Created attachment 411858 [details] poc from fuzzer and afl-tmin Hello, I found a segfault when fuzz nasm ELF. ------------------------------------------------------------------ normal execute $ ./nasm -f aoutb poc poc:3: error: invalid combination of opcode and operands poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits [-w+zext-reloc] poc:6: error: `..gotoff' relocations require a non-global symbol in the section Segmentation fault ------------------------------------------------------------------- compile with asan (report) $ ./nasm -f aoutb poc poc:3: error: invalid combination of opcode and operands poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits [-w+zext-reloc] poc:6: error: `..gotoff' relocations require a non-global symbol in the section AddressSanitizer:DEADLYSIGNAL ================================================================= ==3053570==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x55a10486efa4 bp 0x7fff95281d40 sp 0x7fff95281d00 T0) ==3053570==The signal is caused by a READ memory access. ==3053570==Hint: address points to the zero page. #0 0x55a10486efa3 in aout_add_gotoff_reloc output/outaout.c:566 #1 0x55a10486f4b0 in aout_out output/outaout.c:633 #2 0x55a1048bfbaf in nasm_do_legacy_output output/legacy.c:123 #3 0x55a10481a16c in out asm/assemble.c:459 #4 0x55a10481ae43 in out_imm asm/assemble.c:548 #5 0x55a104821fc9 in gencode asm/assemble.c:1955 #6 0x55a10481d147 in assemble asm/assemble.c:908 #7 0x55a104809ae5 in process_insn asm/nasm.c:1613 #8 0x55a10480a33c in assemble_file asm/nasm.c:1737 #9 0x55a10480586d in main asm/nasm.c:717 #10 0x7eff23a1a082 in __libc_start_main ../csu/libc-start.c:308 #11 0x55a104802ccd in _start (/home/a13579/nasm.asan+0x111ccd) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV output/outaout.c:566 in aout_add_gotoff_reloc ==3053570==ABORTING ------------------------------------------------------------------- git log $ git log --oneline -1 a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37 from hjl-tools/hjl/dwarf32
Use CVE-2022-44369
(In reply to 13579and24680 from comment #1) > Use CVE-2022-44369 Hi, Colud you please confirm, is a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37 from hjl-tools/hjl/dwarf fixes the CVE-2022-44369 Thanks in advance
I still can crash nasm with the poc after I checkout the commit. # git log the commit ------------------------------------------- $ git checkout a8ff6bf7 $ git log --oneline -1 a8ff6bf7 (HEAD) Merge pull request #37 from hjl-tools/hjl/dwarf32 $ ./nasm -f aoutb poc poc:3: error: invalid combination of opcode and operands poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits [-w+zext-reloc] poc:6: error: `..gotoff' relocations require a non-global symbol in the section [1] 3620463 segmentation fault (core dumped) ./nasm -f aoutb poc # newest version ------------------------------------------------------------------------- $ git log --oneline -1 a916e412 (HEAD -> master, origin/master, origin/HEAD) Merge remote-tracking branch 'github/nasm-2.16.xx' $ ./nasm -f aoutb poc poc:3: error: invalid combination of opcode and operands poc:6: warning: 64-bit unsigned relocation zero-extended from 32 bits [-w+zext-reloc] poc:6: error: `..gotoff' relocations require a non-global symbol in the section [1] 3553577 segmentation fault (core dumped) ./nasm -f aoutb poc
Thank You for quick response