From imun at cpan.org  Thu Dec 31 05:48:29 2020
From: imun at cpan.org (nasm-bot for Igor Munkin)
Date: Thu, 31 Dec 2020 05:48:29 -0800
Subject: [nasm:nasm-2.15.xx] preproc: prohibit unmacro while macro expansion
Message-ID: <nasm-f95c7e983c00d6b9f46fde7c702c0e5351b7dffa@git.nasm.us>

Commit-ID:  f95c7e983c00d6b9f46fde7c702c0e5351b7dffa
Gitweb:     http://repo.or.cz/w/nasm.git?a=commitdiff;h=f95c7e983c00d6b9f46fde7c702c0e5351b7dffa
Author:     Igor Munkin <imun at cpan.org>
AuthorDate: Thu, 31 Dec 2020 14:44:17 +0300
Committer:  Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Thu, 31 Dec 2020 16:42:31 +0300

preproc: prohibit unmacro while macro expansion

If macro is undefined while it's being expanded, use after free occurs,
since the MMacro instance is released, but it is still used to proceed
the expansion.

This change forbids macro undefinition: non-fatal error is raised and
the MMacro instance is not released if it is being processed by NASM
preprocessor.

Consider the following example:
| $ cat test.asm
| %macro m 0
| %unmacro m 0
| %endmacro
| m
| $ ./nasm test.asm
| test.asm:4: error: `%unmacro' can't undefine the macro being expanded
| test.asm:2: ... from macro `m' defined here

Fixes BR3392531 and BR3392716.

Signed-off-by: Igor Munkin <imun at cpan.org>
Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>


---
 asm/preproc.c                |  13 +++++++++++++
 travis/test/br3392531.asm    | Bin 0 -> 366 bytes
 travis/test/br3392531.json   |  12 ++++++++++++
 travis/test/br3392531.stderr |  29 +++++++++++++++++++++++++++++
 travis/test/br3392716.asm    | Bin 0 -> 237 bytes
 travis/test/br3392716.json   |  13 +++++++++++++
 travis/test/br3392716.stderr |  37 +++++++++++++++++++++++++++++++++++++
 7 files changed, 104 insertions(+)

