Created attachment 411852 [details] the POC file. Hi, developers of NASM: I tested the binary ndisasm with my fuzzer, and a crash incurred, i.e., Stack-buffer-overflow error. The version of NASM is the latest (the newest master branch in github (https://github.com/netwide-assembler/nasm.git), version: NASM version 2.16rc0 compiled on Sep 20 2022) and the operation system is Ubuntu 18.04.6 LTS (docker). The following is the details. root@1312a373d471:/fuzz-nasm/ndisasm# ./ndisasm ../out/crashes/id\:000011\,sig\:06\,src\:000341\,op\:havoc\,rep\:4\,701855 00000000 46 inc si 00000001 53 push bx 00000002 0002 add [bp+si],al 00000004 00B3B3B3 add [bp+di-0x4c4d],dh 00000008 B3B3 mov bl,0xb3 0000000A B3B3 mov bl,0xb3 0000000C B3B3 mov bl,0xb3 0000000E B3B3 mov bl,0xb3 00000010 B3B3 mov bl,0xb3 00000012 B3B3 mov bl,0xb3 00000014 B3B3 mov bl,0xb3 00000016 B3B3 mov bl,0xb3 00000018 B3B3 mov bl,0xb3 0000001A B3B3 mov bl,0xb3 0000001C B3B3 mov bl,0xb3 0000001E B3B3 mov bl,0xb3 00000020 B3B3 mov bl,0xb3 00000022 B300 mov bl,0x0 00000024 3E3E3E3E3E3E3E3E ds pop bx -3E3E3E3E3E3E3E3E -3E3E3E3E3E3E3E3E -3E3E3E3E5B 00000041 5B pop bx 00000042 5C pop sp 00000043 3E3E3E4F ds dec di ================================================================= ==887807==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd3ffea120 at pc 0x00000041338c bp 0x7ffd3ffe8610 sp 0x7ffd3ffe8608 READ of size 1 at 0x7ffd3ffea120 thread T0 #0 0x41338b in disasm (/fuzz-nasm/ndisasm/ndisasm+0x41338b) #1 0x40c89c in main (/fuzz-nasm/ndisasm/ndisasm+0x40c89c) #2 0x7f6308e6ec86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #3 0x406759 in _start (/fuzz-nasm/ndisasm/ndisasm+0x406759) Address 0x7ffd3ffea120 is located in stack of thread T0 at offset 96 in frame #0 0x406a8f in main (/fuzz-nasm/ndisasm/ndisasm+0x406a8f) This frame has 6 object(s): [32, 96) 'buffer' <== Memory access at offset 96 overflows this variable [128, 136) 'ep' [160, 416) 'outbuf' [480, 484) 'synclen' [496, 516) 'prefer' [560, 561) 'rn_error' HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/fuzz-nasm/ndisasm/ndisasm+0x41338b) in disasm Shadow bytes around the buggy address: 0x100027ff53d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff53e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff53f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff5410: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 =>0x100027ff5420: 00 00 00 00[f2]f2 f2 f2 00 f2 f2 f2 00 00 00 00 0x100027ff5430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff5440: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 0x100027ff5450: f2 f2 f2 f2 04 f2 00 00 04 f2 f2 f2 f2 f2 01 f3 0x100027ff5460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100027ff5470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==887807==ABORTING I uploaded the POC in the attachment. Thank you for your time! Credit Xudong Cao (NCNIPC of China) Han Zheng (NCNIPC of China, Hexhive)