Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory leak in Huffman2DEncodeImage #1542

Closed
3 tasks done
butterflyhack opened this issue Apr 11, 2019 · 2 comments
Closed
3 tasks done

memory leak in Huffman2DEncodeImage #1542

butterflyhack opened this issue Apr 11, 2019 · 2 comments
Labels
bug
Milestone
7.0.8-40

Comments

@butterflyhack
Copy link

butterflyhack commented Apr 11, 2019
edited

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

==85960==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x43f1f0 in AcquireMagickMemory MagickCore/memory.c:478
    #2 0x412eef in AcquireCriticalMemory MagickCore/memory-private.h:64
    #3 0x4153a9 in AcquireImageInfo MagickCore/image.c:349
    #4 0x418321 in CloneImageInfo MagickCore/image.c:944
    #5 0x64faad in Huffman2DEncodeImage coders/ps2.c:207
    #6 0x652046 in WritePS2Image coders/ps2.c:766
    #7 0x809316 in WriteImage MagickCore/constitute.c:1159
    #8 0x80a03b in WriteImages MagickCore/constitute.c:1376
    #9 0xb1573d in CompositeImageCommand MagickWand/composite.c:1676
    #10 0xc9d45d in MagickCommandGenesis MagickWand/mogrify.c:184
    #11 0x40e9e1 in MagickMain utilities/magick.c:149
    #12 0x40ebc2 in main utilities/magick.c:180
    #13 0x7ffff31f282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 13024 byte(s) leaked in 1 allocation(s).

Steps to Reproduce

/usr/local/bin/magick composite Memory-Leak-input1 Memory-Leak-input2 output.ps2

System Configuration

  • ImageMagick version:
    '7.0.8-40'
  • Environment (Operating system, version and so on):
    Linux ubuntu 4.15.0-42-generic Link to binary releases in README is dead #45~16.04.1-Ubuntu SMP Mon Nov 19 13:02:27 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • Additional information:
    ' ./configure CC="gcc" CXX="g++" CFLAGS="-g -fsanitize=address" -disable-shared'

testcase:
https://github.com/butterflyhack/pocs/blob/master/memory-leak-1.zip

credit: ADlab of venustech
urban-warrior pushed a commit that referenced this issue Apr 11, 2019
https://github.com/ImageMagick/ImageMagick/issues/1542
ba0e05e
urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Apr 11, 2019
https://github.com/ImageMagick/ImageMagick/issues/1542
448f301
@urban-warrior
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added this to the 7.0.8-40 milestone Apr 14, 2019
@dlemstra dlemstra added the bug label Apr 14, 2019
@abergmann
Copy link

CVE-2019-16711 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
7.0.8-40
Development

No branches or pull requests
4 participants
@abergmann @dlemstra @butterflyhack @urban-warrior