Submit #623187: nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruptioninfo

Titlenasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption
Description# NASM Segmentation Fault Vulnerability in parse_smacro_template Function ## Vulnerability Summary A high-severity segmentation fault vulnerability has been discovered in the NASM (Netwide Assembler) preprocessor module. The vulnerability occurs in the `parse_smacro_template` function within `preproc.c` at line 3054, where the program attempts to dereference a null or invalid pointer, leading to program crash. ## Technical Details - **Vulnerability Type**: Segmentation Fault - **Affected Function**: `parse_smacro_template` - **Source File**: `preproc.c` - **Line Number**: 3054 - **Signal**: SIGSEGV (11) ## Vulnerability Mechanism and Root Cause This segmentation fault vulnerability is caused by a null pointer dereference or invalid memory access in the macro template parsing logic. The root issue lies in the `parse_smacro_template` function where insufficient validation of pointer values leads to an attempt to access memory at address 0x000000000001. The vulnerability occurs when: 1. The `parse_smacro_template` function processes malformed macro template definitions 2. Invalid radix specifiers or malformed parameter syntax causes the parsing logic to fail 3. A recursive call to `parse_smacro_template` at line 3025 further processes the corrupted state 4. Eventually, at line 3054, the program attempts to read memory from address 0x000000000001 5. This address points to the zero page, resulting in a segmentation fault The error messages prior to the crash indicate parsing issues with radix specifiers and UTF-32 encoding, suggesting the vulnerability is triggered by malformed macro parameter specifications. ## AddressSanitizer Report ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==25533==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x55ae944c647f bp 0x7fffb085f650 sp 0x7fffb085f540 T0) ==25533==The signal is caused by a READ memory access. ==25533==Hint: address points to the zero page. #0 0x55ae944c647f in parse_smacro_template /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:3054:46 #1 0x55ae944c5d18 in parse_smacro_template /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:3025:18 #2 0x55ae944b035d in do_directive /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:4880:18 #3 0x55ae9449e692 in pp_tokline /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:8069:13 #4 0x55ae9449e692 in pp_getline /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:8133:17 #5 0x55ae943f70b9 in assemble_file /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/nasm.c:1734:24 #6 0x55ae943f70b9 in main /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/nasm.c:716:9 #7 0x7f3d2c1c0d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #8 0x7f3d2c1c0e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #9 0x55ae943267b4 in _start (/workspace/benchmark/tmp/old-fuzzdir/fz-nasm/fz-nasm/nasm+0x1ed7b4) (BuildId: 2a14aa05a80be476) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/preproc.c:3054:46 in parse_smacro_template ``` ## Proof of Concept The vulnerability can be triggered by processing the malformed assembly file provided as `POC_nasm_segmentation_fault_parse_smacro_template_1`. This file contains specific macro template definitions with invalid radix specifiers that cause the segmentation fault condition. **POC Download**: [Google Drive Link - POC_nasm_segmentation_fault_parse_smacro_template_1](https://drive.google.com/file/d/10TSdMErFTBtLFIwfh_fia635cmtmFuei/view?usp=drive_link) ## Reproduction Steps 1. Compile NASM with AddressSanitizer enabled 2. Execute: `nasm -f dbg POC_nasm_segmentation_fault_parse_smacro_template_1` 3. The program will crash with a segmentation fault error ## Affected Versions NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) **Credit** - Xudong Cao (UCAS) - Yuqing Zhang (UCAS, Zhongguancun Laboratory)
Source⚠️ https://bugzilla.nasm.us/show_bug.cgi?id=3392936
User
 xdcao (UID 88377)
Submission07/26/2025 09:11 (9 months ago)
Moderation08/10/2025 17:57 (15 days later)
StatusAccepted
VulDB entry319378 [NASM Netwide Assember 2.17rc0 preproc.c parse_smacro_template null pointer dereference]
Points17

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!