[Nasm-bugs] [Bug 3392844] New: Null pointer dereference in nasm (function obj_segment)
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Thu Mar 16 01:14:22 PDT 2023
https://bugzilla.nasm.us/show_bug.cgi?id=3392844
Bug ID: 3392844
Summary: Null pointer dereference in nasm (function
obj_segment)
Product: NASM
Version: 2.17 (development)
Hardware: All
OS: Linux
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: youngseok.main at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Created attachment 411870
--> https://bugzilla.nasm.us/attachment.cgi?id=411870&action=edit
poc_file
Hello,
Our fuzzer found a null pointer dereference bug in nasm. It tries to read 0x0
according to the sanitizer.
Command Input:
nasm poc_file -fobj
poc_file is attached.
Output:
poc_file:1: error: parser: instruction expected
poc_file:2: warning: unterminated string (missing `"') [-w+pp-open-string]
poc_file:2: error: `%88': not in a macro call
poc_file:2: error: parser: instruction expected
poc_file:3: error: label or instruction expected at start of line
poc_file:4: error: `1 -fet_arra8f obj' is not a valid segment size; must be 16,
32 or 64
poc_file:6: error: label or instruction expected at start of line
poc_file:8: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:9: error: label or instruction expected at start of line
poc_file:17: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:32: error: parser: instruction expected
poc_file:33: error: parser: instruction expected
poc_file:35: warning: unterminated string (missing ``') [-w+pp-open-string]
poc_file:35: error: parser: instruction expected
poc_file:40: error: label or instruction expected at start of line
poc_file:43: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:49: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:50: error: label or instruction expected at start of line
poc_file:51: error: `1 -f a}86' is not a valid segment size; must be 16, 32 or
64
poc_file:52: error: label or instruction expected at start of line
poc_file:54: warning: unterminated string (missing `'') [-w+pp-open-string]
poc_file:54: error: parser: instruction expected
poc_file:55: error: parser: instruction expected
poc_file:56: error: label or instruction expected at start of line
poc_file:58: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:59: error: label or instruction expected at start of line
poc_file:60: error: label or instruction expected at start of line
poc_file:61: error: parser: instruction expected
poc_file:64: error: parser: instruction expected
poc_file:65: warning: unterminated string (missing `"') [-w+pp-open-string]
poc_file:65: error: `%88': not in a macro call
poc_file:65: error: parser: instruction expected
poc_file:66: error: label or instruction expected at start of line
poc_file:67: error: `1 -fet_arra88$ align=8888$$$$$' is not a valid segment
size; must be 16, 32 or 64
poc_file:69: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:72: error: parser: instruction expected
poc_file:73: error: label or instruction expected at start of line
poc_file:74: error: `1 -fet_arra88$ align=8888$$$$$' is not a valid segment
size; must be 16, 32 or 64
poc_file:76: error: parser: instruction expected
poc_file:77: error: parser: instruction expected
poc_file:78: error: parser: instruction expected
poc_file:82: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:84: error: parser: instruction expected
poc_file:89: error: label or instruction expected at start of line
poc_file:92: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:99: error: label or instruction expected at start of line
poc_file:100: error: parser: instruction expected
poc_file:101: error: parser: instruction expected
poc_file:102: error: parser: instruction expected
poc_file:106: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:107: error: parser: instruction expected
poc_file:109: error: parser: instruction expected
poc_file:110: error: parser: instruction expected
poc_file:111: error: label or instruction expected at start of line
poc_file:114: error: parser: instruction expected
poc_file:116: error: parser: instruction expected
poc_file:119: error: parser: instruction expected
poc_file:121: error: `1 -fet_arra88$ align=8888$$$$$' is not a valid segment
size; must be 16, 32 or 64
poc_file:123: warning: label alone on a line without a colon might be in error
[-w+label-orphan]
poc_file:125: error: `%88': not in a macro call
poc_file:125: error: label `FLAT' inconsistently redefined
poc_file:49: info: label `FLAT' originally defined here
Sanitizer Dump:
==13072==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7ffff6e71e1a bp 0x7fffffffda70 sp 0x7fffffffd1d0 T0)
==13072==The signal is caused by a READ memory access.
==13072==Hint: address points to the zero page.
#0 0x7ffff6e71e19 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19)
#1 0x55555570f4ac in obj_segment output/outobj.c:1463
#2 0x55555569208a in process_directives asm/directiv.c:306
#3 0x55555568690f in assemble_file asm/nasm.c:1728
#4 0x555555681f50 in main asm/nasm.c:716
#5 0x7ffff6a48c86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#6 0x55555567f699 in _start
(/home/youngseok/latest-subjects/nasm/nasm+0x12b699)
Environment:
OS: Ubuntu 18.04
gcc: 7.5.0
nasm: 2.17rc0 (Git master branch, a916e4127b2eaa3bf40bddf3de9b0ceefc0d98a)
Note that we built nasm with sanitizers.
Any comments related to the crash are welcome. Since we are developing a new
fuzzing technique, it would be very helpful for our work.
Thank you.
--
You are receiving this mail because:
You are watching all bug changes.
You are on the CC list for the bug.
More information about the Nasm-bugs
mailing list