Closed
Description
Prerequisites
- I have written a descriptive issue title
- I have verified that I am using the latest version of ImageMagick
- I have searched open and closed issues to ensure it has not already been reported
Description
When reading on XWD files ImageMagick(112760b) may suffer from a crash caused by invalid memory read.
Steps to Reproduce
- run
identity -verbose $FILEorconvert $FILE /dev/null. - POCs:
https://github.com/ntu-sec/pocs/raw/master/imagemagick/112760b26/crashes/read_xwd.c:573_1.xwd
https://github.com/ntu-sec/pocs/raw/master/imagemagick/112760b26/crashes/read_xwd.c:573_2.xwd - A report from an AddressSanitizer copmiled ImageMagick is like this:
ASAN:DEADLYSIGNAL
=================================================================
==9749==ERROR: AddressSanitizer: SEGV on unknown address 0x6020060639d6 (pc 0x7f2e39bbca6a bp 0x7ffc674ae0d0 sp 0x7ffc674ad338 T0)
==9749==The signal is caused by a READ memory access.
#0 0x7f2e39bbca69 (/usr/lib/x86_64-linux-gnu/libX11.so.6+0x27a69)
#1 0x7f2e40f77c89 in ReadXWDImage /home/hongxu/work/imagemagick/ImageMagick-asan/coders/xwd.c:573:21
#2 0x7f2e405308c9 in ReadImage /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:547:15
#3 0x7f2e405342d4 in ReadImages /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:917:9
#4 0x7f2e3fac69a4 in ConvertImageCommand /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/convert.c:644:18
#5 0x7f2e3fcae021 in MagickCommandGenesis /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/mogrify.c:185:14
#6 0x50c8a7 in MagickMain /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:149:10
#7 0x50c301 in main /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:180:10
#8 0x7f2e3891fb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41ce19 in _start (/home/hongxu/work/imagemagick/ImageMagick-asan/install/bin/magick+0x41ce19)
- Other information available here.
System Configuration
- ImageMagick version: 7.0.8-41 Q16 x86_64 2019-04-20
- Environment (Operating system, version and so on): Ubuntu 18.04 LTS x86_64
- Additional information: This was firstly detected when fuzzing GraphicsMagick.