disasm: Fix buffer overread in ndisasm

https://nvd.nist.gov/vuln/detail/CVE-2018-10254 https://sourceforge.net/p/nasm/bugs/561/ Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
author: Cyrill Gorcunov <gorcunov@gmail.com> 2018-08-15 01:12:19 +0300
committer: Cyrill Gorcunov <gorcunov@gmail.com> 2018-08-16 01:20:01 +0300
commit: 55d09bbf6f7087339277b1e3b17c134b2afb2510 (patch)
tree: e5d1ff6088c1724f28c4af318479a9382167b457 /disasm/ndisasm.c
parent: b8d153eb4dee2ac22fc09cfba99dbae48c724b88 (diff)
download: nasm-55d09bbf6f7087339277b1e3b17c134b2afb2510.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/disasm/ndisasm.c b/disasm/ndisasm.c
index a4a217db..2d0cf153 100644
--- a/disasm/ndisasm.c
+++ b/disasm/ndisasm.c
@@ -316,9 +316,8 @@ int main(int argc, char **argv)
             nextsync = next_sync(offset, &synclen);
         }
         while (p > q && (p - q >= INSN_MAX || lenread == 0)) {
-            lendis =
-                disasm((uint8_t *) q, outbuf, sizeof(outbuf), bits,
-		       offset, autosync, &prefer);
+            lendis = disasm((uint8_t *)q, INSN_MAX, outbuf, sizeof(outbuf),
+			    bits, offset, autosync, &prefer);
             if (!lendis || lendis > (p - q)
                 || ((nextsync || synclen) &&
 		    (uint32_t)lendis > nextsync - offset))
author	Cyrill Gorcunov <gorcunov@gmail.com>	2018-08-15 01:12:19 +0300
committer	Cyrill Gorcunov <gorcunov@gmail.com>	2018-08-16 01:20:01 +0300
commit	55d09bbf6f7087339277b1e3b17c134b2afb2510 (patch)
tree	e5d1ff6088c1724f28c4af318479a9382167b457 /disasm/ndisasm.c
parent	b8d153eb4dee2ac22fc09cfba99dbae48c724b88 (diff)
download	nasm-55d09bbf6f7087339277b1e3b17c134b2afb2510.tar.gz