Skip to content

[ImageMagick-7.0.8-11]A hang in convert #1255

Closed
@merc1995

Description

@merc1995

Prerequisites

  • [√ ] I have written a descriptive issue title
  • [ √] I have verified that I am using the latest version of ImageMagick
  • [ √] I have searched open and closed issues to ensure it has not already been reported

Description

I use the fuzz tool test the newest version of ImageMagick,and I found a crash that will cause the program hang(more than ten minutes),and the CPU and memory will be exhausted.Note that the poc only have 19 bytes.

Steps to Reproduce

Download the pod poc.zip
and just use magick convert poc out ,and the program will hang,the CPU and memory will be exhausted.

here is the information that ASan output:

==29950== ERROR: AddressSanitizer failed to allocate 0xa3b70000 (2746679296) bytes of LargeMmapAllocator: unable to allocate memory
==29950== Process memory map follows:
	0x000000400000-0x000000403000	/home/mikowoo/ImageMagick/utilities/.libs/magick
	0x000000602000-0x000000603000	/home/mikowoo/ImageMagick/utilities/.libs/magick
	0x000000603000-0x000000604000	/home/mikowoo/ImageMagick/utilities/.libs/magick
	0x00007fff7000-0x00008fff7000
	0x00008fff7000-0x02008fff7000
	0x02008fff7000-0x10007fff8000
	0x600000000000-0x600400000000
	0x600400000000-0x600400010000
	0x600400010000-0x600600000000
	0x600600000000-0x600600010000
	0x600600010000-0x600800000000
	0x600800000000-0x600800020000
	0x600800020000-0x600c00000000
	0x600c00000000-0x600c00010000
	0x600c00010000-0x600e00000000
	0x600e00000000-0x600e00010000
	0x600e00010000-0x601000000000
	0x601000000000-0x601000010000
	0x601000010000-0x601400000000
	0x601400000000-0x601400010000
	0x601400010000-0x601600000000
	0x601600000000-0x601600010000
	0x601600010000-0x601800000000
	0x601800000000-0x601800010000
	0x601800010000-0x601c00000000
	0x601c00000000-0x601c00010000
	0x601c00010000-0x601e00000000
	0x601e00000000-0x601e00010000
	0x601e00010000-0x602000000000
	0x602000000000-0x602000020000
	0x602000020000-0x602200000000
	0x602200000000-0x602200020000
	0x602200020000-0x602400000000
	0x602400000000-0x602400020000
	0x602400020000-0x602600000000
	0x602600000000-0x602600020000
	0x602600020000-0x603000000000
	0x603000000000-0x603000020000
	0x603000020000-0x603400000000
	0x603400000000-0x603400020000
	0x603400020000-0x603600000000
	0x603600000000-0x603600020000
	0x603600020000-0x603a00000000
	0x603a00000000-0x603a00020000
	0x603a00020000-0x603e00000000
	0x603e00000000-0x603e00020000
	0x603e00020000-0x604200000000
	0x604200000000-0x604200020000
	0x604200020000-0x604c00000000
	0x604c00000000-0x604c00020000
	0x604c00020000-0x605200000000
	0x605200000000-0x605200020000
	0x605200020000-0x606200000000
	0x606200000000-0x6062000e0000
	0x6062000e0000-0x606400000000
	0x606400000000-0x606400020000
	0x606400020000-0x606600000000
	0x606600000000-0x606600020000
	0x606600020000-0x606800000000
	0x606800000000-0x606800020000
	0x606800020000-0x606a00000000
	0x606a00000000-0x606a00020000
	0x606a00020000-0x606c00000000
	0x606c00000000-0x606c00050000
	0x606c00050000-0x606e00000000
	0x606e00000000-0x606e00050000
	0x606e00050000-0x607000000000
	0x607000000000-0x607000040000
	0x607000040000-0x607200000000
	0x607200000000-0x607200020000
	0x607200020000-0x607400000000
	0x607400000000-0x607400020000
	0x607400020000-0x607a00000000
	0x607a00000000-0x607a00040000
	0x607a00040000-0x607c00000000
	0x607c00000000-0x607c00020000
	0x607c00020000-0x609200000000
	0x609200000000-0x609200020000
	0x609200020000-0x609c00000000
	0x609c00000000-0x609c00030000
	0x609c00030000-0x610000000000
	0x610000000000-0x610000005000
	0x7f65d21ba000-0x7f69a865a000
	0x7f69a865a000-0x7f69a8ae5000	/usr/lib/locale/locale-archive
	0x7f69a8ae5000-0x7f69a8aea000	/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
	0x7f69a8aea000-0x7f69a8ce9000	/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
	0x7f69a8ce9000-0x7f69a8cea000	/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
	0x7f69a8cea000-0x7f69a8ceb000	/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
	0x7f69a8ceb000-0x7f69a8ced000	/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
	0x7f69a8ced000-0x7f69a8eed000	/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
	0x7f69a8eed000-0x7f69a8eee000	/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
	0x7f69a8eee000-0x7f69a8eef000	/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
	0x7f69a8eef000-0x7f69a8ef3000	/lib/x86_64-linux-gnu/libuuid.so.1.3.0
	0x7f69a8ef3000-0x7f69a90f2000	/lib/x86_64-linux-gnu/libuuid.so.1.3.0
	0x7f69a90f2000-0x7f69a90f3000	/lib/x86_64-linux-gnu/libuuid.so.1.3.0
	0x7f69a90f3000-0x7f69a90f4000	/lib/x86_64-linux-gnu/libuuid.so.1.3.0
	0x7f69a90f4000-0x7f69a9115000	/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
	0x7f69a9115000-0x7f69a9314000	/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
	0x7f69a9314000-0x7f69a9315000	/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
	0x7f69a9315000-0x7f69a9316000	/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
	0x7f69a9316000-0x7f69a932c000	/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
	0x7f69a932c000-0x7f69a952b000	/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
	0x7f69a952b000-0x7f69a952c000	/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
	0x7f69a952c000-0x7f69a952d000	/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
	0x7f69a952d000-0x7f69a9530000
	0x7f69a9530000-0x7f69a9537000	/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
	0x7f69a9537000-0x7f69a9736000	/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
	0x7f69a9736000-0x7f69a9737000	/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
	0x7f69a9737000-0x7f69a9738000	/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
	0x7f69a9738000-0x7f69a979a000	/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
	0x7f69a979a000-0x7f69a999a000	/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
	0x7f69a999a000-0x7f69a999b000	/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
	0x7f69a999b000-0x7f69a99a0000	/usr/lib/x86_64-linux-gnu/libXt.so.6.0.0
	0x7f69a99a0000-0x7f69a99a1000
	0x7f69a99a1000-0x7f69a99c0000	/usr/local/lib64/libgomp.so.1.0.0
	0x7f69a99c0000-0x7f69a9bbf000	/usr/local/lib64/libgomp.so.1.0.0
	0x7f69a9bbf000-0x7f69a9bc0000	/usr/local/lib64/libgomp.so.1.0.0
	0x7f69a9bc0000-0x7f69a9cc8000	/lib/x86_64-linux-gnu/libm-2.23.so
	0x7f69a9cc8000-0x7f69a9ec7000	/lib/x86_64-linux-gnu/libm-2.23.so
	0x7f69a9ec7000-0x7f69a9ec8000	/lib/x86_64-linux-gnu/libm-2.23.so
	0x7f69a9ec8000-0x7f69a9ec9000	/lib/x86_64-linux-gnu/libm-2.23.so
	0x7f69a9ec9000-0x7f69a9ee2000	/lib/x86_64-linux-gnu/libz.so.1.2.8
	0x7f69a9ee2000-0x7f69aa0e1000	/lib/x86_64-linux-gnu/libz.so.1.2.8
	0x7f69aa0e1000-0x7f69aa0e2000	/lib/x86_64-linux-gnu/libz.so.1.2.8
