Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory corruption via PSB file #347

Closed
Miladbr opened this issue Jan 7, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@Miladbr
Copy link

commented Jan 7, 2017

$ /home/milad/ImageMagick/utilities/magick 7.psb /dev/null
[1]    22665 segmentation fault (core dumped)   /home/milad/ImageMagick/utilities/magick 7.psb /dev/null

Valgrind output:

$ valgrind /home/milad/ImageMagick/utilities/magick 7.psb /dev/null 
==22694== Memcheck, a memory error detector
==22694== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22694== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22694== Command: /home/milad/ImageMagick/utilities/magick 7.psb /dev/null
==22694== 
==22694== Syscall param read(buf) points to unaddressable byte(s)
==22694==    at 0x588E680: __read_nocancel (syscall-template.S:84)
==22694==    by 0x5810F78: _IO_file_xsgetn (fileops.c:1434)
==22694==    by 0x5806235: fread (iofread.c:38)
==22694==    by 0x837756: ReadPSDLayers (psd.c:1697)
==22694==    by 0x83EF66: ReadPSDImage (psd.c:2113)
==22694==    by 0xA103CF: ReadImage (constitute.c:555)
==22694==    by 0xA131FA: ReadImages (constitute.c:852)
==22694==    by 0x1103F8C: CLINoImageOperator (operation.c:4743)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF8612A: ProcessCommandOptions (magick-cli.c:421)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==  Address 0x5e4b2f8 is 0 bytes after a block of size 1,288 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0x834250: ReadPSDLayers (psd.c:1539)
==22694==    by 0x83EF66: ReadPSDImage (psd.c:2113)
==22694==    by 0xA103CF: ReadImage (constitute.c:555)
==22694==    by 0xA131FA: ReadImages (constitute.c:852)
==22694==    by 0x1103F8C: CLINoImageOperator (operation.c:4743)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF8612A: ProcessCommandOptions (magick-cli.c:421)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694== 
==22694== Invalid write of size 1
==22694==    at 0xCD97C0: PopQuantumPixel (quantum-export.c:196)
==22694==    by 0xCD97C0: ExportRedQuantum (quantum-export.c:3069)
==22694==    by 0xCD97C0: ExportQuantumPixels (quantum-export.c:4045)
==22694==    by 0x81F40D: WritePSDChannel (psd.c:2545)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1af is 0 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid read of size 1
==22694==    at 0xCD9660: PopQuantumPixel (quantum-export.c:198)
==22694==    by 0xCD9660: ExportRedQuantum (quantum-export.c:3069)
==22694==    by 0xCD9660: ExportQuantumPixels (quantum-export.c:4045)
==22694==    by 0x81F40D: WritePSDChannel (psd.c:2545)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1af is 0 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid write of size 8
==22694==    at 0x81FFE2: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1a8 is 504 bytes inside a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid read of size 16
==22694==    at 0x81FFF1: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1b0 is 1 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid write of size 8
==22694==    at 0x81FFF8: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1b0 is 1 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid read of size 16
==22694==    at 0x81FF59: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1c0 is 17 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 
==22694== Invalid write of size 8
==22694==    at 0x81FF5F: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)
==22694==  Address 0x5e5c1c0 is 17 bytes after a block of size 511 alloc'd
==22694==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22694==    by 0xC94D0C: AcquireQuantumPixels (quantum.c:175)
==22694==    by 0xC94D0C: SetQuantumDepth (quantum.c:693)
==22694==    by 0xC9571A: AcquireQuantumInfo (quantum.c:125)
==22694==    by 0x81F2E0: WritePSDChannel (psd.c:2514)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694== 

valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 576, hi = 0.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.


host stacktrace:
==22694==    at 0x38083F48: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x38084064: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x380841F1: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x38091A9C: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x3807D673: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x3807BF03: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x380800DA: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x3807B49A: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==22694==    by 0x8045DDEC5: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 22694)
==22694==    at 0x81FF6D: WritePSDChannel (psd.c:2549)
==22694==    by 0x82E6B8: WritePSDChannels (psd.c:2683)
==22694==    by 0x82E6B8: WritePSDImage (psd.c:3359)
==22694==    by 0xA148B7: WriteImage (constitute.c:1101)
==22694==    by 0xA16605: WriteImages (constitute.c:1320)
==22694==    by 0x11043F3: CLINoImageOperator (operation.c:4778)
==22694==    by 0x1107338: CLIOption (operation.c:5238)
==22694==    by 0xF86894: ProcessCommandOptions (magick-cli.c:526)
==22694==    by 0xF87FC2: MagickImageCommand (magick-cli.c:791)
==22694==    by 0xF90DE9: MagickCommandGenesis (mogrify.c:183)
==22694==    by 0x419D10: MagickMain (magick.c:149)
==22694==    by 0x57B882F: (below main) (libc-start.c:291)

