Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

heap-buffer-overflow at MagickCore/threshold.c:323:33 in AdaptiveThresholdImage #1608

Closed
3 tasks done
SuhwanSong opened this issue Jun 21, 2019 · 2 comments
Closed
3 tasks done
Labels
Milestone

Comments

@SuhwanSong
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

There's a heap-buffer-overflow at MagickCore/threshold.c:323:33 in AdaptiveThresholdImage

Steps to Reproduce

run_cmd:
magick -seed 0 "(" magick:logo +repage ")" "(" magick:wizard -lat 0x564-42% ")" -quiet tmp

Here's ASAN log.

==10393==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f8ba61737f0 at pc 0x7f8bb5c0f9fa bp 0x7ffc04d5fad0 sp 0x7ffc04d5fac8
READ of size 4 at 0x7f8ba61737f0 thread T0
    #0 0x7f8bb5c0f9f9 in AdaptiveThresholdImage MagickCore/threshold.c:323:33
    #1 0x7f8bb51c1cb6 in CLISimpleOperatorImage MagickWand/operation.c:2571:21
    #2 0x7f8bb51b6c78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #3 0x7f8bb51dc315 in CLIOption MagickWand/operation.c:5273:16
    #4 0x7f8bb501da99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #5 0x7f8bb501ed0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #6 0x7f8bb5068ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #7 0x526f95 in MagickMain utilities/magick.c:149:10
    #8 0x5268e1 in main utilities/magick.c:180:10
    #9 0x7f8bafadfb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #10 0x41b069 in _start (install/bin/magick+0x41b069)

0x7f8ba61737f0 is located 16 bytes to the left of 4331520-byte region [0x7f8ba6173800,0x7f8ba6595000)
allocated by thread T0 here:
    #0 0x4e6200 in __interceptor_posix_memalign (install/bin/magick+0x4e6200)
    #1 0x7f8bb5a57ed6 in AcquireAlignedMemory MagickCore/memory.c:265:7
    #2 0x7f8bb57aeccc in AcquireCacheNexusPixels MagickCore/cache.c:4968:37
    #3 0x7f8bb579c13b in SetPixelCacheNexusPixels MagickCore/cache.c:5070:12
    #4 0x7f8bb5793b05 in GetVirtualPixelCacheNexus MagickCore/cache.c:2751:10
    #5 0x7f8bb57b1ea6 in GetCacheViewVirtualPixels MagickCore/cache-view.c:664:10
    #6 0x7f8bb5c0ef20 in AdaptiveThresholdImage MagickCore/threshold.c:257:7
    #7 0x7f8bb51c1cb6 in CLISimpleOperatorImage MagickWand/operation.c:2571:21
    #8 0x7f8bb51b6c78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #9 0x7f8bb51dc315 in CLIOption MagickWand/operation.c:5273:16
    #10 0x7f8bb501da99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #11 0x7f8bb501ed0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #12 0x7f8bb5068ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #13 0x526f95 in MagickMain utilities/magick.c:149:10
    #14 0x5268e1 in main utilities/magick.c:180:10
    #15 0x7f8bafadfb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/threshold.c:323:33 in AdaptiveThresholdImage

System Configuration

  • ImageMagick version:
    Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-21 https://imagemagick.org

  • Environment (Operating system, version and so on):
    Description: Ubuntu 18.04.1 LTS
    Release: 18.04
    Codename: bionic

  • Additional information:
    CC=clang-7 CXX=clang++-7 ./configure --disable-openmp

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jun 21, 2019
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jun 21, 2019
@dlemstra dlemstra added this to the 7.0.8-50 milestone Jun 21, 2019
@nohmask
Copy link

nohmask commented Jul 8, 2019

This was assigned CVE-2019-13295.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants