Adam Majer
43ada84483
OBS-URL: https://build.opensuse.org/package/show/devel:tools:compiler/nasm?expand=0&rev=32
55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
Author: Adam Majer <amajer@suse.de>
|
|
Date: Tue Jul 25 13:03:57 CEST 2017
|
|
Summary: Fix use after free and buffer overflow
|
|
BSC: 1047925 1047936
|
|
|
|
Submitted upstream in linked bug reports.
|
|
|
|
https://bugzilla.nasm.us/show_bug.cgi?id=3392414
|
|
https://bugzilla.nasm.us/show_bug.cgi?id=3392415
|
|
|
|
Index: nasm-2.13.01/asm/preproc.c
|
|
===================================================================
|
|
--- nasm-2.13.01.orig/asm/preproc.c
|
|
+++ nasm-2.13.01/asm/preproc.c
|
|
@@ -1280,8 +1280,8 @@ static char *detoken(Token * tlist, bool
|
|
t->text = nasm_zalloc(2);
|
|
} else
|
|
t->text = nasm_strdup(p);
|
|
+ nasm_free(q);
|
|
}
|
|
- nasm_free(q);
|
|
}
|
|
|
|
/* Expand local macros here and not during preprocessing */
|
|
@@ -3845,9 +3845,15 @@ static bool paste_tokens(Token **head, c
|
|
len += strlen(tok->text);
|
|
p = buf = nasm_malloc(len + 1);
|
|
|
|
+ strcpy(p, tok->text);
|
|
+ p = strchr(p, '\0');
|
|
+ tok = delete_Token(tok);
|
|
+
|
|
while (tok != next) {
|
|
- strcpy(p, tok->text);
|
|
- p = strchr(p, '\0');
|
|
+ if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) {
|
|
+ strcpy(p, tok->text);
|
|
+ p = strchr(p, '\0');
|
|
+ }
|
|
tok = delete_Token(tok);
|
|
}
|
|
|
|
@@ -5095,8 +5101,9 @@ static char *pp_getline(void)
|
|
nasm_free(m->paramlen);
|
|
l->finishes->in_progress = 0;
|
|
}
|
|
- } else
|
|
- free_mmacro(m);
|
|
+ } else {
|
|
+ // free_mmacro(m);
|
|
+ }
|
|
}
|
|
istk->expansion = l->next;
|
|
nasm_free(l);
|