New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

convert hang until 100% CPU 100% mem #1408

Closed
yanxdd opened this Issue Dec 6, 2018 · 5 comments

Comments

Projects
None yet
5 participants
@yanxdd
Copy link

yanxdd commented Dec 6, 2018

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

I found a problem that will cause the program hang, and the CPU and memory will be exhausted.
If limit memory, it will crash.

Steps to Reproduce

  1. Download and unzip POC1.zip
  2. Run magick convert POC1 /dev/null
  3. When I limit width and height, it's still hanged.
 <policy domain="resource" name="width" value="1KP"/>
 <policy domain="resource" name="height" value="1KP"/>
  1. When I limit memory use ulimit -Sv 200000, it crash quickly.
    Here is part of the information that ASan output:
        ......
        0xf4e00000-0xf4f00000
        0xf5000000-0xf5100000
        0xf519b000-0xf51b3000
        0xf51b3000-0xf51b4000   /usr/lib/locale/locale-archive
        0xf51b4000-0xf6397000
        0xf6397000-0xf6547000   /lib/i386-linux-gnu/libc-2.23.so
        0xf6547000-0xf6549000   /lib/i386-linux-gnu/libc-2.23.so
        0xf6549000-0xf654a000   /lib/i386-linux-gnu/libc-2.23.so
        0xf654a000-0xf654e000
        0xf654e000-0xf656a000   /lib/i386-linux-gnu/libgcc_s.so.1
        0xf656a000-0xf656b000   /lib/i386-linux-gnu/libgcc_s.so.1
        0xf656b000-0xf656e000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf656e000-0xf656f000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf656f000-0xf6570000   /lib/i386-linux-gnu/libdl-2.23.so
        0xf6570000-0xf6577000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6577000-0xf6578000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6578000-0xf6579000   /lib/i386-linux-gnu/librt-2.23.so
        0xf6579000-0xf6592000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6592000-0xf6593000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6593000-0xf6594000   /lib/i386-linux-gnu/libpthread-2.23.so
        0xf6594000-0xf6596000
        0xf6596000-0xf65e9000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65e9000-0xf65ea000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65ea000-0xf65eb000   /lib/i386-linux-gnu/libm-2.23.so
        0xf65eb000-0xf65ec000
        0xf65ec000-0xf660e000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf660e000-0xf660f000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf660f000-0xf6610000   /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
        0xf6610000-0xf6629000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf6629000-0xf662a000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf662a000-0xf662b000   /lib/i386-linux-gnu/libz.so.1.2.8
        0xf662b000-0xf6646000
        0xf6646000-0xf6c47000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c47000-0xf6c48000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c48000-0xf6c5c000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c5c000-0xf6c7e000   /usr/local/lib/libMagickWand-7.Q16HDRI.so.6.0.0
        0xf6c7e000-0xf7d8a000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7d8a000-0xf7e7a000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7e7a000-0xf7ee9000   /usr/local/lib/libMagickCore-7.Q16HDRI.so.6.0.0
        0xf7ee9000-0xf7eed000
        0xf7eed000-0xf7ef0000   [vvar]
        0xf7ef0000-0xf7ef2000   [vdso]
        0xf7ef2000-0xf7f15000   /lib/i386-linux-gnu/ld-2.23.so
        0xf7f15000-0xf7f16000   /lib/i386-linux-gnu/ld-2.23.so
        0xf7f16000-0xf7f17000   /lib/i386-linux-gnu/ld-2.23.so
        0xffd0c000-0xffd2d000   [stack]
==22437==End of process memory map.
==22437==AddressSanitizer CHECK failed:   sanitizer_common.cc:183 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
ERROR: Failed to mmap

System Configuration

  • ImageMagick version: ImageMagick 7.0.8-16 Q16 x86_64
  • Environment (Operating system, version and so on): Ubuntu 16.04.4 LTS
  • Additional information: git commit 38dd0db
@urban-warrior

This comment has been minimized.

Copy link
Contributor

urban-warrior commented Dec 8, 2018

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@yanxdd

This comment has been minimized.

Copy link

yanxdd commented Dec 9, 2018

Thanks for your reply. @urban-warrior

@dlemstra dlemstra added the bug label Dec 9, 2018

@dlemstra dlemstra added this to the 7.0.8-16 milestone Dec 9, 2018

@dlemstra dlemstra closed this Dec 15, 2018

@fgeek

This comment has been minimized.

Copy link

fgeek commented Dec 26, 2018

CVE-2018-20467 has been assigned for this vulnerability.

@bastien-roucaries

This comment has been minimized.

Copy link

bastien-roucaries commented Jan 6, 2019

Could we get the im6 commit ?

@urban-warrior

This comment has been minimized.

Copy link
Contributor

urban-warrior commented Jan 6, 2019

The IMv6 commit is ImageMagick/ImageMagick6@4dd53a3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment