Skip to content

fix filename_set_extension to always terminate the resulting string with null #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sorokin wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix filename_set_extension to always terminate the resulting string with null #192

sorokin wants to merge 1 commit into from

Conversation

@sorokin
Copy link
Contributor

@sorokin sorokin commented Jan 8, 2026
edited
Loading

Nasm produces heap buffer overflow when invoked with the following command line:

    $ nasm 1.asm

-fsanitize=address prints the following call stack:

READ of size 1 at 0x5020000000b2 thread T0
    #0 0x646bbff40d3d in quote_for_pmake asm/nasm.c:744
    #1 0x646bbff3ffa3 in main asm/nasm.c:564
    #2 0x76656662a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #3 0x76656662a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #4 0x646bbff3be84 in _start (nasm+0x34be84)

The problem is caused by the fact that:

  • ofmt::extension for raw binary file is a empty string "",
  • when filename_set_extension is called with empty string as extension it produces a non-null-terminated string,
  • the result of filename_set_extension is passed to quote_for_pmake, which expects a null-terminated string.

This commit fixes the bug by changing filename_set_extension so it always appends the null terminator to the resulting string.

@sorokin
fix filename_set_extension to always terminate the resulting string w…
523f12d 
…ith null

Nasm produces heap buffer overflow when invoked with the following command line:

    $ nasm 1.asm

-fsanitize=address prints the following call stack:

READ of size 1 at 0x5020000000b2 thread T0
    #0 0x646bbff40d3d in quote_for_pmake asm/nasm.c:744
    netwide-assembler#1 0x646bbff3ffa3 in main asm/nasm.c:564
    netwide-assembler#2 0x76656662a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    netwide-assembler#3 0x76656662a28a in __libc_start_main_impl ../csu/libc-start.c:360
    netwide-assembler#4 0x646bbff3be84 in _start (nasm+0x34be84)

The problem is caused by the fact that:

* ofmt::extension for raw binary file is a empty string "",
* when filename_set_extension is called with empty string as extension
  it produces a non-null-terminated string,
* the result of filename_set_extension is passed to quote_for_pmake,
  which expects a null-terminated string.

This commit fixes the bug by changing filename_set_extension so
it always appends the null terminator to the resulting string.

Signed-off-by: Ivan Sorokin <[email protected]>
@sorokin sorokin force-pushed the fix-filename-set-extension branch from ddd7011 to 523f12d Compare January 8, 2026 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sorokin