Created attachment 411859 [details] poc from fuzzer and afl-tmin Hello, I found a segfault when fuzz nasm ELF. ------------------------------------------------------------------ normal execute $ ./nasm -f obj poc poc:1: error: label `m0group' inconsistently redefined poc:1: info: label `m0group' originally defined here fish: Job 1, './nasm -f obj poc' terminated by signal SIGSEGV (Address boundary error) ------------------------------------------------------------------- compile with asan (report) $ ./nasm -f obj poc poc:1: error: label `m0group' inconsistently redefined poc:1: info: label `m0group' originally defined here AddressSanitizer:DEADLYSIGNAL ================================================================= ==2823032==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2a93d0189c bp 0x7ffcb9135bd0 sp 0x7ffcb9135330 T0) ==2823032==The signal is caused by a READ memory access. ==2823032==Hint: address points to the zero page. #0 0x7f2a93d0189b in __interceptor_strcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:420 #1 0x5614b2ef553d in obj_directive output/outobj.c:1614 #2 0x5614b2e780a2 in process_directives asm/directiv.c:220 #3 0x5614b2e6c301 in assemble_file asm/nasm.c:1731 #4 0x5614b2e6786d in main asm/nasm.c:717 #5 0x7f2a93a5d082 in __libc_start_main ../csu/libc-start.c:308 #6 0x5614b2e64ccd in _start (/home/a13579/nasm.asan+0x111ccd) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:420 in __interceptor_strcmp ==2823032==ABORTING ------------------------------------------------------------------- git log $ git log --oneline -1 a8ff6bf7 (HEAD -> master, origin/master, origin/HEAD) Merge pull request #37 from hjl-tools/hjl/dwarf32
Use CVE-2022-44368
Hi, Could you please confirm Is fix for this bug available in nasm-2.16.01 Thanks in advance
I still can crash nasm with the poc after using the newest version at github. # newest version ------------------------------------------------------------------------- $ ./nasm --version NASM version 2.17rc0 compiled on Apr 25 2023 $ git log --oneline -1 a916e412 (HEAD -> master, origin/master, origin/HEAD) Merge remote-tracking branch 'github/nasm-2.16.xx' $ ./nasm -f obj poc poc:1: error: label `m0group' inconsistently redefined poc:1: info: label `m0group' originally defined here [1] 4194108 segmentation fault (core dumped) ./nasm -f obj poc