[Nasm-bugs] [Bug 3392820] New: SEGV on obj_directive output/outobj.c:1614

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Thu Oct 20 04:18:38 PDT 2022


https://bugzilla.nasm.us/show_bug.cgi?id=3392820

            Bug ID: 3392820
           Summary: SEGV on obj_directive output/outobj.c:1614
           Product: NASM
           Version: 2.16 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: 13579and24680 at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411859
  --> https://bugzilla.nasm.us/attachment.cgi?id=411859&action=edit
poc from fuzzer and afl-tmin

Hello, I found a segfault when fuzz nasm ELF.

------------------------------------------------------------------
normal execute


$ ./nasm -f obj poc
poc:1: error: label `m0group' inconsistently redefined
poc:1: info: label `m0group' originally defined here
fish: Job 1, './nasm -f obj poc' terminated by signal SIGSEGV (Address boundary
error)

-------------------------------------------------------------------
compile with asan (report)


$ ./nasm -f obj poc
poc:1: error: label `m0group' inconsistently redefined
poc:1: info: label `m0group' originally defined here
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2823032==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7f2a93d0189c bp 0x7ffcb9135bd0 sp 0x7ffcb9135330 T0)
==2823032==The signal is caused by a READ memory access.
==2823032==Hint: address points to the zero page.
    #0 0x7f2a93d0189b in __interceptor_strcmp
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:420
    #1 0x5614b2ef553d in obj_directive output/outobj.c:1614
    #2 0x5614b2e780a2 in process_directives asm/directiv.c:220
    #3 0x5614b2e6c301 in assemble_file asm/nasm.c:1731
    #4 0x5614b2e6786d in main asm/nasm.c:717
    #5 0x7f2a93a5d082 in __libc_start_main ../csu/libc-start.c:308
    #6 0x5614b2e64ccd in _start (/home/a13579/nasm.asan+0x111ccd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:420
in __interceptor_strcmp
==2823032==ABORTING

-------------------------------------------------------------------
git log


$ git log --oneline -1
a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37
from hjl-tools/hjl/dwarf32

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.


More information about the Nasm-bugs mailing list