The size calculation done in len_extops() (called by insn_size()) for
EOT_DB_RESERVE (i.e. uninitialized storage "?" token) does not take
into account the element size (e->elem), thus calculating a wrong
size for any Dx larger than DB (DW, DQ, etc).
The bug is silent, but it makes NASM error out if a "Dx ?" (larger
than DB) is followed by any label because the label offset gets
mismatched in the final code generation stage:
$ cat test.asm
[section .bss]
DW ?
x:
$ nasm test.asm
test.asm:3: error: label `x' changed during code generation [-w+error=label-redef-late]
See also: https://stackoverflow.com/q/70012188/3889449
Signed-off-by: Marco Bonelli <marco@mebeim.net>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Andrew reported that we may access unitialized memory
> SUMMARY: MemorySanitizer: use-of-uninitialized-value nasm/asm/parser.c:982:41 in parse_line
It turns out that in case of malformed data the expression is terminator
itself so we should not "lookup ahead" for next one. Thus test for first
expression initially and if test passes check for terminator.
Reported-by: Andrew Bao <xiaobaozidi@gmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Regression in commit 20e0d616dc954d567c8bf2c7e11cc5d6c10ac544.
Independently discovered and fixed by C. Masloch:
https://bugzilla.nasm.us/show_bug.cgi?id=3392747
Signed-off-by: Oleg Oshmyan <chortos@inbox.lv>
The instruction supports two forms with [f2] and [f3].
I guess we might add aliases as VMGEXIT2 and VMGEXIT3.
For now simly leave a second form for ndisasm sake.
https://bugzilla.nasm.us/show_bug.cgi?id=3392755
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
This commit adds the compilation directory debug information for ELF files.
This feature helps debuggers locate the source file when debugging.
The feature is already present for Mach-O files.
Signed-off-by: Marco Vanotti <mvanotti@dc.uba.ar>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Changing the type of `to_read` from `uint32_t` to
`int32_t` makes it aware of negative numbers and fixes
the buffer overflow in ndisasm.
Signed-off-by: T Turek <tureqsec@gmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
In commit 2469b8b6 we occasionally bring the ability
to read unitialized memory due to refactoring. Fix it
doing needed test inside the function and setting up
an error message if needed.
Side note: passing 7 arguments into the function means
we have to decompose this helper somehow, such number
of arguments is a way over the top.
Bugzilla: https://bugzilla.nasm.us/show_bug.cgi?id=3392751
Reported-by: Marco <mvanotti@protonmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Add a {rex} prefix to force REX encoding (typically a redundant 40h
prefix).
For prefix parsing, we can use t_inttwo to encode the prefix slot
number.
Give more verbose error messages for encoding mismatches.
Make the pasting behavior of TOKEN_QMARK, TOKEN_HERE and TOKEN_BASE
match the NASM 2.15 behavior: ? is a keyword and pastes as an ID, $
and $$ are treated as operators (which doesn't seem to make much
sense, but it is the current legacy behavior.)
Reported-by: C. Masloch <pushbx@ulukai.org>
Bugzilla: https://bugzilla.nasm.us/show_bug.cgi?id=3392733
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
In case if section follows itself we should yield
an error, otherwise we hit nil dereference because
there won't be any group of sections.
After all "follow" attribute is rather to group
sections other than self.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
If macro is undefined while it's being expanded, use after free occurs,
since the MMacro instance is released, but it is still used to proceed
the expansion.
This change forbids macro undefinition: non-fatal error is raised and
the MMacro instance is not released if it is being processed by NASM
preprocessor.
Consider the following example:
| $ cat test.asm
| %macro m 0
| %unmacro m 0
| %endmacro
| m
| $ ./nasm test.asm
| test.asm:4: error: `%unmacro' can't undefine the macro being expanded
| test.asm:2: ... from macro `m' defined here
Fixes BR3392531 and BR3392716.
Signed-off-by: Igor Munkin <imun@cpan.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Lets run it as win32 since they are sharing
backends in most places but win32 is a way
more widely used.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
It is failing right now so I'm not sure if
masm test is correct one. Lets merge it in
this form and update if needed.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
