Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzed Crashes #43

Open
jacobly0 opened this issue Mar 25, 2017 · 1 comment
Open

Fuzzed Crashes #43

jacobly0 opened this issue Mar 25, 2017 · 1 comment

Comments

@jacobly0
Copy link
Collaborator

These inputs all cause spasm to segfault:

.echo >0

#macro >

a#macro a

b(

#define a a
 a

w("r(")
r(

.addinstr 0 0 0000000000000000000000000000

Note that the last one only crashes sometimes in hardened mode and occasionally corrupts malloc otherwise.
alberthdev added a commit that referenced this issue Mar 25, 2017
@alberthdev
Fix '.echo >0' crash in first pass
f87fbb9 
When run_first_pass_line / run_first_pass_line_sec changes the ptr
to NULL, run_first_pass does not check for this and attempts to
dereference the NULL ptr, causing a crash. Adding a NULL check and
breaking out of the loops fixes this!

Fixes one of the fuzzed lines in #43.
alberthdev added a commit that referenced this issue Mar 26, 2017
@alberthdev
Fix malformed addinstr crash (ref: #43)
1ce2e32 
instr->instr_size was not being checked, and as a result an
abnormally long .addinstr would result in the following for loop
modifying instr->args, and possibly other parts of the memory.

This was fixed by checking to make sure that instr->instr_size
was 8 or below, and if not, failing.

As a result of a addinstr being possibly invalid, errors.h was
updated to reflect a possibly invalid addinstr.
@alberthdev
Copy link
Owner

alberthdev commented Mar 26, 2017
edited by jacobly0
Loading

Updating this as I take a stab at each:

  • .echo >0
  • #macro >
  • a#macro a
  • b(
  • #define a a
    a
  • w("r(")
    r(
  • .addinstr 0 0 0000000000000000000000000000

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alberthdev @jacobly0