Closed
Description
Prerequisites
- I have written a descriptive issue title
- I have verified that I am using the latest version of ImageMagick
- I have searched open and closed issues to ensure it has not already been reported
Description
There's a heap-buffer-overflow at MagickCore/statistic.c:559:43 in EvaluateImages.
Steps to Reproduce
run_cmd:
magick -seed 0 -monitor -bias 63 "(" magick:rose -colorize 172,35,77 ")" "(" magick:logo +repage ")" -crop 507x10'!'+20-54 -evaluate-sequence Median tmp
Here's ASAN log.
=================================================================
==10817==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000c80 at pc 0x7f0648490e06 bp 0x7ffce3c96900 sp 0x7ffce3c968f8
WRITE of size 8 at 0x611000000c80 thread T0
#0 0x7f0648490e05 in EvaluateImages MagickCore/statistic.c:559:43
#1 0x7f0647aa55bf in CLIListOperatorImages MagickWand/operation.c:4084:22
#2 0x7f0647aaf35e in CLIOption MagickWand/operation.c:5279:14
#3 0x7f06478f0a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
#4 0x7f06478f1d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
#5 0x7f064793bba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
#6 0x526f95 in MagickMain utilities/magick.c:149:10
#7 0x5268e1 in main utilities/magick.c:180:10
#8 0x7f06423b2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#9 0x41b069 in _start (install/bin/magick+0x41b069)
0x611000000c80 is located 0 bytes to the right of 256-byte region [0x611000000b80,0x611000000c80)
allocated by thread T0 here:
#0 0x4e5397 in __interceptor_malloc (install/bin/magick+0x4e5397)
#1 0x7f064832b0b6 in AcquireMagickMemory MagickCore/memory.c:478:10
#2 0x7f064832b11f in AcquireQuantumMemory MagickCore/memory.c:551:10
#3 0x7f06484926e7 in AcquirePixelThreadSet MagickCore/statistic.c:182:33
#4 0x7f0648490b21 in EvaluateImages MagickCore/statistic.c:499:19
#5 0x7f0647aa55bf in CLIListOperatorImages MagickWand/operation.c:4084:22
#6 0x7f0647aaf35e in CLIOption MagickWand/operation.c:5279:14
#7 0x7f06478f0a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
#8 0x7f06478f1d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
#9 0x7f064793bba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
#10 0x526f95 in MagickMain utilities/magick.c:149:10
#11 0x5268e1 in main utilities/magick.c:180:10
#12 0x7f06423b2b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/statistic.c:559:43 in EvaluateImages
System Configuration
-
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-22 https://imagemagick.org -
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic -
Additional information:
CC=clang-7 CXX=clang++-7 ./configure --disable-openmp