From 10ab9d210455b29233733e742feb732492231c26 Mon Sep 17 00:00:00 2001
From: hongjinghao <hongjinghao@huawei.com>
Date: Tue, 5 Sep 2023 20:28:26 +0800
Subject: [PATCH] Fix CVE-2023-31722 paramlen has heap memory of length
 nparam+1. The value of variable i may be greater than nparam+1, causing heap
 memory overflow. Therefore,  i and nparam+1 needs to be determined in the
 loop. fix:https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1

---
 asm/preproc.c   | 2 +-
 nasmlib/alloc.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/asm/preproc.c b/asm/preproc.c
index ac42131e..9db58c5e 100644
--- a/asm/preproc.c
+++ b/asm/preproc.c
@@ -6817,7 +6817,7 @@ static int expand_mmacro(Token * tline)
      */
     nasm_newn(paramlen, nparam+1);
 
-    for (i = 1; (t = params[i]); i++) {
+    for (i = 1; i < nparam+1 && (t = params[i]); i++) {
         bool braced = false;
         int brace = 0;
         int white = 0;
diff --git a/nasmlib/alloc.c b/nasmlib/alloc.c
index e25e0e0a..df2e02b4 100644
--- a/nasmlib/alloc.c
+++ b/nasmlib/alloc.c
@@ -104,8 +104,10 @@ void *nasm_realloc(void *q, size_t size)
 
 void nasm_free(void *q)
 {
-    if (q)
+    if (q){
         free(q);
+	q = NULL;
+    }
 }
 
 char *nasm_strdup(const char *s)