Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: Invalid read at xwd.c:573 #1553

Closed
3 tasks done
hongxuchen opened this issue Apr 20, 2019 · 2 comments
Closed
3 tasks done

AddressSanitizer: Invalid read at xwd.c:573 #1553

hongxuchen opened this issue Apr 20, 2019 · 2 comments
Labels
bug
Milestone
7.0.8-41

Comments

@hongxuchen
Copy link

hongxuchen commented Apr 20, 2019
edited

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

When reading on XWD files ImageMagick(112760b) may suffer from a crash caused by invalid memory read.

Steps to Reproduce

ASAN:DEADLYSIGNAL
=================================================================
==9749==ERROR: AddressSanitizer: SEGV on unknown address 0x6020060639d6 (pc 0x7f2e39bbca6a bp 0x7ffc674ae0d0 sp 0x7ffc674ad338 T0)
==9749==The signal is caused by a READ memory access.
    #0 0x7f2e39bbca69  (/usr/lib/x86_64-linux-gnu/libX11.so.6+0x27a69)
    #1 0x7f2e40f77c89 in ReadXWDImage /home/hongxu/work/imagemagick/ImageMagick-asan/coders/xwd.c:573:21
    #2 0x7f2e405308c9 in ReadImage /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:547:15
    #3 0x7f2e405342d4 in ReadImages /home/hongxu/work/imagemagick/ImageMagick-asan/MagickCore/constitute.c:917:9
    #4 0x7f2e3fac69a4 in ConvertImageCommand /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/convert.c:644:18
    #5 0x7f2e3fcae021 in MagickCommandGenesis /home/hongxu/work/imagemagick/ImageMagick-asan/MagickWand/mogrify.c:185:14
    #6 0x50c8a7 in MagickMain /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:149:10
    #7 0x50c301 in main /home/hongxu/work/imagemagick/ImageMagick-asan/utilities/magick.c:180:10
    #8 0x7f2e3891fb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #9 0x41ce19 in _start (/home/hongxu/work/imagemagick/ImageMagick-asan/install/bin/magick+0x41ce19)
  • Other information available here.

System Configuration

  • ImageMagick version: 7.0.8-41 Q16 x86_64 2019-04-20
  • Environment (Operating system, version and so on): Ubuntu 18.04 LTS x86_64
  • Additional information: This was firstly detected when fuzzing GraphicsMagick.
urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Apr 20, 2019
https://github.com/ImageMagick/ImageMagick/issues/1553
6d46f0a
urban-warrior pushed a commit that referenced this issue Apr 20, 2019
https://github.com/ImageMagick/ImageMagick/issues/1553
c78993d
@urban-warrior
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Apr 20, 2019
@dlemstra dlemstra added this to the 7.0.8-41 milestone Apr 20, 2019
@nluedtke
Copy link

This was assigned CVE-2019-15139.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
7.0.8-41
Development

No branches or pull requests
4 participants
@hongxuchen @dlemstra @urban-warrior @nluedtke