[nasm:master] assemble: process_ea - fix unitialized read

nasm-bot for Cyrill Gorcunov gorcunov at gmail.com
Mon Nov 7 17:12:14 PST 2022


Commit-ID:  02641a3c841c9f96cc9814756ca9a74c4ad6e783
Gitweb:     http://repo.or.cz/w/nasm.git?a=commitdiff;h=02641a3c841c9f96cc9814756ca9a74c4ad6e783
Author:     Cyrill Gorcunov <gorcunov at gmail.com>
AuthorDate: Mon, 3 May 2021 17:55:32 +0300
Committer:  Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Mon, 3 May 2021 17:55:32 +0300

assemble: process_ea - fix unitialized read

In commit 2469b8b6 we occasionally bring the ability
to read unitialized memory due to refactoring. Fix it
doing needed test inside the function and setting up
an error message if needed.

Side note: passing 7 arguments into the function means
we have to decompose this helper somehow, such number
of arguments is a way over the top.

Bugzilla: https://bugzilla.nasm.us/show_bug.cgi?id=3392751
Reported-by: Marco <mvanotti at protonmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>


---
 asm/assemble.c | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/asm/assemble.c b/asm/assemble.c
index 46ce9303..593045bf 100644
--- a/asm/assemble.c
+++ b/asm/assemble.c
@@ -245,8 +245,8 @@ static int op_rexflags(const operand *, int);
 static int op_evexflags(const operand *, int, uint8_t);
 static void add_asp(insn *, int);
 
-static enum ea_type process_ea(operand *, ea *, int, int,
-                               opflags_t, insn *, const char **);
+static int process_ea(operand *, ea *, int, int, opflags_t,
+                      insn *, enum ea_type, const char **);
 
 static inline bool absolute_op(const struct operand *o)
 {
@@ -1615,7 +1615,7 @@ static int64_t calcsize(int32_t segment, int64_t offset, int bits,
                     opy->eaflags |= EAF_SIB;
 
                 if (process_ea(opy, &ea_data, bits,
-                               rfield, rflags, ins, &errmsg) != eat) {
+                               rfield, rflags, ins, eat, &errmsg)) {
                     nasm_nonfatal("%s", errmsg);
                     return -1;
                 } else {
@@ -2261,7 +2261,7 @@ static void gencode(struct out_data *data, insn *ins)
                 }
 
                 if (process_ea(opy, &ea_data, bits,
-                               rfield, rflags, ins, &errmsg) != eat)
+                               rfield, rflags, ins, eat, &errmsg))
                     nasm_nonfatal("%s", errmsg);
 
                 p = bytes;
@@ -2781,9 +2781,9 @@ static enum match_result matches(const struct itemplate *itemp,
                      input->eaflags & EAF_BYTEOFFS || (o >= -128 &&    \
                      o <= 127 && seg == NO_SEG && !forw_ref)))
 
-static enum ea_type process_ea(operand *input, ea *output, int bits,
-                               int rfield, opflags_t rflags, insn *ins,
-                               const char **errmsgp)
+static int process_ea(operand *input, ea *output, int bits,
+                      int rfield, opflags_t rflags, insn *ins,
+                      enum ea_type expected, const char **errmsgp)
 {
     bool forw_ref = !!(input->opflags & OPFLAG_UNKNOWN);
     int addrbits = ins->addr_size;
@@ -3241,9 +3241,16 @@ static enum ea_type process_ea(operand *input, ea *output, int bits,
     }
 
     output->size = 1 + output->sib_present + output->bytes;
-    return output->type;
+    /*
+     * The type parsed might not match one supplied by
+     * a caller. In this case exit with error and let
+     * the caller to deside how critical it is.
+     */
+    if (output->type != expected)
+        goto err_set_msg;
+    return 0;
 
-err:
+err_set_msg:
     if (!errmsg) {
         /* Default error message */
         static char invalid_address_msg[40];
@@ -3252,7 +3259,11 @@ err:
         errmsg = invalid_address_msg;
     }
     *errmsgp = errmsg;
-    return output->type = EA_INVALID;
+    return -1;
+
+err:
+    output->type = EA_INVALID;
+    goto err_set_msg;
 }
 
 static void add_asp(insn *ins, int addrbits)


More information about the Nasm-commits mailing list