Skip to content

heap-buffer-overflow at MagickCore/statistic.c:559:43 in EvaluateImages #1615

Closed
@SuhwanSong

Description

@SuhwanSong

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

There's a heap-buffer-overflow at MagickCore/statistic.c:559:43 in EvaluateImages.

Steps to Reproduce

run_cmd:
magick -seed 0 -monitor -bias 63 "(" magick:rose -colorize 172,35,77 ")" "(" magick:logo +repage ")" -crop 507x10'!'+20-54 -evaluate-sequence Median tmp

Here's ASAN log.

=================================================================
==10817==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000c80 at pc 0x7f0648490e06 bp 0x7ffce3c96900 sp 0x7ffce3c968f8
WRITE of size 8 at 0x611000000c80 thread T0
    #0 0x7f0648490e05 in EvaluateImages MagickCore/statistic.c:559:43
    #1 0x7f0647aa55bf in CLIListOperatorImages MagickWand/operation.c:4084:22
    #2 0x7f0647aaf35e in CLIOption MagickWand/operation.c:5279:14
    #3 0x7f06478f0a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #4 0x7f06478f1d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #5 0x7f064793bba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #6 0x526f95 in MagickMain utilities/magick.c:149:10
    #7 0x5268e1 in main utilities/magick.c:180:10
    #8 0x7f06423b2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #9 0x41b069 in _start (install/bin/magick+0x41b069)

0x611000000c80 is located 0 bytes to the right of 256-byte region [0x611000000b80,0x611000000c80)
allocated by thread T0 here:
    #0 0x4e5397 in __interceptor_malloc (install/bin/magick+0x4e5397)
    #1 0x7f064832b0b6 in AcquireMagickMemory MagickCore/memory.c:478:10
    #2 0x7f064832b11f in AcquireQuantumMemory MagickCore/memory.c:551:10
    #3 0x7f06484926e7 in AcquirePixelThreadSet MagickCore/statistic.c:182:33
    #4 0x7f0648490b21 in EvaluateImages MagickCore/statistic.c:499:19
    #5 0x7f0647aa55bf in CLIListOperatorImages MagickWand/operation.c:4084:22
    #6 0x7f0647aaf35e in CLIOption MagickWand/operation.c:5279:14
    #7 0x7f06478f0a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #8 0x7f06478f1d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #9 0x7f064793bba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #10 0x526f95 in MagickMain utilities/magick.c:149:10
    #11 0x5268e1 in main utilities/magick.c:180:10
    #12 0x7f06423b2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/statistic.c:559:43 in EvaluateImages

System Configuration

  • ImageMagick version:
    Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-22 https://imagemagick.org

  • Environment (Operating system, version and so on):
    Description: Ubuntu 18.04.1 LTS
    Release: 18.04
    Codename: bionic

  • Additional information:
    CC=clang-7 CXX=clang++-7 ./configure --disable-openmp

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions