Skip to content

heap-buffer-overflow in MagickCore/statistic.c #1586

Closed
@SuhwanSong

Description

@SuhwanSong

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

There is a heap buffer overflow vulnerability in MagickCore/statistic.c:654:41 in .omp_outlined.debug_.10

Steps to Reproduce

run cmd:
magick "-black-point-compensation" "-interlace" "none" "(" "magick:rose" "-density" "302x531" ")" "(" "magick:granite" "+repage" ")" "-antialias" "-evaluate-sequence" "Log" ""

This is about heap-buffer-overflow log using ASAN.

==27479==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000018800 at pc 0x0000006205ab bp 0x7ffd7a503310 sp 0x7ffd7a503308
WRITE of size 8 at 0x629000018800 thread T0
    #0 0x6205aa in .omp_outlined._debug__.10 MagickCore/statistic.c:654:41
    #1 0x621c5e in .omp_outlined..11 MagickCore/statistic.c:618:7
    #2 0x7f79836bd452 in __kmp_invoke_microtask (/usr/lib/x86_64-linux-gnu/libomp.so.5+0x7c452)
    #3 0x7f79836771b6  (/usr/lib/x86_64-linux-gnu/libomp.so.5+0x361b6)
    #4 0x7f79836782b5 in __kmp_fork_call (/usr/lib/x86_64-linux-gnu/libomp.so.5+0x372b5)
    #5 0x7f798366b7be in __kmpc_fork_call (/usr/lib/x86_64-linux-gnu/libomp.so.5+0x2a7be)
    #6 0x61c9ca in EvaluateImages MagickCore/statistic.c:615:15
    #7 0x13fcdb9 in CLIListOperatorImages MagickWand/operation.c:4081:22
    #8 0x1406ec5 in CLIOption MagickWand/operation.c:5276:14
    #9 0x128a9db in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #10 0x128bcf2 in MagickImageCommand MagickWand/magick-cli.c:796:5
    #11 0x128e457 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #12 0x531745 in MagickMain utilities/magick.c:149:10
    #13 0x531091 in main utilities/magick.c:180:10
    #14 0x7f7983059b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #15 0x425819 in _start (install/bin/magick+0x425819)

0x629000018800 is located 0 bytes to the right of 17920-byte region [0x629000014200,0x629000018800)
allocated by thread T0 here:
    #0 0x4efb47 in __interceptor_malloc (install/bin/magick+0x4efb47)
    #1 0x5824e7 in AcquireMagickMemory MagickCore/memory.c:478:10
    #2 0x58254f in AcquireQuantumMemory MagickCore/memory.c:551:10
    #3 0x61cfee in AcquirePixelThreadSet MagickCore/statistic.c:175:33
    #4 0x61ba43 in EvaluateImages MagickCore/statistic.c:493:19
    #5 0x13fcdb9 in CLIListOperatorImages MagickWand/operation.c:4081:22
    #6 0x1406ec5 in CLIOption MagickWand/operation.c:5276:14
    #7 0x128a9db in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #8 0x128bcf2 in MagickImageCommand MagickWand/magick-cli.c:796:5
    #9 0x128e457 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #10 0x531745 in MagickMain utilities/magick.c:149:10
    #11 0x531091 in main utilities/magick.c:180:10
    #12 0x7f7983059b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/statistic.c:654:41 in .omp_outlined._debug__.10

System Configuration

  • ImageMagick version:
    Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10

  • Environment (Operating system, version and so on):
    Description: Ubuntu 18.04.1 LTS
    Release: 18.04
    Codename: bionic

  • Additional information: CC=clang-7 CXX=clang++-7

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions