[Nasm-bugs] [Bug 3392907] New: SEGV /output/outobj.c in obj_write_fixup

noreply-nasm at dev.nasm.us noreply-nasm at dev.nasm.us
Fri Oct 27 02:03:05 PDT 2023

Previous message (by thread): [Nasm-bugs] [Bug 3392893] Empty %rep block in mmacro causes an assertion failure panic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://bugzilla.nasm.us/show_bug.cgi?id=3392907

            Bug ID: 3392907
           Summary: SEGV /output/outobj.c in obj_write_fixup
           Product: NASM
           Version: 2.17 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: eugene5241 at gmail.com
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure
      Generated by: Automatic tool (no human analysis)
      Bug category: Crash on invalid input
    Breaks existing No
              code:

Created attachment 411926
  --> https://bugzilla.nasm.us/attachment.cgi?id=411926&action=edit
POC from fuzzer and afl-tmin

Hello, I found a segfault when fuzz nasm ELF.

-------------------------------------------------------------------
normal execute

$ ./nasm -f obj ./poc

./poc:3: error: label `__NASMDEFSEG' defined during code generation
[-w+error=label-redef-late]
[1]    2812969 segmentation fault  ./nasm -f obj ./poc

-------------------------------------------------------------------
compile with asan (report)

$ ./nasm -f obj ./poc

./poc:3: error: label `__NASMDEFSEG' defined during code generation
[-w+error=label-redef-late]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2898704==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc
0x000000572827 bp 0x7ffeec6a1790 sp 0x7ffeec6a1680 T0)
==2898704==The signal is caused by a READ memory access.
==2898704==Hint: address points to the zero page.
    #0 0x572827 in obj_write_fixup
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c
    #1 0x572827 in obj_out
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c:1157:13
    #2 0x4ea57d in out /home/cl3nn0/Downloads/nasm_asan/asm/assemble.c:457:9
    #3 0x4e68b1 in gencode /home/cl3nn0/Downloads/nasm_asan/asm/assemble.c
    #4 0x4da78e in assemble
/home/cl3nn0/Downloads/nasm_asan/asm/assemble.c:907:13
    #5 0x4c469a in process_insn
/home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:1610:13
    #6 0x4c469a in assemble_file
/home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:1734:13
    #7 0x4c469a in main /home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:716:9
    #8 0x7f53ec8cb082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #9 0x41dc3d in _start (/home/cl3nn0/Downloads/nasm_asan/nasm+0x41dc3d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c in obj_write_fixup
==2898704==ABORTING

-------------------------------------------------------------------
git log

$ git log --oneline -1

a916e412 (HEAD -> master, origin/master, origin/HEAD) Merge remote-tracking
branch 'github/nasm-2.16.xx'

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

Previous message (by thread): [Nasm-bugs] [Bug 3392893] Empty %rep block in mmacro causes an assertion failure panic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Nasm-bugs mailing list