parser: when flattening an eop, must preserve any data buffer

An eop may have a data buffer associated with it as part of the same memory allocation. Therefore, we need to move "subexpr" up instead of merging it into "eop". This *partially* resolves BR 3392707, but that test case still triggers a violation when using -gcv8. Reported-by: Suhwan <prada960808@gmail.com> Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
2025-04-03 13:53:37 +03:00 · 2025-02-28 21:27:42 +08:00 · 2025-02-28 21:27:42 +08:00 · 51fb2b9fa7
commit 51fb2b9fa7
parent c44bf60e04
1 changed files with 11 additions and 5 deletions
--- a/src/third_party/nasm/asm/parser.c
+++ b/src/third_party/nasm/asm/parser.c
@ -458,11 +458,17 @@ static int parse_eops(extop **result, bool critical, int elem)
                /* Subexpression is empty */
                eop->type = EOT_NOTHING;
            } else if (!subexpr->next) {
-                /* Subexpression is a single element, flatten */
-                eop->val   = subexpr->val;
-                eop->type  = subexpr->type;
-                eop->dup  *= subexpr->dup;
-                nasm_free(subexpr);
+                /*
+                 * Subexpression is a single element, flatten.
+                 * Note that if subexpr has an allocated buffer associated
+                 * with it, freeing it would free the buffer, too, so
+                 * we need to move subexpr up, not eop down.
+                 */
+                if (!subexpr->elem)
+                    subexpr->elem = eop->elem;
+                subexpr->dup *= eop->dup;
+                nasm_free(eop);
+                eop = subexpr;
            } else {
                eop->type = EOT_EXTOP;
            }