	0x7f69aa0e2000-0x7f69aa0e3000	/lib/x86_64-linux-gnu/libz.so.1.2.8
	0x7f69aa0e3000-0x7f69aa104000	/lib/x86_64-linux-gnu/liblzma.so.5.0.0
	0x7f69aa104000-0x7f69aa303000	/lib/x86_64-linux-gnu/liblzma.so.5.0.0
	0x7f69aa303000-0x7f69aa304000	/lib/x86_64-linux-gnu/liblzma.so.5.0.0
	0x7f69aa304000-0x7f69aa305000	/lib/x86_64-linux-gnu/liblzma.so.5.0.0
	0x7f69aa305000-0x7f69aa43a000	/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
	0x7f69aa43a000-0x7f69aa63a000	/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
	0x7f69aa63a000-0x7f69aa63b000	/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
	0x7f69aa63b000-0x7f69aa63f000	/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
	0x7f69aa63f000-0x7f69aa742000	/usr/local/lib/libpng16.so.16.35.0
	0x7f69aa742000-0x7f69aa941000	/usr/local/lib/libpng16.so.16.35.0
	0x7f69aa941000-0x7f69aa942000	/usr/local/lib/libpng16.so.16.35.0
	0x7f69aa942000-0x7f69aa999000	/usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
	0x7f69aa999000-0x7f69aab99000	/usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
	0x7f69aab99000-0x7f69aab9a000	/usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
	0x7f69aab9a000-0x7f69aab9b000	/usr/lib/x86_64-linux-gnu/libjpeg.so.8.0.2
	0x7f69aab9b000-0x7f69aac0c000	/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
	0x7f69aac0c000-0x7f69aae0b000	/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
	0x7f69aae0b000-0x7f69aae0c000	/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
	0x7f69aae0c000-0x7f69aae0f000	/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.4
	0x7f69aae0f000-0x7f69aae1a000	/usr/lib/x86_64-linux-gnu/libjbig.so.0
	0x7f69aae1a000-0x7f69ab019000	/usr/lib/x86_64-linux-gnu/libjbig.so.0
	0x7f69ab019000-0x7f69ab01a000	/usr/lib/x86_64-linux-gnu/libjbig.so.0
	0x7f69ab01a000-0x7f69ab01d000	/usr/lib/x86_64-linux-gnu/libjbig.so.0
	0x7f69ab01d000-0x7f69ab033000	/usr/local/lib64/libgcc_s.so.1
	0x7f69ab033000-0x7f69ab232000	/usr/local/lib64/libgcc_s.so.1
	0x7f69ab232000-0x7f69ab233000	/usr/local/lib64/libgcc_s.so.1
	0x7f69ab233000-0x7f69ab236000	/lib/x86_64-linux-gnu/libdl-2.23.so
	0x7f69ab236000-0x7f69ab435000	/lib/x86_64-linux-gnu/libdl-2.23.so
	0x7f69ab435000-0x7f69ab436000	/lib/x86_64-linux-gnu/libdl-2.23.so
	0x7f69ab436000-0x7f69ab437000	/lib/x86_64-linux-gnu/libdl-2.23.so
	0x7f69ab437000-0x7f69ab5f7000	/lib/x86_64-linux-gnu/libc-2.23.so
	0x7f69ab5f7000-0x7f69ab7f7000	/lib/x86_64-linux-gnu/libc-2.23.so
	0x7f69ab7f7000-0x7f69ab7fb000	/lib/x86_64-linux-gnu/libc-2.23.so
	0x7f69ab7fb000-0x7f69ab7fd000	/lib/x86_64-linux-gnu/libc-2.23.so
	0x7f69ab7fd000-0x7f69ab801000
	0x7f69ab801000-0x7f69ab819000	/lib/x86_64-linux-gnu/libpthread-2.23.so
	0x7f69ab819000-0x7f69aba18000	/lib/x86_64-linux-gnu/libpthread-2.23.so
	0x7f69aba18000-0x7f69aba19000	/lib/x86_64-linux-gnu/libpthread-2.23.so
	0x7f69aba19000-0x7f69aba1a000	/lib/x86_64-linux-gnu/libpthread-2.23.so
	0x7f69aba1a000-0x7f69aba1e000
	0x7f69aba1e000-0x7f69abed8000	/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
	0x7f69abed8000-0x7f69ac0d8000	/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
	0x7f69ac0d8000-0x7f69ac110000	/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
	0x7f69ac110000-0x7f69ac8df000	/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
	0x7f69ac8df000-0x7f69acade000	/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
	0x7f69acade000-0x7f69acb81000	/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
