File memory_fixes.patch of Package nasm.5265

Author: Adam Majer <amajer@suse.de>
Date: Tue Jul 25 13:03:57 CEST 2017
Summary: Fix use after free and buffer overflow
BSC: 1047925 1047936

Submitted upstream in linked bug reports.

https://bugzilla.nasm.us/show_bug.cgi?id=3392414
https://bugzilla.nasm.us/show_bug.cgi?id=3392415

Index: nasm-2.10.09/preproc.c
===================================================================
--- nasm-2.10.09.orig/preproc.c
+++ nasm-2.10.09/preproc.c
@@ -1269,8 +1269,8 @@ static char *detoken(Token * tlist, bool
 		    p = "";
 		}
 		t->text = nasm_strdup(p);
+	        nasm_free(q);
 	    }
-	    nasm_free(q);
         }
 
         /* Expand local macros here and not during preprocessing */
@@ -3714,9 +3714,15 @@ static bool paste_tokens(Token **head, c
                 len += strlen(tok->text);
                 p = buf = nasm_malloc(len + 1);
 
+                strcpy(p, tok->text);
+                p = strchr(p, '\0');
+                tok = delete_Token(tok);
+
                 while (tok != next) {
-                    strcpy(p, tok->text);
-                    p = strchr(p, '\0');
+                    if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) {
+                        strcpy(p, tok->text);
+                        p = strchr(p, '\0');
+                    }
                     tok = delete_Token(tok);
                 }
 
@@ -4961,8 +4967,9 @@ static char *pp_getline(void)
                             nasm_free(m->paramlen);
                             l->finishes->in_progress = 0;
                         }
-                    } else
-                        free_mmacro(m);
+                    } else {
+                        // free_mmacro(m);
+                    }
                 }
                 istk->expansion = l->next;
                 nasm_free(l);
openSUSE Build Service is sponsored by