Closed
Description
Prerequisites
- [√ ] I have written a descriptive issue title
- [ √] I have verified that I am using the latest version of ImageMagick
- [ √] I have searched open and closed issues to ensure it has not already been reported
Description
I use the fuzz tool test the newest version of ImageMagick,and I found a crash that will cause the program hang(more than ten minutes),and the CPU and memory will be exhausted.Note that the poc only have 19 bytes.
Steps to Reproduce
Download the pod poc.zip
and just use magick convert poc out ,and the program will hang,the CPU and memory will be exhausted.
here is the information that ASan output:
==29950== ERROR: AddressSanitizer failed to allocate 0xa3b70000 (2746679296) bytes of LargeMmapAllocator: unable to allocate memory
==29950== Process memory map follows:
0x000000400000-0x000000403000 /home/mikowoo/ImageMagick/utilities/.libs/magick
0x000000602000-0x000000603000 /home/mikowoo/ImageMagick/utilities/.libs/magick
0x000000603000-0x000000604000 /home/mikowoo/ImageMagick/utilities/.libs/magick
0x00007fff7000-0x00008fff7000
0x00008fff7000-0x02008fff7000
0x02008fff7000-0x10007fff8000
0x600000000000-0x600400000000
0x600400000000-0x600400010000
0x600400010000-0x600600000000
0x600600000000-0x600600010000
0x600600010000-0x600800000000
0x600800000000-0x600800020000
0x600800020000-0x600c00000000
0x600c00000000-0x600c00010000
0x600c00010000-0x600e00000000
0x600e00000000-0x600e00010000
0x600e00010000-0x601000000000
0x601000000000-0x601000010000
0x601000010000-0x601400000000
0x601400000000-0x601400010000
0x601400010000-0x601600000000
0x601600000000-0x601600010000
0x601600010000-0x601800000000
0x601800000000-0x601800010000
0x601800010000-0x601c00000000
0x601c00000000-0x601c00010000
0x601c00010000-0x601e00000000
0x601e00000000-0x601e00010000
0x601e00010000-0x602000000000
0x602000000000-0x602000020000
0x602000020000-0x602200000000
0x602200000000-0x602200020000
0x602200020000-0x602400000000
0x602400000000-0x602400020000
0x602400020000-0x602600000000
0x602600000000-0x602600020000
0x602600020000-0x603000000000
0x603000000000-0x603000020000
0x603000020000-0x603400000000
0x603400000000-0x603400020000
0x603400020000-0x603600000000
0x603600000000-0x603600020000
0x603600020000-0x603a00000000
0x603a00000000-0x603a00020000
0x603a00020000-0x603e00000000
0x603e00000000-0x603e00020000
0x603e00020000-0x604200000000
0x604200000000-0x604200020000
0x604200020000-0x604c00000000
0x604c00000000-0x604c00020000
0x604c00020000-0x605200000000
0x605200000000-0x605200020000
0x605200020000-0x606200000000
0x606200000000-0x6062000e0000
0x6062000e0000-0x606400000000
0x606400000000-0x606400020000
0x606400020000-0x606600000000
0x606600000000-0x606600020000
0x606600020000-0x606800000000
0x606800000000-0x606800020000
0x606800020000-0x606a00000000
0x606a00000000-0x606a00020000
0x606a00020000-0x606c00000000
0x606c00000000-0x606c00050000
0x606c00050000-0x606e00000000
0x606e00000000-0x606e00050000
0x606e00050000-0x607000000000
0x607000000000-0x607000040000
0x607000040000-0x607200000000
0x607200000000-0x607200020000
0x607200020000-0x607400000000
0x607400000000-0x607400020000
0x607400020000-0x607a00000000
0x607a00000000-0x607a00040000
0x607a00040000-0x607c00000000
0x607c00000000-0x607c00020000
0x607c00020000-0x609200000000
0x609200000000-0x609200020000
0x609200020000-0x609c00000000
0x609c00000000-0x609c00030000
0x609c00030000-0x610000000000
0x610000000000-0x610000005000
0x7f65d21ba000-0x7f69a865a000
0x7f69a865a000-0x7f69a8ae5000 /usr/lib/locale/locale-archive
0x7f69a8ae5000-0x7f69a8aea000 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
0x7f69a8aea000-0x7f69a8ce9000 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
0x7f69a8ce9000-0x7f69a8cea000 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
0x7f69a8cea000-0x7f69a8ceb000 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
0x7f69a8ceb000-0x7f69a8ced000 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
0x7f69a8ced000-0x7f69a8eed000 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
0x7f69a8eed000-0x7f69a8eee000 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
0x7f69a8eee000-0x7f69a8eef000 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
0x7f69a8eef000-0x7f69a8ef3000 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
0x7f69a8ef3000-0x7f69a90f2000 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
0x7f69a90f2000-0x7f69a90f3000 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
0x7f69a90f3000-0x7f69a90f4000 /lib/x86_64-linux-gnu/libuuid.so.1.3.0