	0x7f69acb81000-0x7f69acc39000	/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
	0x7f69acc39000-0x7f69acc59000
	0x7f69acc59000-0x7f69acc81000	/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
	0x7f69acc81000-0x7f69ace81000	/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
	0x7f69ace81000-0x7f69ace82000	/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
	0x7f69ace82000-0x7f69ace83000	/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0
	0x7f69ace83000-0x7f69afbe8000
	0x7f69afbe8000-0x7f69afc0e000	/lib/x86_64-linux-gnu/ld-2.23.so
	0x7f69afd77000-0x7f69afd7f000
	0x7f69afd7f000-0x7f69afd86000	/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
	0x7f69afd86000-0x7f69afda7000	/usr/share/locale-langpack/zh_CN/LC_MESSAGES/libc.mo
	0x7f69afda7000-0x7f69afdee000
	0x7f69afdee000-0x7f69afe0d000
	0x7f69afe0d000-0x7f69afe0e000	/lib/x86_64-linux-gnu/ld-2.23.so
	0x7f69afe0e000-0x7f69afe0f000	/lib/x86_64-linux-gnu/ld-2.23.so
	0x7f69afe0f000-0x7f69afe10000
	0x7ffdc5b3b000-0x7ffdc5b5c000	[stack]
	0x7ffdc5bea000-0x7ffdc5bed000	[vvar]
	0x7ffdc5bed000-0x7ffdc5bef000	[vdso]
	0xffffffffff600000-0xffffffffff601000	[vsyscall]
==29950== End of process memory map.
==29950== AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:70 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
    #0 0x7f69acc6b10d (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1210d)
    #1 0x7f69acc71ef3 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x18ef3)
    #2 0x7f69acc74493 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1b493)
    #3 0x7f69acc61e68 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x8e68)
    #4 0x7f69acc6286f (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x986f)
    #5 0x7f69acc6e51b (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1551b)
    #6 0x7f69ac39bb8f (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x28bb8f)
    #7 0x7f69ac39be3e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x28be3e)
    #8 0x7f69ac3e6434 (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x2d6434)
    #9 0x7f69ac3e65ca (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x2d65ca)
    #10 0x7f69ac5ff1cd (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x4ef1cd)
    #11 0x7f69ac27564e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x16564e)
    #12 0x7f69ac27665e (/usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0+0x16665e)
    #13 0x7f69abb339f0 (/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0+0x1159f0)
    #14 0x7f69abcd7d05 (/usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0+0x2b9d05)
    #15 0x40163c (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x40163c)
    #16 0x4017d1 (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x4017d1)
    #17 0x7f69ab45782f (/lib/x86_64-linux-gnu/libc-2.23.so+0x2082f)
    #18 0x401188 (/home/mikowoo/ImageMagick/utilities/.libs/magick+0x401188)

System Configuration

Inter(R) Core(TM) i7-3770 CPU @ 3.40GHz
9.7G RAM
100G Disk

  • ImageMagick version: 7.0.8-11 Q16 x86_64
  • Environment (Operating system, version and so on): Linux 4.15.0-30-generic Segfault in ReadRLEImage (coders/rle.c:334) #32~16.04.1-Ubuntu SMP Thu Jul 26 20:25:39 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • Additional information:
    looking forward to hearing from you soon:)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions