[Nasm-bugs] [Bug 3392841] New: heap overflow in nasm (nasm_strdup)

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Thu Mar 16 00:32:30 PDT 2023

Previous message (by thread): [Nasm-bugs] [Bug 3392840] New: heap overflow in nasm (nasm_vaxprintf)
Next message (by thread): [Nasm-bugs] [Bug 3392842] New: heap overflow in nasm (macho_no_dead_strip)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392841

            Bug ID: 3392841
           Summary: heap overflow in nasm (nasm_strdup)
           Product: NASM
           Version: 2.17 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: youngseok.main at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411868
  --> https://bugzilla.nasm.us/attachment.cgi?id=411868&action=edit
poc_file

Hello,

Our fuzzer found a heap overflow bug in nasm.

Command Input:
nasm -@ poc_file

poc_file is attached.

Sanitizer Dump:
==28368==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x611000000500 at pc 0x7ffff6e6966e bp 0x7fffffffdda0 sp 0x7fffffffd548
READ of size 257 at 0x611000000500 thread T0
    #0 0x7ffff6e6966d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
    #1 0x555555688d96 in nasm_strdup nasmlib/alloc.c:114
    #2 0x5555556822f5 in copy_filename asm/nasm.c:777
    #3 0x555555684905 in process_arg asm/nasm.c:1357
    #4 0x555555684b7a in process_respfile asm/nasm.c:1395
    #5 0x5555556855ad in parse_cmdline asm/nasm.c:1509
    #6 0x5555556818ed in main asm/nasm.c:583
    #7 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #8 0x55555567f699 in _start
(/home/youngseok/latest-subjects/nasm/nasm+0x12b699)

0x611000000500 is located 0 bytes to the right of 256-byte region
[0x611000000400,0x611000000500)
allocated by thread T0 here:
    #0 0x7ffff6ef6f30 in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef30)
    #1 0x555555688d3c in nasm_realloc nasmlib/alloc.c:101
    #2 0x555555684d26 in process_respfile asm/nasm.c:1417
    #3 0x5555556855ad in parse_cmdline asm/nasm.c:1509
    #4 0x5555556818ed in main asm/nasm.c:583
    #5 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Environment:
OS: Ubuntu 18.04
gcc: 7.5.0
nasm: 2.17rc0 (Git master branch, a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a)

Any comments related to the crash are welcome. Since we are developing a new
fuzzing technique, it would be very helpful for our work.

Thank you.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392840] New: heap overflow in nasm (nasm_vaxprintf)
Next message (by thread): [Nasm-bugs] [Bug 3392842] New: heap overflow in nasm (macho_no_dead_strip)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list