New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) #272
Comments
|
Unfortunately we cannot reproduce this exception with ImageMagick 7.0.3-1. With ASAN enabled, we get: |
Maybe a different build (compiler,options) is able to hit the crash. |
|
Post the output of |
|
|
to confirm @asarubbo , I also hit this bug with ASAN on master |
|
Thanks. Do you have found it on your own or based on the flags I posted above? |
|
uhm wait, your test case doesn't crash my instance either. I have a different test case for a bug in that area of code, so I assumed it was the same bug. I will open another issue, if they are the same they can merge into this |
|
with a symbolized output the crash is the same |
|
ok perfect, I guess they can close that new issue |
|
Public post on this issue. Not sure it adds much. |
It doesn't. Is just my way to track issues I found. Anyway, this is still reproducible for me with the latest release (7.0.3-4) |
|
Unfortunately we cannot reproduce the problem. We're using afl-clang 3.8.0 and no exception is thrown. |
|
FYI: Looks like a CVE was assigned to this (2016-8678), even though there are issues in reproducing and confirming. |
|
the issue was reproduced by @marcograss too. |
|
This is a Q64 issue and we do not support Q64. We're waiting for 128bit processors to get Q64 to work. |
A crafted image causes an heap overflow.
Reproduce with: identify $FILE
I'm attaching the testcase as a zip because of the github's limitation.
Tested on 7.0.3.0
6.crashes.zip
The text was updated successfully, but these errors were encountered: