parser: Fix sigsegv on certain equ instruction parsing

We should check for bounds when accessing nasm_reg_flags. Seems this bug was for long time already. https://bugzilla.nasm.us/show_bug.cgi?id=3392516 Reported-by: Jordan Zebor <j.zebor@f5.com> Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
2025-04-12 18:40:23 +08:00 · 2018-10-13 18:10:26 +03:00 · 2018-10-13 18:10:26 +03:00 · a28c40d546
commit a28c40d546
parent 8e740c6773
1 changed files with 17 additions and 0 deletions
--- a/asm/parser.c
+++ b/asm/parser.c
@ -1124,6 +1124,23 @@ is_expression:
                    rs = 0;
                }

+                /*
+                 * Make sure we're not out of nasm_reg_flags, still
+                 * probably this should be fixed when we're defining
+                 * the label.
+                 *
+                 * An easy trigger is
+                 *
+                 *      e equ 0x80000000:0
+                 *      pshufw word e-0
+                 *
+                 */
+                if (value->type < EXPR_REG_START ||
+                    value->type > EXPR_REG_END) {
+                        nasm_error(ERR_NONFATAL, "invalid operand type");
+                        goto fail;
+                }
+
                op->type      &= TO;
                op->type      |= REGISTER;
                op->type      |= nasm_reg_flags[value->type];