[Nasm-bugs] [Bug 3392840] New: heap overflow in nasm (nasm_vaxprintf)
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Thu Mar 16 00:29:04 PDT 2023
https://bugzilla.nasm.us/show_bug.cgi?id=3392840
Bug ID: 3392840
Summary: heap overflow in nasm (nasm_vaxprintf)
Product: NASM
Version: 2.17 (development)
Hardware: All
OS: Linux
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: youngseok.main at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Created attachment 411867
--> https://bugzilla.nasm.us/attachment.cgi?id=411867&action=edit
poc_file
Hello,
Our fuzzer found a heap overflow bug in nasm.
Command Input:
nasm -@ poc_file
poc_file is attached.
Stack Trace:
==25798==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000000500 at pc 0x7ffff6e8c075 bp 0x7fffffffd2b0 sp 0x7fffffffca28
READ of size 257 at 0x611000000500 thread T0
#0 0x7ffff6e8c074 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x74074)
#1 0x7ffff6f0154f (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe954f)
#2 0x7ffff6e8c1ed (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x741ed)
#3 0x7ffff6eb8f4d in __interceptor_vsnprintf
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xa0f4d)
#4 0x555555689023 in nasm_vaxprintf nasmlib/asprintf.c:57
#5 0x555555689145 in nasm_vasprintf nasmlib/asprintf.c:69
#6 0x5555556878b1 in nasm_verror asm/nasm.c:2089
#7 0x555555690142 in nasm_fatal asm/error.c:76
#8 0x5555556822e9 in copy_filename asm/nasm.c:775
#9 0x555555684905 in process_arg asm/nasm.c:1357
#10 0x555555684cb6 in process_respfile asm/nasm.c:1412
#11 0x5555556855ad in parse_cmdline asm/nasm.c:1509
#12 0x5555556818ed in main asm/nasm.c:583
#13 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#14 0x55555567f699 in _start
(/home/youngseok/latest-subjects/nasm/nasm+0x12b699)
0x611000000500 is located 0 bytes to the right of 256-byte region
[0x611000000400,0x611000000500)
allocated by thread T0 here:
#0 0x7ffff6ef6f30 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef30)
#1 0x555555688d3c in nasm_realloc nasmlib/alloc.c:101
#2 0x555555684d26 in process_respfile asm/nasm.c:1417
#3 0x5555556855ad in parse_cmdline asm/nasm.c:1509
#4 0x5555556818ed in main asm/nasm.c:583
#5 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Environment:
OS: Ubuntu 18.04
gcc: 7.5.0
nasm: 2.17rc0 (Git master branch, a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a)
Any comments related to the crash are welcome. Since we are developing a new
fuzzing technique, it would be very helpful for our work.
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list