diff --git a/asm/preproc.c b/asm/preproc.c
index a03e6aba..a1197e40 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -4225,6 +4225,19 @@ issue_error:
             goto done;
         }
         mmac_p = (MMacro **) hash_findi(&mmacros, spec.name, NULL);
+
+        /* Check the macro to be undefined is not being expanded */
+        list_for_each(l, istk->expansion) {
+            if (l->finishes == *mmac_p) {
+                nasm_nonfatal("`%%unmacro' can't undefine the macro being expanded");
+                /*
+                 * Do not release the macro instance to avoid using the freed
+                 * memory while proceeding the expansion.
+                 */
+                goto done;
+            }
+        }
+
         while (mmac_p && *mmac_p) {
             mmac = *mmac_p;
             if (mmac->casesense == spec.casesense &&
diff --git a/travis/test/br3392531.asm b/travis/test/br3392531.asm
new file mode 100644
index 00000000..6ef2c689
Binary files /dev/null and b/travis/test/br3392531.asm differ
diff --git a/travis/test/br3392531.json b/travis/test/br3392531.json
new file mode 100644
index 00000000..1a4c7bf6
--- /dev/null
+++ b/travis/test/br3392531.json
@@ -0,0 +1,12 @@
+[
+	{
+		"description": "%unmacro is forbidden for macro being expanded",
+		"id": "br3392531",
+		"format": "bin",
+		"source": "br3392531.asm",
+		"error": "expected",
+		"target": [
+			{ "stderr": "br3392531.stderr" }
+		]
+	}
+]
diff --git a/travis/test/br3392531.stderr b/travis/test/br3392531.stderr
new file mode 100644
index 00000000..84810b64
--- /dev/null
+++ b/travis/test/br3392531.stderr
@@ -0,0 +1,29 @@
+./travis/test/br3392531.asm:1: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:4: error: invalid decorator token inside braces
+./travis/test/br3392531.asm:4: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:5: error: parser: instruction expected
+./travis/test/br3392531.asm:7: error: `%macro' expects a parameter count
+./travis/test/br3392531.asm:11: warning: unterminated string [-w+other]
+./travis/test/br3392531.asm:14: error: parser: instruction expected
+./travis/test/br3392531.asm:17: error: `%$LRG': context stack is empty
+./travis/test/br3392531.asm:17: error: `%$LRG': context stack is empty
+./travis/test/br3392531.asm:17: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:18: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:19: error: parser: instruction expected
+./travis/test/br3392531.asm:20: error: `%1': not in a macro call
+./travis/test/br3392531.asm:20: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:8: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: parser: instruction expected
+./travis/test/br3392531.asm:9: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392531.asm:10: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: invalid macro parameter: `%4stru at namB'
+./travis/test/br3392531.asm:11: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: parser: instruction expected
+./travis/test/br3392531.asm:11: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: `%unmacro' expects a parameter count
+./travis/test/br3392531.asm:12: ... from macro `section' defined here
+./travis/test/br3392531.asm:21: error: `%unmacro' can't undefine the macro being expanded
+./travis/test/br3392531.asm:12: ... from macro `section' defined here
+./travis/test/br3392531.asm:22: error: parser: instruction expected
diff --git a/travis/test/br3392716.asm b/travis/test/br3392716.asm
new file mode 100644
index 00000000..ac480f30
Binary files /dev/null and b/travis/test/br3392716.asm differ
diff --git a/travis/test/br3392716.json b/travis/test/br3392716.json
new file mode 100644
index 00000000..b3d4e0b1
--- /dev/null
+++ b/travis/test/br3392716.json
@@ -0,0 +1,13 @@
+[
+	{
+		"description": "%unmacro is forbidden for macro being expanded",
+		"id": "br3392716",
+		"format": "macho64",
+		"source": "br3392716.asm",
+		"option": "-g",
+		"error": "expected",
+		"target": [
+			{ "stderr": "br3392716.stderr" }
+		]
+	}
+]
diff --git a/travis/test/br3392716.stderr b/travis/test/br3392716.stderr
new file mode 100644
index 00000000..049bcb94
--- /dev/null
+++ b/travis/test/br3392716.stderr
@@ -0,0 +1,37 @@
+./travis/test/br3392716.asm:1: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:2: error: `%unmacro' expects a parameter count
+./travis/test/br3392716.asm:3: warning: unterminated string [-w+other]
+./travis/test/br3392716.asm:3: error: `%unmacro' expects a macro name
+./travis/test/br3392716.asm:4: warning: unterminated string [-w+other]
+./travis/test/br3392716.asm:4: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:5: error: `%macro' expects a parameter count
+./travis/test/br3392716.asm:15: warning: unterminated string [-w+other]
+./travis/test/br3392716.asm:20: warning: unterminated string [-w+other]
+./travis/test/br3392716.asm:20: warning: multi-line macro `sst' exists, but not taking 1 parameter [-w+macro-params-multi]
+./travis/test/br3392716.asm:20: error: parser: instruction expected
+./travis/test/br3392716.asm:21: error: `%%cTo': not in a macro call
+./travis/test/br3392716.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:6: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: `%unmacro' expects a parameter count
+./travis/test/br3392716.asm:7: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: `%unmacro' can't undefine the macro being expanded
+./travis/test/br3392716.asm:7: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:8: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: parser: instruction expected
+./travis/test/br3392716.asm:10: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:11: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: `%unmacro' expects a parameter count
+./travis/test/br3392716.asm:12: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: `%unmacro' can't undefine the macro being expanded
+./travis/test/br3392716.asm:12: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: label or instruction expected at start of line
+./travis/test/br3392716.asm:13: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: parser: instruction expected
+./travis/test/br3392716.asm:15: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: `%macro' expects a macro name
+./travis/test/br3392716.asm:16: ... from macro `sst' defined here
+./travis/test/br3392716.asm:21: error: parser: instruction expected
+./travis/test/br3392716.asm:17: ... from macro `sst' defined here
+./travis/test/br3392716.asm:22: error: label or instruction expected at start of line