DASM 2.20.17 — Safety and Correctness Fixes
This is a maintenance release with no new features. It continues the code hardening work begun in 2.20.16 and 2.20.17, addressing a further set of correctness and safety issues found during deep static analysis and sanitiser testing.
Critical fixes
The most significant fix closes a heap buffer overflow that fired on every single run: permalloc(sizeof(ISEGNAME)) was allocating 4 or 8 bytes (the size of a pointer) instead of the 22 bytes needed to hold the initial segment name. This had been silently corrupting the heap since the code was first written.
Memory allocator consolidation
The old ckmalloc() and zmalloc() functions — duplicates of checked_malloc() and zero_malloc() from util.c, but with weaker error reporting and truncating int parameters — have been removed. All callers now use the util.c versions, which take size_t, assert on zero-byte requests, and produce diagnostics with file and line information on failure. permalloc() has also been updated from int to size_t.
Buffer overrun prevention
All sprintf() calls writing into fixed-size error message buffers in ops.c and symbols.c have been replaced with snprintf(). The buffers were 128 bytes while the operand strings they formatted could be up to MAXLINE (1024) bytes.
Expression evaluator
stackarg() and doop() in exp.c both wrote to their respective arrays before checking whether the index was in bounds. Reordered to check first and bail early, preventing potential out-of-bounds writes on pathological input.
Other fixes
v_hex: calling gethexdig() on a null byte when the HEX directive had an odd digit count now produces a proper error instead of a spurious "Bad Hex Digit" message
clearrefs(): loop variable widened from short to int
generate() and closegenerate(): added ferror() checks to detect silent write failures on the output file; three unchecked ftell() calls now bail with an error on failure
ftobin: input and output files now opened in binary mode (rb/wb), fixing data corruption on Windows
errors.c: replaced assert(strlen(message) > 0) with a runtime guard that survives release builds
test_errors.c: fixed an incompatible function pointer cast (undefined behaviour under the C standard)
F8 backend: overstated "BUG:" comments replaced with accurate notes reflecting what is actually known about the code