0x7f69a90f4000-0x7f69a9115000 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
0x7f69a9115000-0x7f69a9314000 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
0x7f69a9314000-0x7f69a9315000 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
0x7f69a9315000-0x7f69a9316000 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
0x7f69a9316000-0x7f69a932c000 /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
0x7f69a932c000-0x7f69a952b000 /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
0x7f69a952b000-0x7f69a952c000 /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
0x7f69a952c000-0x7f69a952d000 /usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
0x7f69a952d000-0x7f69a9530000
0x7f69a9530000-0x7f69a9537000 /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
0x7f69a9537000-0x7f69a9736000 /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
0x7f69a9736000-0x7f69a9737000 /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
0x7f69a9737000-0x7f69a9738000 /usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
0x7f69a9738000-0x7f69a979a000 /usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
0x7f69a979a000-0x7f69a999a000 /usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
0x7f69a999a000-0x7f69a999b000 /usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
0x7f69a999b000-0x7f69a99a0000 /usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
0x7f69a99a0000-0x7f69a99a1000
0x7f69a99a1000-0x7f69a99c0000 /usr/local/lib64/libgomp.so.1.0.0
0x7f69a99c0000-0x7f69a9bbf000 /usr/local/lib64/libgomp.so.1.0.0
0x7f69a9bbf000-0x7f69a9bc0000 /usr/local/lib64/libgomp.so.1.0.0
0x7f69a9bc0000-0x7f69a9cc8000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7f69a9cc8000-0x7f69a9ec7000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7f69a9ec7000-0x7f69a9ec8000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7f69a9ec8000-0x7f69a9ec9000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7f69a9ec9000-0x7f69a9ee2000 /lib/x86_64-linux-gnu/libz.so.1.2.8
0x7f69a9ee2000-0x7f69aa0e1000 /lib/x86_64-linux-gnu/libz.so.1.2.8
0x7f69aa0e1000-0x7f69aa0e2000 /lib/x86_64-linux-gnu/libz.so.1.2.8
0x7f69aa0e2000-0x7f69aa0e3000 /lib/x86_64-linux-gnu/libz.so.1.2.8
0x7f69aa0e3000-0x7f69aa104000 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
0x7f69aa104000-0x7f69aa303000 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
0x7f69aa303000-0x7f69aa304000 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
0x7f69aa304000-0x7f69aa305000 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
0x7f69aa305000-0x7f69aa43a000 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
0x7f69aa43a000-0x7f69aa63a000 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
0x7f69aa63a000-0x7f69aa63b000 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
0x7f69aa63b000-0x7f69aa63f000 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
0x7f69aa63f000-0x7f69aa742000 /usr/local/lib/libpng16.so.16.35.0
0x7f69aa742000-0x7f69aa941000 /usr/local/lib/libpng16.so.16.35.0
0x7f69aa941000-0x7f69aa942000 /usr/local/lib/libpng16.so.16.35.0
0x7f69aa942000-0x7f69aa999000 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
0x7f69aa999000-0x7f69aab99000 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
0x7f69aab99000-0x7f69aab9a000 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
0x7f69aab9a000-0x7f69aab9b000 /usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
0x7f69aab9b000-0x7f69aac0c000 /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
0x7f69aac0c000-0x7f69aae0b000 /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
0x7f69aae0b000-0x7f69aae0c000 /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
0x7f69aae0c000-0x7f69aae0f000 /usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
0x7f69aae0f000-0x7f69aae1a000 /usr/lib/x86_64-linux-gnu/libjbig.so.0
0x7f69aae1a000-0x7f69ab019000 /usr/lib/x86_64-linux-gnu/libjbig.so.0
0x7f69ab019000-0x7f69ab01a000 /usr/lib/x86_64-linux-gnu/libjbig.so.0
0x7f69ab01a000-0x7f69ab01d000 /usr/lib/x86_64-linux-gnu/libjbig.so.0
0x7f69ab01d000-0x7f69ab033000 /usr/local/lib64/libgcc_s.so.1
0x7f69ab033000-0x7f69ab232000 /usr/local/lib64/libgcc_s.so.1
0x7f69ab232000-0x7f69ab233000 /usr/local/lib64/libgcc_s.so.1
