preproc: Fix accessing OOM address

In case if there is no environment variable present we allocated empty string but when working with tokens we test for second byte for special symbols, accessing out of memory address (->text[1] for the reference). http://bugzilla.nasm.us/show_bug.cgi?id=3392333 Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
author: Cyrill Gorcunov <gorcunov@gmail.com> 2016-06-19 12:15:24 +0300
committer: Cyrill Gorcunov <gorcunov@gmail.com> 2016-06-19 12:15:24 +0300
commit: bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2 (patch)
tree: 375a56c4a17a35965f8f16cdf469a1e65e61d628
parent: 41d8a171952965f6a78b7e6a11cfeb9e3f5e43ad (diff)
download: nasm-bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/preproc.c b/preproc.c
index 8400773b..fdb9fc19 100644
--- a/preproc.c
+++ b/preproc.c
@@ -1269,9 +1269,13 @@ static char *detoken(Token * tlist, bool expand_locals)
                 if (!p) {
                     nasm_error(ERR_NONFATAL | ERR_PASS1,
                           "nonexistent environment variable `%s'", v);
-                    p = "";
-                }
-                t->text = nasm_strdup(p);
+                    /*
+                     * FIXME We better should investigate if accessing
+                     * ->text[1] without ->text[0] is safe enough.
+                     */
+                    t->text = nasm_zalloc(2);
+                } else
+                    t->text = nasm_strdup(p);
             }
             nasm_free(q);
         }
author	Cyrill Gorcunov <gorcunov@gmail.com>	2016-06-19 12:15:24 +0300
committer	Cyrill Gorcunov <gorcunov@gmail.com>	2016-06-19 12:15:24 +0300
commit	bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2 (patch)
tree	375a56c4a17a35965f8f16cdf469a1e65e61d628
parent	41d8a171952965f6a78b7e6a11cfeb9e3f5e43ad (diff)
download	nasm-bbb7a1aad9bc5e13ab5c2268bc318a94b796eed2.tar.gz