Skip to content

Commit ddd7011

Browse files
committed
fix filename_set_extension to always terminate the resulting string with null
Nasm produces heap buffer overload when invoked with the following command line: $ nasm 1.asm -fsanitize=address prints the following call stack: READ of size 1 at 0x5020000000b2 thread T0 #0 0x646bbff40d3d in quote_for_pmake asm/nasm.c:744 #1 0x646bbff3ffa3 in main asm/nasm.c:564 #2 0x76656662a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #3 0x76656662a28a in __libc_start_main_impl ../csu/libc-start.c:360 #4 0x646bbff3be84 in _start (nasm+0x34be84) The problem is caused by the fact that: * ofmt::extension for raw binary file is a empty string "", * when filename_set_extension is called with empty string as extension it produces a non-null-terminated string, * the result of filename_set_extension is passed to quote_for_pmake, which expects a null-terminated string. This commit fixes the bug by changing filename_set_extension so it always appends the null terminator to the resulting string. Signed-off-by: Ivan Sorokin <vanyacpp@gmail.com>
1 parent 22a9118 commit ddd7011

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

nasmlib/path.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -219,9 +219,11 @@ const char *filename_set_extension(const char *inname, const char *extension)
219219

220220
q = outname = nasm_malloc(baselen + elen + 1);
221221
q = mempcpy(q, inname, baselen);
222-
if (*extension)
222+
if (*extension) {
223223
*q++ = extsep;
224-
memcpy(q, extension+1, elen);
224+
memcpy(q, extension+1, elen);
225+
} else
226+
*q++ = '\0';
225227

226228
return outname;
227229
}

0 commit comments

Comments
 (0)