Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer: Invalid read at xwd.c:573 #1553

Closed
HongxuChen opened this issue Apr 20, 2019 · 2 comments

Comments

@HongxuChen
Copy link

commented Apr 20, 2019

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

When reading on XWD files ImageMagick(112760b) may suffer from a crash caused by invalid memory read.

Steps to Reproduce

ASAN:DEADLYSIGNAL
=================================================================
==9749==ERROR: AddressSanitizer: SEGV on unknown address 0x6020060639d6 (pc 0x7f2e39bbca6a bp 0x7ffc674ae0d0 sp 0x7ffc674ad338 T0)
==9749==The signal is caused by a READ memory access.
    #0 0x7f2e39bbca69  (/usr/lib/x86_64-linux-gnu/libX11.so.6+0x27a69)
    #1 0x7f2e40f77c89 in ReadXWDImage /home/hongxu/work/imagemagick/ImageMagick-asan/coders/xwd.c:573:21
    #2 0x7f2e405308c9 in ReadImage /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:547:15
    #3 0x7f2e405342d4 in ReadImages /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:917:9
    #4 0x7f2e3fac69a4 in ConvertImageCommand /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/convert.c:644:18
    #5 0x7f2e3fcae021 in MagickCommandGenesis /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/mogrify.c:185:14
    #6 0x50c8a7 in MagickMain /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:149:10
    #7 0x50c301 in main /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:180:10
    #8 0x7f2e3891fb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #9 0x41ce19 in _start (/home/hongxu/work/imagemagick/ImageMagick-asan/install/bin/magick+0x41ce19)
  • Other information available here.

System Configuration

  • ImageMagick version: 7.0.8-41 Q16 x86_64 2019-04-20
  • Environment (Operating system, version and so on): Ubuntu 18.04 LTS x86_64
  • Additional information: This was firstly detected when fuzzing GraphicsMagick.
urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Apr 20, 2019
urban-warrior pushed a commit that referenced this issue Apr 20, 2019
Cristy
@urban-warrior

This comment has been minimized.

Copy link
Contributor

commented Apr 20, 2019

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Apr 20, 2019
@dlemstra dlemstra added this to the 7.0.8-41 milestone Apr 20, 2019
@dlemstra dlemstra closed this Apr 22, 2019
@nluedtke

This comment has been minimized.

Copy link

commented Aug 19, 2019

This was assigned CVE-2019-15139.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.