[Nasm-bugs] [Bug 3392907] New: SEGV /output/outobj.c in obj_write_fixup
noreply-nasm at dev.nasm.us
noreply-nasm at dev.nasm.us
Fri Oct 27 02:03:05 PDT 2023
https://bugzilla.nasm.us/show_bug.cgi?id=3392907
Bug ID: 3392907
Summary: SEGV /output/outobj.c in obj_write_fixup
Product: NASM
Version: 2.17 (development)
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: eugene5241 at gmail.com
CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
hpa at zytor.com, nasm-bugs at nasm.us
Obtained from: Built from git using configure
Generated by: Automatic tool (no human analysis)
Bug category: Crash on invalid input
Breaks existing No
code:
Created attachment 411926
--> https://bugzilla.nasm.us/attachment.cgi?id=411926&action=edit
POC from fuzzer and afl-tmin
Hello, I found a segfault when fuzz nasm ELF.
-------------------------------------------------------------------
normal execute
$ ./nasm -f obj ./poc
./poc:3: error: label `__NASMDEFSEG' defined during code generation
[-w+error=label-redef-late]
[1] 2812969 segmentation fault ./nasm -f obj ./poc
-------------------------------------------------------------------
compile with asan (report)
$ ./nasm -f obj ./poc
./poc:3: error: label `__NASMDEFSEG' defined during code generation
[-w+error=label-redef-late]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2898704==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc
0x000000572827 bp 0x7ffeec6a1790 sp 0x7ffeec6a1680 T0)
==2898704==The signal is caused by a READ memory access.
==2898704==Hint: address points to the zero page.
#0 0x572827 in obj_write_fixup
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c
#1 0x572827 in obj_out
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c:1157:13
#2 0x4ea57d in out /home/cl3nn0/Downloads/nasm_asan/asm/assemble.c:457:9
#3 0x4e68b1 in gencode /home/cl3nn0/Downloads/nasm_asan/asm/assemble.c
#4 0x4da78e in assemble
/home/cl3nn0/Downloads/nasm_asan/asm/assemble.c:907:13
#5 0x4c469a in process_insn
/home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:1610:13
#6 0x4c469a in assemble_file
/home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:1734:13
#7 0x4c469a in main /home/cl3nn0/Downloads/nasm_asan/asm/nasm.c:716:9
#8 0x7f53ec8cb082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41dc3d in _start (/home/cl3nn0/Downloads/nasm_asan/nasm+0x41dc3d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/cl3nn0/Downloads/nasm_asan/output/outobj.c in obj_write_fixup
==2898704==ABORTING
-------------------------------------------------------------------
git log
$ git log --oneline -1
a916e412 (HEAD -> master, origin/master, origin/HEAD) Merge remote-tracking
branch 'github/nasm-2.16.xx'
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list