Commit-ID: a28c40d54602429c2458a95a62b1fab5142ffb9e
Gitweb: http://repo.or.cz/w/nasm.git?a=commitdiff;h=a28c40d54602429c2458a95a62b1fab5142ffb9e
Author: Cyrill Gorcunov <gor...@gm...>
AuthorDate: Sat, 13 Oct 2018 18:10:26 +0300
Committer: Cyrill Gorcunov <gor...@gm...>
CommitDate: Sat, 13 Oct 2018 18:10:30 +0300
parser: Fix sigsegv on certain equ instruction parsing
We should check for bounds when accessing nasm_reg_flags.
Seems this bug was for long time already.
https://bugzilla.nasm.us/show_bug.cgi?id=3392516
Reported-by: Jordan Zebor <j....@f5...>
Signed-off-by: Cyrill Gorcunov <gor...@gm...>
---
asm/parser.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/asm/parser.c b/asm/parser.c
index 90e4337..297af26 100644
--- a/asm/parser.c
+++ b/asm/parser.c
@@ -1124,6 +1124,23 @@ is_expression:
rs = 0;
}
+ /*
+ * Make sure we're not out of nasm_reg_flags, still
+ * probably this should be fixed when we're defining
+ * the label.
+ *
+ * An easy trigger is
+ *
+ * e equ 0x80000000:0
+ * pshufw word e-0
+ *
+ */
+ if (value->type < EXPR_REG_START ||
+ value->type > EXPR_REG_END) {
+ nasm_error(ERR_NONFATAL, "invalid operand type");
+ goto fail;
+ }
+
op->type &= TO;
op->type |= REGISTER;
op->type |= nasm_reg_flags[value->type];
|
