preproc: Fix out of range access in expand mmacro

On specially crafetd malformed input file the params might be zapped (say due to invalid syntax) so we might access out of bound having nil dereference in best case. Note the later code in this helper uses tok_isnt_ helper which already has similar check. https://bugzilla.nasm.us/show_bug.cgi?id=3392518 Reported-by: Jordan Zebor <j.zebor@f5.com> Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
author: Cyrill Gorcunov <gorcunov@gmail.com> 2018-10-13 19:41:01 +0300
committer: Cyrill Gorcunov <gorcunov@gmail.com> 2018-10-13 19:41:01 +0300
commit: 67f2ca2b3fb4e009ef3f7885e848b99e6a81ab29 (patch)
tree: 53f7f0491d2cf3186054f78934ec65e196b319b2
parent: a98a84b0d57d057ed7ec8eb401fd69407e709fca (diff)
download: nasm-67f2ca2b3fb4e009ef3f7885e848b99e6a81ab29.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/asm/preproc.c b/asm/preproc.c
index b6bed9d9..0ceb2434 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -3947,6 +3947,8 @@ static Token *expand_mmac_params_range(MMacro *mac, Token *tline, Token ***last)
      * only first token will be passed.
      */
     tm = mac->params[(fst + mac->rotate) % mac->nparam];
+    if (!tm)
+        goto err;
     head = new_Token(NULL, tm->type, tm->text, 0);
     tt = &head->next, tm = tm->next;
     while (tok_isnt_(tm, ",")) {
author	Cyrill Gorcunov <gorcunov@gmail.com>	2018-10-13 19:41:01 +0300
committer	Cyrill Gorcunov <gorcunov@gmail.com>	2018-10-13 19:41:01 +0300
commit	67f2ca2b3fb4e009ef3f7885e848b99e6a81ab29 (patch)
tree	53f7f0491d2cf3186054f78934ec65e196b319b2
parent	a98a84b0d57d057ed7ec8eb401fd69407e709fca (diff)
download	nasm-67f2ca2b3fb4e009ef3f7885e848b99e6a81ab29.tar.gz