#610 new
Ahcheong Lee

SEGV in nasm-pp.c:3854

Reported by Ahcheong Lee | April 29th, 2021 @ 04:07 PM

I report a double free detected by address sanitizer.
I found this test input by fuzz testing.

The stack traces are as follows:
==24692==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x000000412b34 bp 0x000000000005 sp 0x7fffffffdb80 T0) ==24692==The signal is caused by a READ memory access. ==24692==Hint: address points to the zero page. #0 0x412b34 in expand_mmac_params ...//subjects/yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c:3854:20 #1 0x40c63b in pp_getline ...//subjects/yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c:5070:21 #2 0x4289a2 in nasm_preproc_get_line ...//subjects/yasm-1.3.0/modules/preprocs/nasm/nasm-preproc.c:195:12 #3 0x42ec0d in nasm_parser_parse ...//subjects/yasm-1.3.0/modules/parsers/nasm/nasm-parse.c:219:13 #4 0x44a2c7 in nasm_do_parse ...//subjects/yasm-1.3.0/modules/parsers/nasm/nasm-parser.c:66:5 #5 0x44a2c7 in nasm_parser_do_parse ...//subjects/yasm-1.3.0/modules/parsers/nasm/nasm-parser.c:83:5 #6 0x48458f in do_assemble ...//subjects/yasm-1.3.0/frontends/yasm/yasm.c:519:5 #7 0x48458f in main ...//subjects/yasm-1.3.0/frontends/yasm/yasm.c:749:12 #8 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310 #9 0x2e2cc9 in _start (...//afl++/subjects_friend/yasm/yasm.san+0x2e2cc9)

You can reproduce the bug by executing

I tested the subject on yasm-1.3.0.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

The Yasm Modular Assembler Project

Shared Ticket Bins

People watching this ticket