Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential Memory Leak in WritePDFImage in coders/pdf.c different from #576 #1454

Closed
3 tasks done
twelveand0 opened this issue Jan 17, 2019 · 2 comments
Closed
3 tasks done
Labels
Milestone

Comments

@twelveand0
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

Potential memory leak in function WritePDFImage in coders/pdf.c, which is similar to but different from #576.

Steps to Reproduce

xref is allocated at line L1362 or reallocated at line L1499.

1362: xref=(MagickOffsetType *) AcquireQuantumMemory(2048UL,sizeof(*xref));

1499:  xref=(MagickOffsetType *) ResizeQuantumMemory(xref,(size_t) count+2048UL,
        sizeof(*xref));

However, when the function returns with MagickFalse (such as L1902 and L1912), xref was neither passed outside to the caller function nor freed. I believe the two positions needs to free xref because xref is freed at the default case at L1931 while the 2 positions locates in another 2 cases of a switch statement. So memory leak can happen at line 1902 and 1912.

There are many similar positions including L1965, L2011, L2021, L2082, L2179, L2427, L2437, L2488, L2529, L2539, L2594, L2682 and L2894.

System Configuration

  • ImageMagick version: ImageMagick-4f0ea40e2a090e245f31d1f05247520d6e7eb4ca
  • Environment (Operating system, version and so on): Ubuntu 16.04 + VS Code
  • Additional information: code review

Credit to Bingchang Liu of VARAS of IIE

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jan 20, 2019
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jan 20, 2019
@dlemstra dlemstra added this to the 7.0.8-25 milestone Jan 20, 2019
@nohmask
Copy link

nohmask commented Feb 12, 2019

This was assigned CVE-2019-7397.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants