diff options
author | Cyrill Gorcunov <gorcunov@gmail.com> | 2016-06-19 12:15:24 +0300 |
---|---|---|
committer | Cyrill Gorcunov <gorcunov@gmail.com> | 2016-06-19 12:15:24 +0300 |
commit | bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2 (patch) | |
tree | 375a56c4a17a35965f8f16cdf469a1e65e61d628 | |
parent | 41d8a171952965f6a78b7e6a11cfeb9e3f5e43ad (diff) | |
download | nasm-bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2.tar.gz |
preproc: Fix accessing OOM address
In case if there is no environment variable present
we allocated empty string but when working with tokens
we test for second byte for special symbols, accessing
out of memory address (->text[1] for the reference).
http://bugzilla.nasm.us/show_bug.cgi?id=3392333
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
-rw-r--r-- | preproc.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -1269,9 +1269,13 @@ static char *detoken(Token * tlist, bool expand_locals) if (!p) { nasm_error(ERR_NONFATAL | ERR_PASS1, "nonexistent environment variable `%s'", v); - p = ""; - } - t->text = nasm_strdup(p); + /* + * FIXME We better should investigate if accessing + * ->text[1] without ->text[0] is safe enough. + */ + t->text = nasm_zalloc(2); + } else + t->text = nasm_strdup(p); } nasm_free(q); } |