Go to file
Adam Majer c7c28357c8 asm/float.c: fix buffer underflow in float parsing
When we suffer an underflow that cross limb boundaries, it is possible
to end up with a stack underflow.  Put in an explicit check for this
case (the mantissa will be zero in this case.)

   https://bugzilla.nasm.us/show_bug.cgi?id=3392445

Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
diff --git a/asm/float.c b/asm/float.c
index dcf69fea..2965d3db 100644
--- a/asm/float.c
+++ b/asm/float.c
@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
         if (offs)
             for (j = MANT_LIMBS-1; j >= offs; j--)
                 mant[j] = mant[j-offs];
+    } else if (MANT_LIMBS-1-offs < 0) {
+        j = MANT_LIMBS-1;
     } else {
         n = mant[MANT_LIMBS-1-offs] >> sr;
         for (j = MANT_LIMBS-1; j > offs; j--) {
2018-07-06 03:08:15 -07:00
asm asm/float.c: fix buffer underflow in float parsing 2018-07-06 03:08:15 -07:00
common BR 3392409: idata_bytes() and resv_bytes() don't match their prototypes 2017-06-01 15:23:05 -07:00
config Windows: clean up the handling of stat on Windows 2017-04-06 15:48:51 -07:00
contrib contrib/MSVC6.txt: Add guide how to use nasm in MSVC6 2010-01-24 23:17:55 +03:00
disasm asm: support the +n syntax for register sets 2018-06-25 17:15:08 -07:00
doc doc/rdsrc.pl: fix unescaped brace 2018-06-25 23:13:59 -07:00
headers headers: Update year 2010-04-25 12:02:38 +04:00
include asm: add a default-off warning for phase error in pass 1 2018-06-27 21:03:38 -07:00
macros Cleanup of label renaming infrastructure, add subsection support 2018-06-01 18:06:25 -07:00
misc misc/omfdump.c: expand dDEPFILE COMENT records 2017-08-16 15:23:01 -07:00
Mkfiles MSVC: fix dependency generation and building RDOFF under MSVC 2018-06-18 13:54:43 -07:00
nasmlib RAA: make pointer vs integer RAAs type safe 2018-06-18 17:11:54 -07:00
nsis nsis: use /solid compression for smaller size 2017-04-07 11:05:09 -07:00
output subsections: don't lose the offset in the parent section 2018-06-27 20:20:21 -07:00
perllib perllib/README: delete obsolete file 2017-02-23 20:24:56 -08:00
rdoff Fix implicit fallthrough that trips -Werror 2018-05-08 12:45:00 -07:00
stdlib Eliminate filename length restrictions, remote ofmt->filename() 2017-12-20 13:38:20 -08:00
test asm: support the +n syntax for register sets 2018-06-25 17:15:08 -07:00
tools MSVC: fix dependency generation and building RDOFF under MSVC 2018-06-18 13:54:43 -07:00
x86 insns.dat: add Intel Software Guard Extensions (SGX) instructions 2018-06-25 23:09:38 -07:00
.gitignore .gitignore: add asm/directbl.h 2018-06-18 11:38:47 -07:00
aclocal.m4 malloc: simplify nasm_malloc code, add nasm_strcatn() 2018-05-30 11:40:42 -07:00
AUTHORS Correct name spelling and email address 2015-01-18 20:21:14 +02:00
autogen.sh More autoconf modernizations; upgrade AC_PREREQ to 2.69 2017-11-08 10:22:10 -08:00
ChangeLog
CHANGES
configure.ac gcc: newer gcc trip on -Wstringop-truncation for valid uses of strncpy() 2018-06-02 23:47:57 -07:00
INSTALL
install-sh
LICENSE LICENSE: update year 2010-08-12 20:15:27 -07:00
Makefile.in Makefile.in: fix building RDOFF 2018-06-18 14:02:29 -07:00
nasm.spec.in build: Merge CPPFLAGS into ALL_CFLAGS 2017-07-06 01:36:06 +03:00
nasm.spec.sed nasm.spec: use a sed file to insert perl dependencies 2017-04-23 18:54:23 -07:00
nasm.txt Defer debug format search until after command line parsing 2016-03-07 23:20:00 -08:00
ndisasm.txt ndisasm: man -- Add missing -p option 2013-04-20 20:18:46 +04:00
README
SubmittingPatches Add SubmittingPatches file 2010-10-03 21:02:08 +04:00
TODO
version NASM 2.14rc14 2018-06-28 02:26:09 -07:00
version.pl Handle multiple standard macro sets sanely 2016-07-13 14:23:48 -07:00

              NASM, the Netwide Assembler.

Many many developers all over the net respect NASM for what it is
- a widespread (thus netwide), portable (thus netwide!), very
flexible and mature assembler tool with support for many output
formats (thus netwide!!).

Now we have good news for you: NASM is licensed under the "simplified"
(2-clause) BSD license.  This means its development is open to even
wider society of programmers wishing to improve their lovely
assembler.

The NASM project is now situated at SourceForge.net, the most
popular Open Source development site on the Internet.

Visit our website at http://nasm.sourceforge.net/ and our
SourceForge project at http://sourceforge.net/projects/nasm/

See the file CHANGES for the description of changes between revisions,
and the file AUTHORS for a list of contributors.

                                                   With best regards,
                                                           NASM crew.