New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer report LeakSanitizer: detected memory leaks when executing convert command #3540
Comments
ImageMagick |
Thanks for the problem report. We can reproduce it and will have a patch to fix it in the GIT main branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://imagemagick.org/download/beta/ by sometime tomorrow. |
Can the ImageMagic team assign CVEs to the vulnerabilities we found? |
See our security policy. |
Thank you. This was assigned CVE-2021-3574. |
It has been verified that the vulnerability has been fixed in the latest version. |
@dlemstra I am trying to figure out how far back the vulnerability affects in terms of older versions. However, since the original proof of concept is no longer accessible (the link returns a 404), I could use some assistance in figuring this out. Looking at the IM6 code, the check that was moved in cd7f9fb was first introduced in 214d3c3. Is it correct to think about this issue as "the call to |
I also don't have the the referenced image on my local machine. I am not sure what you are asking but moving this check makes sure that we don't access channels in the image before make sure it's lower/equal to the maximum number of channels that are allowed? And maybe @NISL-SecurityGroup could add the POC file again? |
Sorry if I wasn't clear. Essentially, the fix (as shown in
c6ad94f and
cd7f9fb) involves moving this block of code:
```
if (samples_per_pixel > MaxPixelChannels)
{
TIFFClose(tiff);
ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
}
```
What I was trying to ask was whether in versions preceding the introduction
(214d3c3) of that particular block of code the
memory leak still exists. My instinct is that after tracing through the ASAN
report that there would still be memory leak. So, in an older version it would
not be so much about moving the aforementioned block of code (which would not
be present at all), but rather about introducing it in the correct location.
I agree that if @NISL-SecurityGroup could supply the file again that would be
most helpful. That would allow me to test my hypothesis empirically. However,
in the event that the file is not provided again, has my attempt at a
restatement of my question made it more clear? If it is more clear and you are
able to give some guidance, I could proceed based on that and if the POC file
is provided again later then I can use that to verify more completely.
|
I would prefer it we could wait on the file. I don't have the time to do a deep dive into this without the POC file. That is why I try to add those files to a reported issue when they have an external source but it seems that I forgot to do that here. |
That's totally understandable. I appreciate your willingness to help.
I also have a substantial backlog of issues to review and deal with for
the old version I am working with, so waiting on this won't hold up my
work in the short term.
|
Prerequisites
I have written a descriptive issue title
I have searched open and closed issues to ensure it has not already been reported
I have verified that I am using the latest version of ImageMagick
ImageMagick version
7.0.11-5
Operating system
Linux
Operating system, version and so on
Ubuntu 18.04, 64bit
Description
When we execute the convert command, asan reports the error LeakSanitizer: detected memory leaks.
Steps to Reproduce
Command
please run a following cmd with poc file. POC
$ magick convert $poc out.bmp
Result
Here's ASAN report:
Additional information:
The text was updated successfully, but these errors were encountered: