Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Double free memory corruption #354

Closed
Miladbr opened this issue Jan 12, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@Miladbr
Copy link

commented Jan 12, 2017

Valgrind output:

$ valgrind convert /home/milad/testing/52 /dev/null
==14011== Memcheck, a memory error detector
==14011== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14011== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==14011== Command: convert /home/milad/testing/52 /dev/null
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F81: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82592: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf875 is 11 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F63: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82592: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf876 is 10 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F4B: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82592: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf877 is 9 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F1B: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82592: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf878 is 8 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F81: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82741: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf879 is 7 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F63: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82741: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf87a is 6 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F4B: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82741: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf87b is 5 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== Invalid write of size 1
==14011==    at 0x4F58F1B: CopyMagickMemory (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F82741: SyncImageProfiles (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7032: WriteImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB7981: WriteImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5315D8A: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011==  Address 0x8bdf87c is 4 bytes before a block of size 4,185 alloc'd
==14011==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14011==    by 0x4FD27A0: AcquireStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4FD284D: CloneStringInfo (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F80F20: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4F811A8: SetImageProfile (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x97BA3FC: ??? (in /usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/meta.so)
==14011==    by 0x4EB5B3A: ReadImage (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x4EB6BEA: ReadImages (in /usr/lib/x86_64-linux-gnu/libMagickCore.so.5.0.0)
==14011==    by 0x5313F8D: ConvertImageCommand (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x537D6CE: MagickCommandGenesis (in /usr/lib/x86_64-linux-gnu/libMagickWand.so.5.0.0)
==14011==    by 0x400886: ??? (in /usr/bin/convert.im6)
==14011==    by 0x5828F44: (below main) (libc-start.c:287)
==14011== 
==14011== 
==14011== HEAP SUMMARY:
==14011==     in use at exit: 328 bytes in 9 blocks
==14011==   total heap usage: 1,289 allocs, 1,280 frees, 522,998 bytes allocated
==14011== 
==14011== LEAK SUMMARY:
==14011==    definitely lost: 0 bytes in 0 blocks
==14011==    indirectly lost: 0 bytes in 0 blocks
==14011==      possibly lost: 0 bytes in 0 blocks
==14011==    still reachable: 328 bytes in 9 blocks
==14011==         suppressed: 0 bytes in 0 blocks
==14011== Rerun with --leak-check=full to see details of leaked memory
==14011== 
==14011== For counts of detected and suppressed errors, rerun with: -v
==14011== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 0 from 0)

Backtrace:

(gdb) bt
#0  0x00007ffff707bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff707f028 in __GI_abort () at abort.c:89
#2  0x00007ffff70b82a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff71c66b0 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff70c455e in malloc_printerr (ptr=<optimized out>, str=0x7ffff71c2819 "free(): invalid size", action=1) at malloc.c:4996
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5  0x00007ffff7a5e1af in RelinquishMagickMemory () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#6  0x00007ffff7ad7f5e in DestroyStringInfo () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#7  0x00007ffff7aca9af in DestroySplayTree () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#8  0x00007ffff7a85ac5 in DestroyImageProfiles () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#9  0x00007ffff7a47aa1 in DestroyImage () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#10 0x00007ffff7a561e8 in DestroyImageList () from /usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#11 0x00007ffff7668ddf in ConvertImageCommand () from /usr/lib/x86_64-linux-gnu/libMagickWand.so.5
#12 0x00007ffff76d06cf in MagickCommandGenesis () from /usr/lib/x86_64-linux-gnu/libMagickWand.so.5
#13 0x0000000000400887 in ?? ()
#14 0x00007ffff7066f45 in __libc_start_main (main=0x400840, argc=3, argv=0x7fffffffdd18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffdd08) at libc-start.c:287
#15 0x00000000004008d6 in ?? ()

PoC:
https://github.com/Miladbr/public-poc/blob/master/imagemagick/52

@mikayla-grace

This comment has been minimized.

Copy link

commented Jan 12, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jan 12, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jan 12, 2017

Cristy
@carnil

This comment has been minimized.

Copy link

commented Jan 27, 2017

This is CVE-2017-5506

@dlemstra dlemstra added the bug label Jan 27, 2017

@dlemstra dlemstra closed this Jan 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.