nasm.c: fix stack overrun in assemble_file
If [DEBUG id] has id longer then 80 symbols (well, 79 actually plus EOS) then stack will be just overwritten. Fix it with explicit check for identifier being too long. Based on an initial version by Cyrill Gorcunov <gorcunov@gmail.com>. Signed-off-by: H. Peter Anvin <hpa@zytor.com> Cc: Cyrill Gorcunov <gorcunov@gmail.com>
This commit is contained in:
parent
f903da144d
commit
8bec2c788f
1 changed files with 31 additions and 15 deletions
30
nasm.c
30
nasm.c
|
@ -1162,7 +1162,7 @@ static enum directives getkw(char **directive, char **value);
|
|||
|
||||
static void assemble_file(char *fname, StrList **depend_ptr)
|
||||
{
|
||||
char *directive, *value, *p, *q, *special, *line, debugid[80];
|
||||
char *directive, *value, *p, *q, *special, *line;
|
||||
insn output_ins;
|
||||
int i, validid;
|
||||
bool rn_error;
|
||||
|
@ -1395,27 +1395,43 @@ static void assemble_file(char *fname, StrList **depend_ptr)
|
|||
location.segment = NO_SEG;
|
||||
break;
|
||||
case D_DEBUG: /* [DEBUG] */
|
||||
{
|
||||
char debugid[128];
|
||||
bool badid, overlong;
|
||||
|
||||
p = value;
|
||||
q = debugid;
|
||||
validid = true;
|
||||
if (!isidstart(*p))
|
||||
validid = false;
|
||||
badid = overlong = false;
|
||||
if (!isidstart(*p)) {
|
||||
badid = true;
|
||||
} else {
|
||||
while (*p && !nasm_isspace(*p)) {
|
||||
if (q >= debugid + sizeof debugid - 1) {
|
||||
overlong = true;
|
||||
break;
|
||||
}
|
||||
if (!isidchar(*p))
|
||||
validid = false;
|
||||
badid = true;
|
||||
*q++ = *p++;
|
||||
}
|
||||
*q++ = 0;
|
||||
if (!validid) {
|
||||
*q = 0;
|
||||
}
|
||||
if (badid) {
|
||||
nasm_error(passn == 1 ? ERR_NONFATAL : ERR_PANIC,
|
||||
"identifier expected after DEBUG");
|
||||
break;
|
||||
}
|
||||
if (overlong) {
|
||||
nasm_error(passn == 1 ? ERR_NONFATAL : ERR_PANIC,
|
||||
"DEBUG identifier too long");
|
||||
break;
|
||||
}
|
||||
while (*p && nasm_isspace(*p))
|
||||
p++;
|
||||
if (pass0 == 2)
|
||||
dfmt->debug_directive(debugid, p);
|
||||
break;
|
||||
}
|
||||
case D_WARNING: /* [WARNING {+|-|*}warn-name] */
|
||||
while (*value && nasm_isspace(*value))
|
||||
value++;
|
||||
|
|
Loading…
Reference in a new issue