3392796 – NULL pointer dereference in do_directive caused by %exitmacro

Self-registration is disabled due to spam issue (mail gorcunov@gmail.com or hpa@zytor.com to create an account)

Bug 3392796 - NULL pointer dereference in do_directive caused by %exitmacro

Summary: NULL pointer dereference in do_directive caused by %exitmacro

Status:	CLOSED FIXED

Alias:	None

Product:	NASM
Classification:	Unclassified
Component:	Assembler (show other bugs)
Version:	2.16.xx
Hardware:	All Linux

Importance:	Medium minor
Assignee:	nobody

URL:

Depends on:
Blocks:

Reported:	2022-03-27 16:43 PDT by Marco
Modified:	2022-11-21 11:51 PST (History)
CC List:	5 users (show)

Obtained from:	Built from git using configure
Generated by:	---
Bug category:
Breaks existing code:	---

Attachments
reproducer (49 bytes, text/x-matlab) 2022-03-27 16:43 PDT, Marco	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marco 2022-03-27 16:43:52 PDT

Created attachment 411845 [details]
reproducer

The following sample input causes a NULL pointer dereference in the `do_directive` function:

```
%ifnctx
%macro mc
%endif
%exitmacro
%endmacro
mc
```

Error (Address Sanitizer enabled):

```
$ ./nasm -f elf64 -g -FDWARF -o /tmp/t.o manual
manual:2: error: `%macro' expects a parameter count
asm/preproc.c:4311:37: runtime error: member access within null pointer of type 'Cond' (aka 'struct Cond')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:4311:37 in 
asm/preproc.c:4311:37: runtime error: load of null pointer of type 'Cond *' (aka 'struct Cond *')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior asm/preproc.c:4311:37 in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8555==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5608adf5d816 bp 0x7fff37cb06b0 sp 0x7fff37cae9c0 T0)
==8555==The signal is caused by a READ memory access.
==8555==Hint: address points to the zero page.
    #0 0x5608adf5d816 in do_directive /home/mvanotti/nasm/asm/preproc.c:4311:37
    #1 0x5608adf2ce8e in pp_tokline /home/mvanotti/nasm/asm/preproc.c:7273:13
    #2 0x5608adf29089 in pp_getline /home/mvanotti/nasm/asm/preproc.c:7337:17
    #3 0x5608adeb01cd in assemble_file /home/mvanotti/nasm/asm/nasm.c:1722:24
    #4 0x5608adeada21 in main /home/mvanotti/nasm/asm/nasm.c:717:9
    #5 0x7fd29325b0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x5608addfa46d in _start (/home/mvanotti/nasm/nasm+0x24146d) (BuildId: 468074ad69557daa810b25683f741e5ebd6f1997)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/mvanotti/nasm/asm/preproc.c:4311:37 in do_directive
==8555==ABORTING
```

Comment 1 H. Peter Anvin 2022-10-05 11:26:02 PDT

OK, so it seems that the problem here is that because %macro syntax errored, there is probably no macro being defined (otherwise %endif should fail - we should check that.) Thus, %exitmacro (and %endmacro) appears without a macro actually being defined.

Comment 2 H. Peter Anvin 2022-11-21 11:51:30 PST

Fix checked in.