From b8a07e1e731fa039520af642e216636b61c14352 Mon Sep 17 00:00:00 2001
From: Gabriel Barrantes <gabriel.barrantes.dev@outlook.com>
Date: Sat, 7 Jun 2025 15:50:33 -0600
Subject: [PATCH] Fix stack-buffer-overflow in parser.c

A stack-buffer-overflow occurred when a decorator (e.g., rounding or SAE)
was encountered without a preceding operand. This caused the operand index
to underflow, leading to invalid memory access.

Added a check to ensure `opnum > 0` before decrementing, preventing the
underflow and fixing the crash when parsing malformed decorators.

Fixes: #3392931

Signed-off-by: Gabriel Barrantes <gabriel.barrantes.dev@outlook.com>
---
 asm/parser.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/asm/parser.c b/asm/parser.c
index 80d8c050..aae47d0c 100644
--- a/asm/parser.c
+++ b/asm/parser.c
@@ -1175,6 +1175,11 @@ insn *parse_line(char *buffer, insn *result)
                  * put the decorator information in the (opflag_t) type field
                  * of previous operand.
                  */
+                if (opnum == 0) {
+                    nasm_nonfatal("decorator without an operand");
+                    goto fail;
+                }
+
                 opnum--; op--;
                 switch (value->value) {
                 case BRC_RN: