I have verified that I am using the latest version of ImageMagick
I have searched open and closed issues to ensure it has not already been reported
Description
There's a stack-buffer-overflow at coders/pnm.c:1902 in WritePNMImage.
I think this is related with #1540, but it was heap and this issue is about the stack buffer overflow.
==12131==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7100b060 at pc 0x0000004477c4 bp 0x7ffc710065b0 sp 0x7ffc71005d60
WRITE of size 10 at 0x7ffc7100b060 thread T0
#0 0x4477c3 in strncpy (install/bin/magick+0x4477c3)
#1 0x7f1cca22b433 in WritePNMImage coders/pnm.c:1902:20
#2 0x7f1cc9ac3065 in WriteImage MagickCore/constitute.c:1159:16
#3 0x7f1cc9ac3f8c in WriteImages MagickCore/constitute.c:1376:13
#4 0x7f1cc948750d in CLINoImageOperator MagickWand/operation.c:4796:14
#5 0x7f1cc948b1cc in CLIOption MagickWand/operation.c:5258:7
#6 0x7f1cc92ccf6d in ProcessCommandOptions MagickWand/magick-cli.c:529:3
#7 0x7f1cc92cdd0a in MagickImageCommand MagickWand/magick-cli.c:796:5
#8 0x7f1cc9317ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
#9 0x526f95 in MagickMain utilities/magick.c:149:10
#10 0x5268e1 in main utilities/magick.c:180:10
#11 0x7f1cc3d8eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#12 0x41b069 in _start (install/bin/magick+0x41b069)
Address 0x7ffc7100b060 is located in stack of thread T0 at offset 19104 in frame
#0 0x7f1cca228daf in WritePNMImage coders/pnm.c:1522
This frame has 6 object(s):
[32, 4128) 'buffer' (line 1523)
[4256, 8352) 'magick' (line 1523)
[8480, 12576) 'type117' (line 1675)
[12704, 14752) 'pixels' (line 1736)
[14880, 16928) 'pixels255' (line 1788)
[17056, 19104) 'pixels381' (line 1857) <== Memory access at offset 19104 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (install/bin/magick+0x4477c3) in strncpy
Prerequisites
Description
There's a stack-buffer-overflow at coders/pnm.c:1902 in WritePNMImage.
I think this is related with #1540, but it was heap and this issue is about the stack buffer overflow.
Steps to Reproduce
run_cmd:
magick -seed 0 -dispose Previous -compress None "(" magick:rose +repage ")" "(" magick:logo -level 64,0%,0.874 ")" -loop 5 tmpHere's ASAN log.
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-21 https://imagemagick.org
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information:
CC=clang-7 CXX=clang++-7 ./configure --disable-openmp
The text was updated successfully, but these errors were encountered: