Created attachment 411854 [details] poc from fuzzer and afl-tmin (normal nasm crash) $ ./nasm -M poc poc: warning: default output file same as input, using `nasm.out' for output [-w+other] fish: Job 1, './nasm -M poc' terminated by signal SIGSEGV (Address boundary error) ------------------------------------------------------------------ (make asan) $ sh autogen.sh $ ./configure CFLAGS=' -g3 -fsanitize=address ' CXXFLAGS=' -g3 -fsanitize=address ' $ make ---------------------------------------------------------------------------- (asan report) $ ./nasm -M poc poc: warning: default output file same as input, using `nasm.out' for output [-w+other] ================================================================= ==3558605==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000030b3 at pc 0x562600507283 bp 0x7fffe8dd4dc0 sp 0x7fffe8dd4db0 WRITE of size 1 at 0x6020000030b3 thread T0 #0 0x562600507282 in quote_for_pmake asm/nasm.c:856 #1 0x5626005050d8 in emit_dependencies asm/nasm.c:397 #2 0x56260050696d in main asm/nasm.c:738 #3 0x7fdd8dda7082 in __libc_start_main ../csu/libc-start.c:308 #4 0x562600503ccd in _start (/home/a13579/SQ-Fuzz/mytest13579/nasm_cmplog_parfuzz/fuzz/output/slave2/queue_info/crashes/nasm_new/poc/nasm+0x111ccd) 0x6020000030b3 is located 0 bytes to the right of 3-byte region [0x6020000030b0,0x6020000030b3) allocated by thread T0 here: #0 0x7fdd8e082808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x56260050d5e8 in nasm_malloc nasmlib/alloc.c:55 #2 0x562600506d7c in quote_for_pmake asm/nasm.c:823 #3 0x5626005050d8 in emit_dependencies asm/nasm.c:397 #4 0x56260050696d in main asm/nasm.c:738 #5 0x7fdd8dda7082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-buffer-overflow asm/nasm.c:856 in quote_for_pmake Shadow bytes around the buggy address: 0x0c047fff85c0: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd 0x0c047fff85d0: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd 0x0c047fff85e0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd 0x0c047fff85f0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd 0x0c047fff8600: fa fa fd fd fa fa fd fd fa fa fd fa fa fa 02 fa =>0x0c047fff8610: fa fa fd fa fa fa[03]fa fa fa fa fa fa fa fa fa 0x0c047fff8620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3558605==ABORTING -------------------------------------------------------------------- (git log) $ git log --oneline -1 a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37 from hjl-tools/hjl/dwarf32
Fixed in checkin 2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d.
CVE-2022-44370