# ./magick identify ./poc
=================================================================
==32001==ERROR: AddressSanitizer: heap-use-after-free on address 0x627000022d50 at pc 0x7f2a4381ee54 bp 0x7fff0be4ade0 sp 0x7fff0be4add0
READ of size 8 at 0x627000022d50 thread T0
#0 0x7f2a4381ee53 in CloseBlob MagickCore/blob.c:605
#1 0x7f2a43cd4d87 in ReadMATImage coders/mat.c:1088
#2 0x7f2a438a67d7 in ReadImage MagickCore/constitute.c:500
#3 0x7f2a43b6b33e in ReadStream MagickCore/stream.c:1043
#4 0x7f2a438a57f5 in PingImage MagickCore/constitute.c:226
#5 0x7f2a438a5de8 in PingImages MagickCore/constitute.c:327
#6 0x7f2a4318d9fd in IdentifyImageCommand MagickWand/identify.c:319
#7 0x7f2a4321b71a in MagickCommandGenesis MagickWand/mogrify.c:183
#8 0x4017e1 in MagickMain utilities/magick.c:149
#9 0x4019c2 in main utilities/magick.c:180
#10 0x7f2a4298f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x4012f8 in _start (/home/zm/workspace/ImageMagick/utilities/.libs/lt-magick+0x4012f8)
0x627000022d50 is located 13392 bytes inside of 13504-byte region [0x62700001f900,0x627000022dc0)
freed by thread T0 here:
#0 0x7f2a444522ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
#1 0x7f2a43a58276 in RelinquishMagickMemory MagickCore/memory.c:1058
#2 0x7f2a43a1d9f2 in DestroyImage MagickCore/image.c:1221
#3 0x7f2a43a3e782 in DeleteImageFromList MagickCore/list.c:302
#4 0x7f2a43cd4cfd in ReadMATImage coders/mat.c:1084
#5 0x7f2a438a67d7 in ReadImage MagickCore/constitute.c:500
#6 0x7f2a43b6b33e in ReadStream MagickCore/stream.c:1043
#7 0x7f2a438a57f5 in PingImage MagickCore/constitute.c:226
#8 0x7f2a438a5de8 in PingImages MagickCore/constitute.c:327
#9 0x7f2a4318d9fd in IdentifyImageCommand MagickWand/identify.c:319
#10 0x7f2a4321b71a in MagickCommandGenesis MagickWand/mogrify.c:183
#11 0x4017e1 in MagickMain utilities/magick.c:149
#12 0x4019c2 in main utilities/magick.c:180
#13 0x7f2a4298f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x7f2a44452602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f2a43a57360 in AcquireMagickMemory MagickCore/memory.c:468
#2 0x7f2a43a15f90 in AcquireCriticalMemory MagickCore/memory-private.h:64
#3 0x7f2a43a16541 in AcquireImage MagickCore/image.c:171
#4 0x7f2a43cd3ebb in ReadMATImage coders/mat.c:895
#5 0x7f2a438a67d7 in ReadImage MagickCore/constitute.c:500
#6 0x7f2a43b6b33e in ReadStream MagickCore/stream.c:1043
#7 0x7f2a438a57f5 in PingImage MagickCore/constitute.c:226
#8 0x7f2a438a5de8 in PingImages MagickCore/constitute.c:327
#9 0x7f2a4318d9fd in IdentifyImageCommand MagickWand/identify.c:319
#10 0x7f2a4321b71a in MagickCommandGenesis MagickWand/mogrify.c:183
#11 0x4017e1 in MagickMain utilities/magick.c:149
#12 0x4019c2 in main utilities/magick.c:180
#13 0x7f2a4298f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/blob.c:605 CloseBlob
Shadow bytes around the buggy address:
0x0c4e7fffc550: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4e7fffc560: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4e7fffc570: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4e7fffc580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4e7fffc590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4e7fffc5a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c4e7fffc5b0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c4e7fffc5c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4e7fffc5d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4e7fffc5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4e7fffc5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==32001==ABORTING
Prerequisites
Description
Version: ImageMagick 7.0.7-36 Q16 x86_64 2018-05-29
Steps to Reproduce
POC
poc.zip
System Configuration
Found by: Wang Zongming
The text was updated successfully, but these errors were encountered: