[Nasm-bugs] [Bug 3392817] New: Detected memory leaks in NASM

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Wed Oct 12 09:22:27 PDT 2022
Previous message (by thread): [Nasm-bugs] [Bug 3392816] New: Stack-buffer-overflow in NASM on address 0x7ffea836fb08
Next message (by thread): [Nasm-bugs] [Bug 3392817] Detected memory leaks in NASM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
https://bugzilla.nasm.us/show_bug.cgi?id=3392817

            Bug ID: 3392817
           Summary: Detected memory leaks in NASM
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: critical
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: xudong.c at foxmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Binary from nasm.us

Created attachment 411856
  --> https://bugzilla.nasm.us/attachment.cgi?id=411856&action=edit
poc_nasm_1~poc_nasm_5

Hi, developers of NASM:
I tested the binary nasm and five different memory-leak crashes incurred. The
version of NASM is the latest (the newest master branch in github
(https://github.com/netwide-assembler/nasm.git), version: NASM version 2.16rc0
compiled on Sep 20 2022) and the operation system is Ubuntu 18.04.6 LTS
(docker). The following is the details.


Bug1
root at 81be2c9c39ff:/# ./../nasm/nasm -@ poc_nasm_1
E~: warning: default output file same as input, using `nasm.out' for output
 [-w+other]
nasm: fatal: unable to open input file `E~' No such file or directory

=================================================================
==1488868==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4eff81 in filename_set_extension (/nasm/nasm+0x4eff81)
    #3 0x4e5c18 in main (/nasm/nasm+0x4e5c18)
    #4 0x7f5b88378c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s).



Bug2
root at 81be2c9c39ff:/# ./../nasm/nasm -f elf poc_nasm_2

=================================================================
==1716826==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f688756d8d5 in realpath (/lib/x86_64-linux-gnu/libc.so.6+0x4f8d5)
    #2 0x43cee1 in __interceptor_canonicalize_file_name.part.113
/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3675
    #3 0x580e64 in nasm_realpath (/nasm/nasm+0x580e64)
    #4 0x558c3d in elf_init (/nasm/nasm+0x558c3d)
    #5 0x55a7ba in elf32_init (/nasm/nasm+0x55a7ba)
    #6 0x4e6235 in main (/nasm/nasm+0x4e6235)
    #7 0x7f688753fc86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x4ad298 in calloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154
    #1 0x4ed7cc in nasm_calloc (/nasm/nasm+0x4ed7cc)
    #2 0x4ed839 in nasm_zalloc (/nasm/nasm+0x4ed839)
    #3 0x5582af in elf_make_section (/nasm/nasm+0x5582af)
    #4 0x54eeeb in elf_section_names (/nasm/nasm+0x54eeeb)
    #5 0x55a8e4 in elf32_out (/nasm/nasm+0x55a8e4)
    #6 0x587797 in nasm_do_legacy_output (/nasm/nasm+0x587797)
    #7 0x5038a7 in out (/nasm/nasm+0x5038a7)
    #8 0x4fa147 in out_rawdata (/nasm/nasm+0x4fa147)
    #9 0x4fd9c0 in gencode (/nasm/nasm+0x4fd9c0)
    #10 0x4f95be in assemble (/nasm/nasm+0x4f95be)
    #11 0x4e89cd in process_insn (/nasm/nasm+0x4e89cd)
    #12 0x4e7689 in assemble_file (/nasm/nasm+0x4e7689)
    #13 0x4e626d in main (/nasm/nasm+0x4e626d)
    #14 0x7f688753fc86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 15 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4ed9be in nasm_strndup (/nasm/nasm+0x4ed9be)
    #3 0x581106 in nasm_dirname (/nasm/nasm+0x581106)
    #4 0x558c8c in elf_init (/nasm/nasm+0x558c8c)
    #5 0x55a7ba in elf32_init (/nasm/nasm+0x55a7ba)
    #6 0x4e6235 in main (/nasm/nasm+0x4e6235)
    #7 0x7f688753fc86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 4231 byte(s) leaked in 3 allocation(s).

Bug3
root at 81be2c9c39ff:/# ./../nasm/nasm -f obj poc_nasm_3
poc_nasm_3:1: warning: label alone on a line without a colon might be in error
[-w+label-orphan]

=================================================================
==2053221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4ed952 in nasm_strdup (/nasm/nasm+0x4ed952)
    #3 0x55d202 in obj_segment (/nasm/nasm+0x55d202)
    #4 0x55be29 in obj_deflabel (/nasm/nasm+0x55be29)
    #5 0x50924c in out_symdef (/nasm/nasm+0x50924c)
    #6 0x508317 in define_label (/nasm/nasm+0x508317)
    #7 0x509bb3 in parse_line (/nasm/nasm+0x509bb3)
    #8 0x4e7679 in assemble_file (/nasm/nasm+0x4e7679)
    #9 0x4e626d in main (/nasm/nasm+0x4e626d)
    #10 0x7f560a5ffc86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 13 byte(s) leaked in 1 allocation(s).



Bug4
root at 81be2c9c39ff:/# ./../nasm/nasm -f dbg poc_nasm_4
=================================================================
==775458==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 18 byte(s) in 3 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4ed9be in nasm_strndup (/nasm/nasm+0x4ed9be)
    #3 0x56a841 in dbg_add_section (/nasm/nasm+0x56a841)
    #4 0x56a386 in dbg_section_names (/nasm/nasm+0x56a386)
    #5 0x4f5f29 in process_directives (/nasm/nasm+0x4f5f29)
    #6 0x4e7665 in assemble_file (/nasm/nasm+0x4e7665)
    #7 0x4e626d in main (/nasm/nasm+0x4e626d)
    #8 0x7f7a3b3e1c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 6 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4eda5a in nasm_strcat (/nasm/nasm+0x4eda5a)
    #3 0x506d32 in find_label (/nasm/nasm+0x506d32)
    #4 0x507b6d in define_label (/nasm/nasm+0x507b6d)
    #5 0x50948e in backend_label (/nasm/nasm+0x50948e)
    #6 0x56aa7e in dbg_add_section (/nasm/nasm+0x56aa7e)
    #7 0x56a386 in dbg_section_names (/nasm/nasm+0x56a386)
    #8 0x4f5f29 in process_directives (/nasm/nasm+0x4f5f29)
    #9 0x4e7665 in assemble_file (/nasm/nasm+0x4e7665)
    #10 0x4e626d in main (/nasm/nasm+0x4e626d)
    #11 0x7f7a3b3e1c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 4 allocation(s).




Bug5
root at 81be2c9c39ff:/# ./../nasm/nasm -E poc_nasm_5
%line 1+1 poc_nasm_5
[bits 16]
[ bits 16 ]
[bits
[bits 16
 [eax]
 [bits 16]
 [bits 32]
[bits 64]
a equ 5
[bits a]
b equ 16
[bits b]
[bits 30+2]
[section .text]

=================================================================
==1034264==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 139 byte(s) in 14 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x51ba89 in detoken (/nasm/nasm+0x51ba89)
    #3 0x51c2e7 in pp_getline (/nasm/nasm+0x51c2e7)
    #4 0x4e5e2f in main (/nasm/nasm+0x4e5e2f)
    #5 0x7f97b7b68c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 5 byte(s) in 1 object(s) allocated from:
    #0 0x4ad0d0 in malloc
/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x4ed764 in nasm_malloc (/nasm/nasm+0x4ed764)
    #2 0x4ed952 in nasm_strdup (/nasm/nasm+0x4ed952)
    #3 0x525c8f in expand_mmacro (/nasm/nasm+0x525c8f)
    #4 0x51d9a8 in pp_tokline (/nasm/nasm+0x51d9a8)
    #5 0x51c2b6 in pp_getline (/nasm/nasm+0x51c2b6)
    #6 0x4e5e2f in main (/nasm/nasm+0x4e5e2f)
    #7 0x7f97b7b68c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 144 byte(s) leaked in 15 allocation(s).



I uploaded the POC in the attachment. Thank you for your time!




Credit
Xudong Cao (NCNIPC of China)
Han Zheng (NCNIPC of China, Hexhive)

-- 
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
Previous message (by thread): [Nasm-bugs] [Bug 3392816] New: Stack-buffer-overflow in NASM on address 0x7ffea836fb08
Next message (by thread): [Nasm-bugs] [Bug 3392817] Detected memory leaks in NASM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Nasm-bugs mailing list