Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory leaks in PingImage #1558

Closed
3 tasks done
butterflyhack opened this issue Apr 28, 2019 · 2 comments
Closed
3 tasks done

memory leaks in PingImage #1558

butterflyhack opened this issue Apr 28, 2019 · 2 comments
Labels
bug
Milestone
7.0.8-43

Comments

@butterflyhack
Copy link

butterflyhack commented Apr 28, 2019
edited

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

==104405==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13504 byte(s) in 1 object(s) allocated from:
    #0 0x7ff36e5f7602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x43f2a5 in AcquireMagickMemory MagickCore/memory.c:478
    #2 0x412eef in AcquireCriticalMemory MagickCore/memory-private.h:64
    #3 0x413262 in AcquireImage MagickCore/image.c:172
    #4 0x580742 in ReadDOTImage coders/dot.c:129
    #5 0x806aa6 in ReadImage MagickCore/constitute.c:547
    #6 0x4b69f6 in ReadStream MagickCore/stream.c:1043
    #7 0x805b31 in PingImage MagickCore/constitute.c:269
    #8 0x8060fd in PingImages MagickCore/constitute.c:370
    #9 0xc1b2a7 in IdentifyImageCommand MagickWand/identify.c:319
    #10 0xc9fbca in MagickCommandGenesis MagickWand/mogrify.c:185
    #11 0x40e9e1 in MagickMain utilities/magick.c:149
    #12 0x40ebc2 in main utilities/magick.c:180
    #13 0x7ff36a8e782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Steps to Reproduce

run cmd:

/usr/local/bin/magick identify $inupt

System Configuration

  • ImageMagick version:
    7.0.8-43
  • Environment (Operating system, version and so on):
    Linux ubuntu 4.15.0-47-generic (IM7) Fixed TR/TD placement in MVG docs #50~16.04.1-Ubuntu SMP Fri Mar 15 16:06:21 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
  • Additional information:
    ./configure CC="gcc" CXX="g++" CFLAGS="-g -fsanitize=address" -disable-shared

testcase:
https://github.com/butterflyhack/pocs/blob/master/memory-leaks-identify-PingImage.zip

report by ADlab of Venustech
dlemstra added a commit that referenced this issue Apr 28, 2019
@dlemstra
Fixed memory leak reported in #1558 and fixed other leak.
f050a9b
@dlemstra dlemstra added the bug label Apr 28, 2019
@dlemstra dlemstra added this to the 7.0.8-43 milestone Apr 28, 2019
@dlemstra
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@SuhwanSong SuhwanSong mentioned this issue Jun 11, 2019
Closed
3 tasks
@abergmann
Copy link

CVE-2019-16713 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
7.0.8-43
Development

No branches or pull requests
4 participants
@abergmann @dlemstra @butterflyhack @urban-warrior