struct Cond *')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:4311:37
in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8555==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x5608adf5d816 bp 0x7fff37cb06b0 sp 0x7fff37cae9c0 T0)
==8555==The signal is caused by a READ memory access.
==8555==Hint: address points to the zero page.
    #0 0x5608adf5d816 in do_directive /home/mvanotti/nasm/asm/preproc.c:4311:37
    #1 0x5608adf2ce8e in pp_tokline /home/mvanotti/nasm/asm/preproc.c:7273:13
    #2 0x5608adf29089 in pp_getline /home/mvanotti/nasm/asm/preproc.c:7337:17
    #3 0x5608adeb01cd in assemble_file /home/mvanotti/nasm/asm/nasm.c:1722:24
    #4 0x5608adeada21 in main /home/mvanotti/nasm/asm/nasm.c:717:9
    #5 0x7fd29325b0b2 in __libc_start_main
/build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x5608addfa46d in _start (/home/mvanotti/nasm/nasm+0x24146d) (BuildId:
468074ad69557daa810b25683f741e5ebd6f1997)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/mvanotti/nasm/asm/preproc.c:4311:37 in
do_directive
==8555==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392795] Heap use-after-free on set_text
Next message (by thread): [Nasm-bugs] [Bug 3392796] NULL pointer dereference in do_directive caused by %exitmacro
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list