[nasm:nasm-2.15.xx] BR3392711: preproc: fix memory corruption in expand_one_smacro

[nasm-bot for Cyrill Gorcunov]

Commit-ID:  7c88289e222dc5ef9f53f9e86ecaab1924744b88
Gitweb:     http://repo.or.cz/w/nasm.git?a=commitdiff;h=7c88289e222dc5ef9f53f9e86ecaab1924744b88
Author:     Cyrill Gorcunov <gorcunov at gmail.com>
AuthorDate: Tue, 18 Aug 2020 11:25:14 +0300
Committer:  Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Tue, 18 Aug 2020 11:27:03 +0300

BR3392711: preproc: fix memory corruption in expand_one_smacro

The mempcpy helper returns *last* byte pointer thus when
we call set_text_free we have to pass a pointer to the
start of the string.

Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>


---
 asm/preproc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/asm/preproc.c b/asm/preproc.c
index b25f275e..3fa4e281 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -5612,7 +5612,7 @@ static SMacro *expand_one_smacro(Token ***tpp)
         {
             size_t mlen = strlen(m->name);
 	    size_t len;
-            char *p;
+            char *p, *from;
 
             t->type = mstart->type;
             if (t->type == TOK_LOCAL_MACRO) {
@@ -5625,15 +5625,15 @@ static SMacro *expand_one_smacro(Token ***tpp)
                 plen = pep - psp;
 
                 len = mlen + plen;
-                p = nasm_malloc(len + 1);
+                from = p = nasm_malloc(len + 1);
                 p = mempcpy(p, psp, plen);
             } else {
                 len = mlen;
-                p = nasm_malloc(len + 1);
+                from = p = nasm_malloc(len + 1);
             }
             p = mempcpy(p, m->name, mlen);
             *p = '\0';
-	    set_text_free(t, p, len);
+	    set_text_free(t, from, len);
 
             t->next = tline;
             break;