Division by Zero at MagickCore/layer.c:1616 #1629

SuhwanSong · 2019-07-07T02:34:55Z

Prerequisites

I have written a descriptive issue title
I have verified that I am using the latest version of ImageMagick
I have searched open and closed issues to ensure it has not already been reported

Description

There's a division by zero at MagickCore/layer.c:1616:30

Steps to Reproduce

run following cmd:
magick "-seed" "0" "-delay" "34<" "(" "magick:rose" "+repage" ")" "(" "magick:rose" "+repage" ")" "-encoding" "Symbol" "-layers" "remove-dups" "-quiet" "tmp"

This is triggered at time = curr->delay*1000/curr->ticks_per_second; due to curr->ticks_per_second.

1605   for (; (next=GetNextImageInList(curr)) != (Image *) NULL; curr=next)
1606   { 
1607     if ( curr->columns != next->columns || curr->rows != next->rows
1608          || curr->page.x != next->page.x || curr->page.y != next->page.y )
1609       continue;
1610     bounds=CompareImagesBounds(curr,next,CompareAnyLayer,exception);
1611     if ( bounds.x < 0 ) {
1612       /*
1613         the two images are the same, merge time delays and delete one.
1614       */
1615       size_t time;
1616       time = curr->delay*1000/curr->ticks_per_second;
1617       time += next->delay*1000/next->ticks_per_second;
1618       next->ticks_per_second = 100L;
1619       next->delay = time*curr->ticks_per_second/1000;
1620       next->iterations = curr->iterations;
1621       *images = curr;
1622       (void) DeleteImageFromList(images);
1623     }
1624   }

Here's USAN log.

MagickCore/layer.c:1616:30: runtime error: division by zero
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior MagickCore/layer.c:1616:30 in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==28916==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x7fe11baee9e7 bp 0x7ffc60e12250 sp 0x7ffc60e11ec0 T0)
    #0 0x7fe11baee9e6 in RemoveDuplicateLayers MagickCore/layer.c:1616:30
    #1 0x7fe11a2600a8 in CLIListOperatorImages MagickWand/operation.c:4266:15
    #2 0x7fe11a273102 in CLIOption MagickWand/operation.c:5308:14
    #3 0x7fe119c6aef4 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #4 0x7fe119c6dc54 in MagickImageCommand MagickWand/magick-cli.c:796:5
    #5 0x7fe119d1400e in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #6 0x527976 in MagickMain utilities/magick.c:149:10
    #7 0x5268e1 in main utilities/magick.c:180:10
    #8 0x7fe113884b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #9 0x41b069 in _start (install/bin/magick+0x41b069)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: UNKNOWN SIGNAL MagickCore/layer.c:1616:30 in RemoveDuplicateLayers
==28916==ABORTING

System Configuration

ImageMagick version:
Version: ImageMagick 7.0.8-54 Q16 x86_64 2019-07-07 https://imagemagick.org
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information:
CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined -g" CXXFLAGS="-fsanitize=address,undefined -g" ./configure --disable-openmp --without-png

The text was updated successfully, but these errors were encountered:

urban-warrior · 2019-07-08T10:23:32Z

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

nohmask · 2019-07-10T01:44:57Z

This was assigned CVE-2019-13454.

This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).

graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).

boo0m · 2019-07-31T06:07:25Z

This was assigned CVE-2019-13454.

hello, nohmask. I have requested two CVE IDs about the ImageMagick vulnerabilities(#1552 and ImageMagick/ImageMagick6#43) on https://cveform.mitre.org/. But I don't receive any reply yet. Do you know what happen? Thanks

nohmask · 2019-08-18T16:37:24Z

hello, nohmask. I have requested two CVE IDs about the ImageMagick vulnerabilities(#1552 and ImageMagick/ImageMagick6#43) on https://cveform.mitre.org/. But I don't receive any reply yet. Do you know what happen? Thanks

I’m sorry I don’t know.
The two problems are assigned CVE-2019-14980 and CVE-2019-14981 .

graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).

urban-warrior pushed a commit that referenced this issue Jul 8, 2019

https://github.com/ImageMagick/ImageMagick/issues/1629

1ddcf2e

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jul 8, 2019

https://github.com/ImageMagick/ImageMagick/issues/1629

4f31d78

dlemstra added this to the 7.0.8-54 milestone Jul 8, 2019

urban-warrior closed this as completed Jul 13, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Division by Zero at MagickCore/layer.c:1616 #1629

Division by Zero at MagickCore/layer.c:1616 #1629

SuhwanSong commented Jul 7, 2019

urban-warrior commented Jul 8, 2019

nohmask commented Jul 10, 2019

boo0m commented Jul 31, 2019

nohmask commented Aug 18, 2019

Division by Zero at MagickCore/layer.c:1616 #1629

Division by Zero at MagickCore/layer.c:1616 #1629

Comments

SuhwanSong commented Jul 7, 2019

Prerequisites

Description

Steps to Reproduce

System Configuration

urban-warrior commented Jul 8, 2019

nohmask commented Jul 10, 2019

boo0m commented Jul 31, 2019

nohmask commented Aug 18, 2019