Thread 2: status = VgTs_WaitSys (lwpid 22695)
==22694==    at 0x4E4BD22: ??? (in /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0)
==22694==    by 0x4E49449: ??? (in /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0)
==22694==    by 0x55826B9: start_thread (pthread_create.c:333)
==22694==    by 0x589E82C: clone (clone.S:109)

Backtrace:

(gdb) bt
#0  ExportRedQuantum (exception=0x2, q=<optimized out>, p=<optimized out>, number_pixels=196856, quantum_info=0x1547990, image=0x1577dd0)
    at MagickCore/quantum-export.c:3069
#1  ExportQuantumPixels (image=image@entry=0x1577dd0, image_view=image_view@entry=0x0, quantum_info=quantum_info@entry=0x1547990, 
    quantum_type=quantum_type@entry=RedQuantum, pixels=<optimized out>, pixels@entry=0x1570440 '\377' <repeats 200 times>..., exception=exception@entry=0x154a350)
    at MagickCore/quantum-export.c:4045
#2  0x000000000081f40e in WritePSDChannel (psd_info=psd_info@entry=0x7fffffff7c60, image_info=image_info@entry=0x154d700, image=image@entry=0x1706c60, 
    next_image=next_image@entry=0x1577dd0, quantum_type=quantum_type@entry=RedQuantum, compact_pixels=compact_pixels@entry=0x0, size_offset=144, separate=MagickTrue, 
    exception=0x154a350) at coders/psd.c:2545
#3  0x000000000082e6b9 in WritePSDChannels (separate=MagickTrue, exception=<optimized out>, size_offset=92, next_image=0x1577dd0, image=<optimized out>, 
    image_info=<optimized out>, psd_info=0x7fffffff7c60) at coders/psd.c:2683
#4  WritePSDImage (image_info=0x154d700, image=<optimized out>, exception=0x154a350) at coders/psd.c:3359
#5  0x0000000000a148b8 in WriteImage (image_info=image_info@entry=0x1565f40, image=image@entry=0x1706c60, exception=exception@entry=0x154a350)
    at MagickCore/constitute.c:1101
#6  0x0000000000a16606 in WriteImages (image_info=image_info@entry=0x1572b80, images=<optimized out>, images@entry=0x1706c60, filename=<optimized out>, 
    exception=0x154a350) at MagickCore/constitute.c:1320
#7  0x00000000011043f4 in CLINoImageOperator (cli_wand=cli_wand@entry=0x1548b70, option=option@entry=0x11e4361 "-write", arg1n=arg1n@entry=0x7fffffffe6e8 "/dev/null", 
    arg2n=arg2n@entry=0x0) at MagickWand/operation.c:4778
#8  0x0000000001107339 in CLIOption (cli_wand=cli_wand@entry=0x1548b70, option=option@entry=0x11e4361 "-write") at MagickWand/operation.c:5238
#9  0x0000000000f86895 in ProcessCommandOptions (cli_wand=cli_wand@entry=0x1548b70, argc=argc@entry=3, argv=argv@entry=0x7fffffffe428, index=index@entry=1)
    at MagickWand/magick-cli.c:526
#10 0x0000000000f87fc3 in MagickImageCommand (image_info=image_info@entry=0x154a4d0, argc=argc@entry=3, argv=argv@entry=0x7fffffffe428, 
    metadata=metadata@entry=0x7fffffffc0d0, exception=exception@entry=0x154a350) at MagickWand/magick-cli.c:791
#11 0x0000000000f90dea in MagickCommandGenesis (image_info=image_info@entry=0x154a4d0, command=command@entry=0xf86bf0 <MagickImageCommand>, argc=argc@entry=3, 
    argv=argv@entry=0x7fffffffe428, metadata=0x0, exception=exception@entry=0x154a350) at MagickWand/mogrify.c:183
#12 0x0000000000419d11 in MagickMain (argc=3, argv=0x7fffffffe428) at utilities/magick.c:149
#13 0x00007ffff70d0830 in __libc_start_main (main=0x4060d0 <main>, argc=3, argv=0x7fffffffe428, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffe418) at ../csu/libc-start.c:291
#14 0x00000000004198a9 in _start ()

PoC:
https://github.com/Miladbr/public-poc/blob/master/imagemagick/7.psb

@dlemstra dlemstra added the bug label Jan 7, 2017

@dlemstra

This comment has been minimized.

Copy link
Member

commented Jan 7, 2017

Thanks for reporting this, it will be resolved in the next version of ImageMagick.

@dlemstra dlemstra closed this Jan 7, 2017

dlemstra added a commit that referenced this issue Jan 7, 2017

dlemstra added a commit that referenced this issue Jan 7, 2017

@carnil

This comment has been minimized.

Copy link

commented Jan 27, 2017

This is CVE-2017-5511

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.