[Nasm-bugs] [Bug 3392819] New: SEGV output/outaout.c:566 in aout_add_gotoff_reloc

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Thu Oct 20 01:33:37 PDT 2022

Previous message (by thread): [Nasm-bugs] [Bug 3392818] SEGV on unknown address in NASM
Next message (by thread): [Nasm-bugs] [Bug 3392820] New: SEGV on obj_directive output/outobj.c:1614
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392819

            Bug ID: 3392819
           Summary: SEGV output/outaout.c:566 in aout_add_gotoff_reloc
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: 13579and24680 at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411858
  --> https://bugzilla.nasm.us/attachment.cgi?id=411858&action=edit
poc from fuzzer and afl-tmin

Hello, I found a segfault when fuzz nasm ELF.

------------------------------------------------------------------
normal execute

$ ./nasm -f aoutb poc
poc:3: error: invalid combination of opcode and operands
poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits
[-w+zext-reloc]
poc:6: error: `..gotoff' relocations require a non-global symbol in the section
Segmentation fault

-------------------------------------------------------------------
compile with asan (report)

$ ./nasm -f aoutb poc
poc:3: error: invalid combination of opcode and operands
poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits
[-w+zext-reloc]
poc:6: error: `..gotoff' relocations require a non-global symbol in the section
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3053570==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc
0x55a10486efa4 bp 0x7fff95281d40 sp 0x7fff95281d00 T0)
==3053570==The signal is caused by a READ memory access.
==3053570==Hint: address points to the zero page.
    #0 0x55a10486efa3 in aout_add_gotoff_reloc output/outaout.c:566
    #1 0x55a10486f4b0 in aout_out output/outaout.c:633
    #2 0x55a1048bfbaf in nasm_do_legacy_output output/legacy.c:123
    #3 0x55a10481a16c in out asm/assemble.c:459
    #4 0x55a10481ae43 in out_imm asm/assemble.c:548
    #5 0x55a104821fc9 in gencode asm/assemble.c:1955
    #6 0x55a10481d147 in assemble asm/assemble.c:908
    #7 0x55a104809ae5 in process_insn asm/nasm.c:1613
    #8 0x55a10480a33c in assemble_file asm/nasm.c:1737
    #9 0x55a10480586d in main asm/nasm.c:717
    #10 0x7eff23a1a082 in __libc_start_main ../csu/libc-start.c:308
    #11 0x55a104802ccd in _start (/home/a13579/nasm.asan+0x111ccd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV output/outaout.c:566 in aout_add_gotoff_reloc
==3053570==ABORTING

-------------------------------------------------------------------
git log

$ git log --oneline -1
a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37
from hjl-tools/hjl/dwarf32

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392818] SEGV on unknown address in NASM
Next message (by thread): [Nasm-bugs] [Bug 3392820] New: SEGV on obj_directive output/outobj.c:1614
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list