diff options
author | Cyrill Gorcunov <gorcunov@gmail.com> | 2018-10-13 18:10:26 +0300 |
---|---|---|
committer | Cyrill Gorcunov <gorcunov@gmail.com> | 2018-10-13 18:10:30 +0300 |
commit | a28c40d54602429c2458a95a62b1fab5142ffb9e (patch) | |
tree | 187c85fcdcbeebc526f3cc80df90eb93d9189c7c | |
parent | 8e740c677345540985eba92462f44e4b272a7652 (diff) | |
download | nasm-a28c40d54602429c2458a95a62b1fab5142ffb9e.tar.gz |
parser: Fix sigsegv on certain equ instruction parsing
We should check for bounds when accessing nasm_reg_flags.
Seems this bug was for long time already.
https://bugzilla.nasm.us/show_bug.cgi?id=3392516
Reported-by: Jordan Zebor <j.zebor@f5.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
-rw-r--r-- | asm/parser.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/asm/parser.c b/asm/parser.c index 90e43372..297af262 100644 --- a/asm/parser.c +++ b/asm/parser.c @@ -1124,6 +1124,23 @@ is_expression: rs = 0; } + /* + * Make sure we're not out of nasm_reg_flags, still + * probably this should be fixed when we're defining + * the label. + * + * An easy trigger is + * + * e equ 0x80000000:0 + * pshufw word e-0 + * + */ + if (value->type < EXPR_REG_START || + value->type > EXPR_REG_END) { + nasm_error(ERR_NONFATAL, "invalid operand type"); + goto fail; + } + op->type &= TO; op->type |= REGISTER; op->type |= nasm_reg_flags[value->type]; |