0x7f69ab233000-0x7f69ab236000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7f69ab236000-0x7f69ab435000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7f69ab435000-0x7f69ab436000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7f69ab436000-0x7f69ab437000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7f69ab437000-0x7f69ab5f7000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7f69ab5f7000-0x7f69ab7f7000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7f69ab7f7000-0x7f69ab7fb000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7f69ab7fb000-0x7f69ab7fd000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7f69ab7fd000-0x7f69ab801000
0x7f69ab801000-0x7f69ab819000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7f69ab819000-0x7f69aba18000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7f69aba18000-0x7f69aba19000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7f69aba19000-0x7f69aba1a000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7f69aba1a000-0x7f69aba1e000
0x7f69aba1e000-0x7f69abed8000 /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
0x7f69abed8000-0x7f69ac0d8000 /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
0x7f69ac0d8000-0x7f69ac110000 /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
0x7f69ac110000-0x7f69ac8df000 /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
0x7f69ac8df000-0x7f69acade000 /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
0x7f69acade000-0x7f69acb81000 /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
0x7f69acb81000-0x7f69acc39000 /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
0x7f69acc39000-0x7f69acc59000
0x7f69acc59000-0x7f69acc81000 /usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
0x7f69acc81000-0x7f69ace81000 /usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
0x7f69ace81000-0x7f69ace82000 /usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
0x7f69ace82000-0x7f69ace83000 /usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
0x7f69ace83000-0x7f69afbe8000
0x7f69afbe8000-0x7f69afc0e000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7f69afd77000-0x7f69afd7f000
0x7f69afd7f000-0x7f69afd86000 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
0x7f69afd86000-0x7f69afda7000 /usr/share/locale-langpack/zh_CN/LC_MESSAGES/libc.mo
0x7f69afda7000-0x7f69afdee000
0x7f69afdee000-0x7f69afe0d000
0x7f69afe0d000-0x7f69afe0e000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7f69afe0e000-0x7f69afe0f000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7f69afe0f000-0x7f69afe10000
0x7ffdc5b3b000-0x7ffdc5b5c000 [stack]
0x7ffdc5bea000-0x7ffdc5bed000 [vvar]
0x7ffdc5bed000-0x7ffdc5bef000 [vdso]
0xffffffffff600000-0xffffffffff601000 [vsyscall]
==29950== End of process memory map.
==29950== AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:70 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0x7f69acc6b10d (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1210d)
#1 0x7f69acc71ef3 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x18ef3)
#2 0x7f69acc74493 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1b493)
#3 0x7f69acc61e68 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x8e68)
#4 0x7f69acc6286f (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x986f)
#5 0x7f69acc6e51b (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1551b)
#6 0x7f69ac39bb8f (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x28bb8f)
#7 0x7f69ac39be3e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x28be3e)
#8 0x7f69ac3e6434 (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x2d6434)
#9 0x7f69ac3e65ca (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x2d65ca)
#10 0x7f69ac5ff1cd (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x4ef1cd)
#11 0x7f69ac27564e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x16564e)
#12 0x7f69ac27665e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x16665e)
#13 0x7f69abb339f0 (/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0+0x1159f0)
#14 0x7f69abcd7d05 (/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0+0x2b9d05)
#15 0x40163c (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x40163c)
#16 0x4017d1 (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x4017d1)
#17 0x7f69ab45782f (/lib/x86_64-linux-gnu/libc-2.23.so+0x2082f)
#18 0x401188 (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x401188)
System Configuration
Inter(R) Core(TM) i7-3770 CPU @ 3.40GHz
9.7G RAM
100G Disk
- ImageMagick version: 7.0.8-11 Q16 x86_64
- Environment (Operating system, version and so on): Linux 4.15.0-30-generic Segfault in ReadRLEImage (coders/rle.c:334) #32~16.04.1-Ubuntu SMP Thu Jul 26 20:25:39 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
- Additional information:
looking forward to hearing from you soon:)
Metadata
Metadata
Assignees
Labels
No labels