New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

convert hang until 100% CPU 100% mem #1408

yanxdd opened this Issue Dec 6, 2018 · 5 comments


None yet
5 participants
Copy link

yanxdd commented Dec 6, 2018


  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported


I found a problem that will cause the program hang, and the CPU and memory will be exhausted.
If limit memory, it will crash.

Steps to Reproduce

  1. Download and unzip
  2. Run magick convert POC1 /dev/null
  3. When I limit width and height, it's still hanged.
 <policy domain="resource" name="width" value="1KP"/>
 <policy domain="resource" name="height" value="1KP"/>
  1. When I limit memory use ulimit -Sv 200000, it crash quickly.
    Here is part of the information that ASan output:
        0xf51b3000-0xf51b4000   /usr/lib/locale/locale-archive
        0xf6397000-0xf6547000   /lib/i386-linux-gnu/
        0xf6547000-0xf6549000   /lib/i386-linux-gnu/
        0xf6549000-0xf654a000   /lib/i386-linux-gnu/
        0xf654e000-0xf656a000   /lib/i386-linux-gnu/
        0xf656a000-0xf656b000   /lib/i386-linux-gnu/
        0xf656b000-0xf656e000   /lib/i386-linux-gnu/
        0xf656e000-0xf656f000   /lib/i386-linux-gnu/
        0xf656f000-0xf6570000   /lib/i386-linux-gnu/
        0xf6570000-0xf6577000   /lib/i386-linux-gnu/
        0xf6577000-0xf6578000   /lib/i386-linux-gnu/
        0xf6578000-0xf6579000   /lib/i386-linux-gnu/
        0xf6579000-0xf6592000   /lib/i386-linux-gnu/
        0xf6592000-0xf6593000   /lib/i386-linux-gnu/
        0xf6593000-0xf6594000   /lib/i386-linux-gnu/
        0xf6596000-0xf65e9000   /lib/i386-linux-gnu/
        0xf65e9000-0xf65ea000   /lib/i386-linux-gnu/
        0xf65ea000-0xf65eb000   /lib/i386-linux-gnu/
        0xf65ec000-0xf660e000   /usr/lib/i386-linux-gnu/
        0xf660e000-0xf660f000   /usr/lib/i386-linux-gnu/
        0xf660f000-0xf6610000   /usr/lib/i386-linux-gnu/
        0xf6610000-0xf6629000   /lib/i386-linux-gnu/
        0xf6629000-0xf662a000   /lib/i386-linux-gnu/
        0xf662a000-0xf662b000   /lib/i386-linux-gnu/
        0xf6646000-0xf6c47000   /usr/local/lib/
        0xf6c47000-0xf6c48000   /usr/local/lib/
        0xf6c48000-0xf6c5c000   /usr/local/lib/
        0xf6c5c000-0xf6c7e000   /usr/local/lib/
        0xf6c7e000-0xf7d8a000   /usr/local/lib/
        0xf7d8a000-0xf7e7a000   /usr/local/lib/
        0xf7e7a000-0xf7ee9000   /usr/local/lib/
        0xf7eed000-0xf7ef0000   [vvar]
        0xf7ef0000-0xf7ef2000   [vdso]
        0xf7ef2000-0xf7f15000   /lib/i386-linux-gnu/
        0xf7f15000-0xf7f16000   /lib/i386-linux-gnu/
        0xf7f16000-0xf7f17000   /lib/i386-linux-gnu/
        0xffd0c000-0xffd2d000   [stack]
==22437==End of process memory map.
==22437==AddressSanitizer CHECK failed: "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
ERROR: Failed to mmap

System Configuration

  • ImageMagick version: ImageMagick 7.0.8-16 Q16 x86_64
  • Environment (Operating system, version and so on): Ubuntu 16.04.4 LTS
  • Additional information: git commit 38dd0db

This comment has been minimized.

Copy link

urban-warrior commented Dec 8, 2018

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ later today. The patch will be available in the beta releases of ImageMagick @ by sometime tomorrow.


This comment has been minimized.

Copy link

yanxdd commented Dec 9, 2018

Thanks for your reply. @urban-warrior

@dlemstra dlemstra added the bug label Dec 9, 2018

@dlemstra dlemstra added this to the 7.0.8-16 milestone Dec 9, 2018

@dlemstra dlemstra closed this Dec 15, 2018


This comment has been minimized.

Copy link

fgeek commented Dec 26, 2018

CVE-2018-20467 has been assigned for this vulnerability.


This comment has been minimized.

Copy link

bastien-roucaries commented Jan 6, 2019

Could we get the im6 commit ?


This comment has been minimized.

Copy link

urban-warrior commented Jan 6, 2019

The IMv6 commit is ImageMagick/ImageMagick6@4dd53a3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment