Skip to content

Commit

Permalink
Fix CVE-2023-31722
Browse files Browse the repository at this point in the history 
paramlen has heap memory of length nparam+1. The value of variable i may be greater than nparam+1, causing heap memory overflow. Therefore,  i and nparam+1 needs to be determined in the loop.
fix:https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1
  • Loading branch information
@hongjinghao
hongjinghao authored and hongjinghao committed Sep 12, 2023
1 parent a916e41 commit 10ab9d2
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion asm/preproc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6817,7 +6817,7 @@ static int expand_mmacro(Token * tline)
*/
nasm_newn(paramlen, nparam+1);

for (i = 1; (t = params[i]); i++) {
for (i = 1; i < nparam+1 && (t = params[i]); i++) {
bool braced = false;
int brace = 0;
int white = 0;
Expand Down
4 changes: 3 additions & 1 deletion nasmlib/alloc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,10 @@ void *nasm_realloc(void *q, size_t size)

void nasm_free(void *q)
{
if (q)
if (q){
free(q);
q = NULL;
}
}

char *nasm_strdup(const char *s)
Expand Down

0 comments on commit 10ab9d2

Please sign in to comment.