Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

coders/mpc.c colormap potential memory-leak bug #1192

Closed
3 tasks done
fisher2020 opened this issue Jul 4, 2018 · 4 comments
Closed
3 tasks done

coders/mpc.c colormap potential memory-leak bug #1192

fisher2020 opened this issue Jul 4, 2018 · 4 comments
Labels

Comments

@fisher2020
Copy link

fisher2020 commented Jul 4, 2018

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

a potential memory leak bug locates in coders/miff.c

Steps to Reproduce

the bug locates in
https://github.com/ImageMagick/ImageMagick/blob/master/coders/mpc.c#L1460
the code frament is as follows: the code locates in a if block,and we allocate colormap memory in the if block, we freed it in normal branch,but forgot free it in exception branch

colormap=(unsigned char *) AcquireQuantumMemory(image->colors,
          packet_size*sizeof(*colormap));
        if (colormap == (unsigned char *) NULL)
          return(MagickFalse);
        /*
          Write colormap to file.
        */
        q=colormap;
        for (i=0; i < (ssize_t) image->colors; i++)
        {
          switch (depth)
          {
            default:
              ThrowWriterException(CorruptImageError,"ImageDepthNotSupported");
            case 32:
            {
              unsigned int
                pixel;

credit: www.vackbot.com ( 墨云科技)

System Configuration

@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@nohmask
Copy link

nohmask commented Jul 20, 2018

This was assigned CVE-2018-14434.

@bastien-roucaries
Copy link

I suppose it was fixed in v6 ?

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jul 30, 2018
@urban-warrior
Copy link
Contributor

Thanks for alerting us. The patch has now been exported to IMv6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants