A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
Created nasm tracking bugs for this issue: Affects: fedora-all [bug 1663909]
Setting devel cond NAK - waiting on upstream fix.
Red Hat Enterprise 6 and 7 are vulnerable. Valgrind output matches upstream's ASAN output relatively well: ``` poc:15: error: label or instruction expected at start of line poc:16: error: attempt to define a local label before any non-local labels poc:18: error: parser: instruction expected poc:18: error: parser: instruction expected poc:18: error: label or instruction expected at start of line ==12504== Invalid read of size 4 ==12504== at 0x4346C5: pp_getline (preproc.c:4957) ==12504== by 0x4046E3: assemble_file.constprop.3 (nasm.c:1222) ==12504== by 0x402D02: main (nasm.c:463) ```