NULL Pointer Dereference in yasm_section_bcs_append at section.c:634

[TimChan2001]

Hi, we found a null pointer dereference bug in the latest version of yasm.

ASAN

==55571==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x000000577e9b bp 0x7fffe279e490 sp 0x7fffe279e290 T0)
==55571==The signal is caused by a READ memory access.
==55571==Hint: address points to the zero page.
    #0 0x577e9b in yasm_section_bcs_append /root/yasm/libyasm/section.c:634:13
    #1 0x5c3aa0 in nasm_parser_parse /root/yasm/modules/parsers/nasm/nasm-parse.c:264:23
    #2 0x5c15fa in nasm_do_parse /root/yasm/modules/parsers/nasm/nasm-parser.c:66:5
    #3 0x5c15fa in nasm_parser_do_parse /root/yasm/modules/parsers/nasm/nasm-parser.c:83:5
    #4 0x4f3239 in do_assemble /root/yasm/frontends/yasm/yasm.c:641:5
    #5 0x4f3239 in main /root/yasm/frontends/yasm/yasm.c:877:12
    #6 0x7f48dfb49c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #7 0x41ba39 in _start (/root/yasm/yasm+0x41ba39)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/yasm/libyasm/section.c:634:13 in yasm_section_bcs_append
==55571==ABORTING

Version

# git log
commit 9defefae9fbcb6958cddbfa778c1ea8605da8b8b (HEAD -> master, origin/master, origin/HEAD)
Author: dataisland <dataisland@outlook.com>
Date:   Fri Sep 22 00:21:20 2023 -0500

    Fix null-pointer-dereference in yasm_expr_get_intnum (#244)

How to reproduce

Build yasm with ASAN, then run

./yasm $POC

The POC can be found here. POC
We ran it on a 64-bit Ubuntu 18.04.

[carnil]

CVE-2024-22653 appears to have been assigned for this issue.