[nasm:nasm-2.15.xx] BR3392711: preproc: fix memory corruption in expand_one_smacro
nasm-bot for Cyrill Gorcunov
gorcunov at gmail.com
Tue Aug 18 01:30:07 PDT 2020
Commit-ID: 7c88289e222dc5ef9f53f9e86ecaab1924744b88
Gitweb: http://repo.or.cz/w/nasm.git?a=commitdiff;h=7c88289e222dc5ef9f53f9e86ecaab1924744b88
Author: Cyrill Gorcunov <gorcunov at gmail.com>
AuthorDate: Tue, 18 Aug 2020 11:25:14 +0300
Committer: Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Tue, 18 Aug 2020 11:27:03 +0300
BR3392711: preproc: fix memory corruption in expand_one_smacro
The mempcpy helper returns *last* byte pointer thus when
we call set_text_free we have to pass a pointer to the
start of the string.
Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>
---
asm/preproc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/asm/preproc.c b/asm/preproc.c
index b25f275e..3fa4e281 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -5612,7 +5612,7 @@ static SMacro *expand_one_smacro(Token ***tpp)
{
size_t mlen = strlen(m->name);
size_t len;
- char *p;
+ char *p, *from;
t->type = mstart->type;
if (t->type == TOK_LOCAL_MACRO) {
@@ -5625,15 +5625,15 @@ static SMacro *expand_one_smacro(Token ***tpp)
plen = pep - psp;
len = mlen + plen;
- p = nasm_malloc(len + 1);
+ from = p = nasm_malloc(len + 1);
p = mempcpy(p, psp, plen);
} else {
len = mlen;
- p = nasm_malloc(len + 1);
+ from = p = nasm_malloc(len + 1);
}
p = mempcpy(p, m->name, mlen);
*p = '\0';
- set_text_free(t, p, len);
+ set_text_free(t, from, len);
t->next = tline;
break;
More information about the Nasm-commits
mailing list