A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
Created nasm tracking bugs for this issue: Affects: fedora-all [bug 1663909]
Setting devel cond NAK - waiting on upstream fix.
Similar valgrind output as compared to ASAN: ``` ==12467== Memcheck, a memory error detector ==12467== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==12467== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==12467== Command: nasm -f bin attachment.cgi?id=411689 -o xxx ==12467== ==12467== Conditional jump or move depends on uninitialised value(s) ==12467== at 0x42FD4E: tokenize (preproc.c:1006) ==12467== by 0x434189: pp_getline (preproc.c:4969) ==12467== by 0x4046E3: assemble_file.constprop.3 (nasm.c:1222) ==12467== by 0x402D02: main (nasm.c:463) ==12467== ==12467== Conditional jump or move depends on uninitialised value(s) ==12467== at 0x42FBA1: tokenize (preproc.c:900) ==12467== by 0x434189: pp_getline (preproc.c:4969) ==12467== by 0x4046E3: assemble_file.constprop.3 (nasm.c:1222) ==12467== by 0x402D02: main (nasm.c:463) ==12467== attachment.cgi?id=411689:15: error: label or instruction expected at start of line attachment.cgi?id=411689:16: error: attempt to define a local label before any non-local labels attachment.cgi?id=411689:18: error: parser: instruction expected attachment.cgi?id=411689:18: error: parser: instruction expected attachment.cgi?id=411689:18: error: label or instruction expected at start of line ==12467== Invalid read of size 4 ==12467== at 0x4346C5: pp_getline (preproc.c:4957) ==12467== by 0x4046E3: assemble_file.constprop.3 (nasm.c:1222) ==12467== by 0x402D02: main (nasm.c:463) ``` Looks valid.