3392792 – NULL pointer dereference in paste_tokens (asm/preproc.c)

Self-registration is disabled due to spam issue (mail gorcunov@gmail.com or hpa@zytor.com to create an account)

Bug 3392792 - NULL pointer dereference in paste_tokens (asm/preproc.c)

Summary: NULL pointer dereference in paste_tokens (asm/preproc.c)

Status:	OPEN

Alias:	None

Product:	NASM
Classification:	Unclassified
Component:	Assembler (show other bugs)
Version:	2.16.xx
Hardware:	PC Linux

Importance:	Medium normal
Assignee:	nobody

URL:

Depends on:
Blocks:

Reported:	2022-02-11 21:16 PST by Marco
Modified:	2022-03-27 16:51 PDT (History)
CC List:	5 users (show)

Obtained from:	Built from git using configure
Generated by:	---
Bug category:
Breaks existing code:	---

Attachments
Reproducer File (same as in bug comment) (34 bytes, text/x-matlab) 2022-02-11 21:16 PST, Marco	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marco 2022-02-11 21:16:31 PST

Created attachment 411842 [details]
Reproducer File (same as in bug comment)

There is a NULL pointer dereference in asm/preproc.c in the paste_tokens function.

This can be detected by AddressSanitizer, by building with the following flags:

```
./configure --enable-sanitizer
```

Reproducer:

```
%macro f 1
%m%-1:
%endmacro
f cxz
```

output:

```
$ ASAN_OPTIONS="detect_leaks=0:detect_stack_use_after_return=1" ./nasm -felf64 -o /tmp/aaaa test.asm
test.asm:4: error: condition code `cxz' is not invertible
test.asm:2: ... from macro `f' defined here
asm/preproc.c:5092:30: runtime error: member access within null pointer of type 'Token' (aka 'struct Token')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30 in 
asm/preproc.c:5092:30: runtime error: load of null pointer of type 'Token *' (aka 'struct Token *')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:5092:30 in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==44470==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55dbd3bbe15f bp 0x7ffc55486cb0 sp 0x7ffc55486910 T0)
==44470==The signal is caused by a READ memory access.
==44470==Hint: address points to the zero page.
    #0 0x55dbd3bbe15f in paste_tokens /home/user/nasm/asm/preproc.c:5092:30
    #1 0x55dbd3bc6d3e in expand_mmac_params /home/user/nasm/asm/preproc.c:5386:9
    #2 0x55dbd3ba0e74 in pp_tokline /home/user/nasm/asm/preproc.c:7258:21
    #3 0x55dbd3b9d089 in pp_getline /home/user/nasm/asm/preproc.c:7328:17
    #4 0x55dbd3b241cd in assemble_file /home/user/nasm/asm/nasm.c:1722:24
    #5 0x55dbd3b21a21 in main /home/user/nasm/asm/nasm.c:717:9
    #6 0x7fc879c710b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x55dbd3a6e46d in _start (/home/user/nasm/nasm+0x24146d) (BuildId: 3fc13de32457a8981b73bda01728cd257f86782c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/nasm/asm/preproc.c:5092:30 in paste_tokens
==44470==ABORTING
```