[nasm:master] BR3392776: parser: parse_line -- fix unitialized memory access
nasm-bot for Cyrill Gorcunov
gorcunov at gmail.com
Mon Nov 7 17:12:18 PST 2022
Commit-ID: 00c64906209e87043c6d5dd0a127119be561b1c6
Gitweb: http://repo.or.cz/w/nasm.git?a=commitdiff;h=00c64906209e87043c6d5dd0a127119be561b1c6
Author: Cyrill Gorcunov <gorcunov at gmail.com>
AuthorDate: Mon, 18 Oct 2021 00:21:05 +0300
Committer: Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Mon, 18 Oct 2021 00:21:05 +0300
BR3392776: parser: parse_line -- fix unitialized memory access
Andrew reported that we may access unitialized memory
> SUMMARY: MemorySanitizer: use-of-uninitialized-value nasm/asm/parser.c:982:41 in parse_line
It turns out that in case of malformed data the expression is terminator
itself so we should not "lookup ahead" for next one. Thus test for first
expression initially and if test passes check for terminator.
Reported-by: Andrew Bao <xiaobaozidi at gmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>
---
asm/parser.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/asm/parser.c b/asm/parser.c
index daafa920..5b00b0cf 100644
--- a/asm/parser.c
+++ b/asm/parser.c
@@ -979,13 +979,12 @@ restart_parse:
/*
* Process the segment override.
*/
- if (value[1].type != 0 ||
- value->value != 1 ||
- !IS_SREG(value->type))
+ if (!IS_SREG(value->type) || value->value != 1 ||
+ value[1].type != 0) {
nasm_nonfatal("invalid segment override");
- else if (result->prefixes[PPS_SEG])
+ } else if (result->prefixes[PPS_SEG]) {
nasm_nonfatal("instruction has conflicting segment overrides");
- else {
+ } else {
result->prefixes[PPS_SEG] = value->type;
if (IS_FSGS(value->type))
op->eaflags |= EAF_FSGS;
More information about the Nasm-commits
mailing list