Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

convert hang until 100% CPU 100% mem #1408

Closed
3 tasks done
yanxxd opened this issue Dec 6, 2018 · 5 comments
Closed
3 tasks done

convert hang until 100% CPU 100% mem #1408

yanxxd opened this issue Dec 6, 2018 · 5 comments
Labels
Milestone

Comments

@yanxxd
Copy link

yanxxd commented Dec 6, 2018

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

I found a problem that will cause the program hang, and the CPU and memory will be exhausted.
If limit memory, it will crash.

Steps to Reproduce

  1. Download and unzip POC1.zip
  2. Run magick convert POC1 /dev/null
  3. When I limit width and height, it's still hanged.
 <policy domain="resource" name="width" value="1KP"/>
 <policy domain="resource" name="height" value="1KP"/>
  1. When I limit memory use ulimit -Sv 200000, it crash quickly.
    Here is part of the information that ASan output:
        ......
        0xf4e00000-0xf4f00000
        0xf5000000-0xf5100000
        0xf519b000-0xf51b3000
        0xf51b3000-0xf51b4000   /usr/lib/locale/locale-archive
        0xf51b4000-0xf6397000
        0xf6397000-0xf6547000   /lib/i386-linux-gnu/libc-2.23.so
        0xf6547000-0xf6549000   /lib/i386-linux-gnu/libc-2.23.so
        0xf6549000-0xf654a000   /lib/i386-linux-gnu/libc-2.23.so
        0xf654a000-0xf654e000
        0xf654e000-0xf656a000   /lib/i386-linux-gnu/libgcc_s.so.1
        0xf656a000-0xf656b000   /lib/i386-linux-gnu/libgcc_s.so.1
        0xf656b000-0xf656e000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf656e000-0xf656f000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf656f000-0xf6570000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf6570000-0xf6577000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6577000-0xf6578000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6578000-0xf6579000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6579000-0xf6592000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6592000-0xf6593000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6593000-0xf6594000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6594000-0xf6596000
        0xf6596000-0xf65e9000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65e9000-0xf65ea000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65ea000-0xf65eb000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65eb000-0xf65ec000
        0xf65ec000-0xf660e000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf660e000-0xf660f000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf660f000-0xf6610000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf6610000-0xf6629000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf6629000-0xf662a000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf662a000-0xf662b000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf662b000-0xf6646000
        0xf6646000-0xf6c47000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c47000-0xf6c48000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c48000-0xf6c5c000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c5c000-0xf6c7e000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c7e000-0xf7d8a000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7d8a000-0xf7e7a000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7e7a000-0xf7ee9000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7ee9000-0xf7eed000
        0xf7eed000-0xf7ef0000   [vvar]
        0xf7ef0000-0xf7ef2000   [vdso]
        0xf7ef2000-0xf7f15000   /lib/i386-linux-gnu/ld-2.23.so
        0xf7f15000-0xf7f16000   /lib/i386-linux-gnu/ld-2.23.so
        0xf7f16000-0xf7f17000   /lib/i386-linux-gnu/ld-2.23.so
        0xffd0c000-0xffd2d000   [stack]
==22437==End of process memory map.
==22437==AddressSanitizer CHECK failed:   sanitizer_common.cc:183 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
ERROR: Failed to mmap

System Configuration

  • ImageMagick version: ImageMagick 7.0.8-16 Q16 x86_64
  • Environment (Operating system, version and so on): Ubuntu 16.04.4 LTS
  • Additional information: git commit 38dd0db
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@yanxxd
Copy link
Author

yanxxd commented Dec 9, 2018

Thanks for your reply. @urban-warrior

@dlemstra dlemstra added the bug label Dec 9, 2018
@dlemstra dlemstra added this to the 7.0.8-16 milestone Dec 9, 2018
@fgeek
Copy link

fgeek commented Dec 26, 2018

CVE-2018-20467 has been assigned for this vulnerability.

@bastien-roucaries
Copy link

Could we get the im6 commit ?

@urban-warrior
Copy link
Contributor

The IMv6 commit is ImageMagick/ImageMagick6@4dd53a3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants