Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadEXRImage #441

Closed
bestshow opened this issue Apr 26, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@bestshow
Copy link

commented Apr 26, 2017

on ImageMagick 7.0.5-5

The ReadEXRImage function in exr.c:189 allows attackers to cause a denial of service (memory leak) via a crafted file.

#identify $FILE
=================================================================

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x41428a in AcquireImage MagickCore/image.c:169
    #3 0x6fac15 in ReadEXRImage coders/exr.c:189
    #4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #6 0x7f1855 in PingImage MagickCore/constitute.c:226
    #7 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #10 0x40f839 in MagickMain utilities/magick.c:149
    #11 0x40fa06 in main utilities/magick.c:180
    #12 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x416459 in AcquireImageInfo MagickCore/image.c:347
    #3 0x4193aa in CloneImageInfo MagickCore/image.c:952
    #4 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #5 0x416002 in AcquireImage MagickCore/image.c:290
    #6 0x6fac15 in ReadEXRImage coders/exr.c:189
    #7 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #8 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #9 0x7f1855 in PingImage MagickCore/constitute.c:226
    #10 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #11 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #12 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x40f839 in MagickMain utilities/magick.c:149
    #14 0x40fa06 in main utilities/magick.c:180
    #15 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x79a80c in AcquirePixelCache MagickCore/cache.c:195
    #4 0x4149a1 in AcquireImage MagickCore/image.c:206
    #5 0x6fac15 in ReadEXRImage coders/exr.c:189
    #6 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #7 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #8 0x7f1855 in PingImage MagickCore/constitute.c:226
    #9 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #10 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #11 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40f839 in MagickMain utilities/magick.c:149
    #13 0x40fa06 in main utilities/magick.c:180
    #14 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x79a80c in AcquirePixelCache MagickCore/cache.c:195
    #4 0x9e4069 in ReadStream MagickCore/stream.c:1027
    #5 0x7f1855 in PingImage MagickCore/constitute.c:226
    #6 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #7 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #8 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x40f839 in MagickMain utilities/magick.c:149
    #10 0x40fa06 in main utilities/magick.c:180
    #11 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x4490c6 in AcquirePixelChannelMap MagickCore/pixel.c:101
    #4 0x414a2a in AcquireImage MagickCore/image.c:208
    #5 0x6fac15 in ReadEXRImage coders/exr.c:189
    #6 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #7 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #8 0x7f1855 in PingImage MagickCore/constitute.c:226
    #9 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #10 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #11 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40f839 in MagickMain utilities/magick.c:149
    #13 0x40fa06 in main utilities/magick.c:180
    #14 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 352 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x79b032 in AcquirePixelCacheNexus MagickCore/cache.c:268
    #4 0x79abfd in AcquirePixelCache MagickCore/cache.c:211
    #5 0x9e4069 in ReadStream MagickCore/stream.c:1027
    #6 0x7f1855 in PingImage MagickCore/constitute.c:226
    #7 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #10 0x40f839 in MagickMain utilities/magick.c:149
    #11 0x40fa06 in main utilities/magick.c:180
    #12 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 352 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x79b032 in AcquirePixelCacheNexus MagickCore/cache.c:268
    #4 0x79abfd in AcquirePixelCache MagickCore/cache.c:211
    #5 0x4149a1 in AcquireImage MagickCore/image.c:206
    #6 0x6fac15 in ReadEXRImage coders/exr.c:189
    #7 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #8 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #9 0x7f1855 in PingImage MagickCore/constitute.c:226
    #10 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #11 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #12 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x40f839 in MagickMain utilities/magick.c:149
    #14 0x40fa06 in main utilities/magick.c:180
    #15 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x7839d4 in CloneBlobInfo MagickCore/blob.c:503
    #3 0x414a6f in AcquireImage MagickCore/image.c:209
    #4 0x6fac15 in ReadEXRImage coders/exr.c:189
    #5 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #6 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #7 0x7f1855 in PingImage MagickCore/constitute.c:226
    #8 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #9 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #10 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x40f839 in MagickMain utilities/magick.c:149
    #12 0x40fa06 in main utilities/magick.c:180
    #13 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x49379f in NewSplayTree MagickCore/splay-tree.c:1106
    #3 0x490b9b in CloneSplayTree MagickCore/splay-tree.c:359
    #4 0x4439fa in CloneImageOptions MagickCore/option.c:1868
    #5 0x41a99d in CloneImageInfo MagickCore/image.c:1007
    #6 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #7 0x416002 in AcquireImage MagickCore/image.c:290
    #8 0x6fac15 in ReadEXRImage coders/exr.c:189
    #9 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #10 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #11 0x7f1855 in PingImage MagickCore/constitute.c:226
    #12 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #13 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #14 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x40f839 in MagickMain utilities/magick.c:149
    #16 0x40fa06 in main utilities/magick.c:180
    #17 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x43ec4c in AcquireAlignedMemory MagickCore/memory.c:261
    #2 0x79af49 in AcquirePixelCacheNexus MagickCore/cache.c:264
    #3 0x79abfd in AcquirePixelCache MagickCore/cache.c:211
    #4 0x9e4069 in ReadStream MagickCore/stream.c:1027
    #5 0x7f1855 in PingImage MagickCore/constitute.c:226
    #6 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #7 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #8 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x40f839 in MagickMain utilities/magick.c:149
    #10 0x40fa06 in main utilities/magick.c:180
    #11 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x43ec4c in AcquireAlignedMemory MagickCore/memory.c:261
    #2 0x79af49 in AcquirePixelCacheNexus MagickCore/cache.c:264
    #3 0x79abfd in AcquirePixelCache MagickCore/cache.c:211
    #4 0x4149a1 in AcquireImage MagickCore/image.c:206
    #5 0x6fac15 in ReadEXRImage coders/exr.c:189
    #6 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #7 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #8 0x7f1855 in PingImage MagickCore/constitute.c:226
    #9 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #10 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #11 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40f839 in MagickMain utilities/magick.c:149
    #13 0x40fa06 in main utilities/magick.c:180
    #14 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x79adfa in AcquirePixelCache MagickCore/cache.c:226
    #4 0x4149a1 in AcquireImage MagickCore/image.c:206
    #5 0x6fac15 in ReadEXRImage coders/exr.c:189
    #6 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #7 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #8 0x7f1855 in PingImage MagickCore/constitute.c:226
    #9 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #10 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #11 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40f839 in MagickMain utilities/magick.c:149
    #13 0x40fa06 in main utilities/magick.c:180
    #14 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x79adfa in AcquirePixelCache MagickCore/cache.c:226
    #4 0x9e4069 in ReadStream MagickCore/stream.c:1027
    #5 0x7f1855 in PingImage MagickCore/constitute.c:226
    #6 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #7 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #8 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x40f839 in MagickMain utilities/magick.c:149
    #10 0x40fa06 in main utilities/magick.c:180
    #11 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x79ae6a in AcquirePixelCache MagickCore/cache.c:228
    #4 0x4149a1 in AcquireImage MagickCore/image.c:206
    #5 0x6fac15 in ReadEXRImage coders/exr.c:189
    #6 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #7 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #8 0x7f1855 in PingImage MagickCore/constitute.c:226
    #9 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #10 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #11 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40f839 in MagickMain utilities/magick.c:149
    #13 0x40fa06 in main utilities/magick.c:180
    #14 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x788380 in GetBlobInfo MagickCore/blob.c:1413
    #4 0x783ab8 in CloneBlobInfo MagickCore/blob.c:506
    #5 0x414a6f in AcquireImage MagickCore/image.c:209
    #6 0x6fac15 in ReadEXRImage coders/exr.c:189
    #7 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #8 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #9 0x7f1855 in PingImage MagickCore/constitute.c:226
    #10 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #11 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #12 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x40f839 in MagickMain utilities/magick.c:149
    #14 0x40fa06 in main utilities/magick.c:180
    #15 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x79ae6a in AcquirePixelCache MagickCore/cache.c:228
    #4 0x9e4069 in ReadStream MagickCore/stream.c:1027
    #5 0x7f1855 in PingImage MagickCore/constitute.c:226
    #6 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #7 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #8 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x40f839 in MagickMain utilities/magick.c:149
    #10 0x40fa06 in main utilities/magick.c:180
    #11 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x414b7d in AcquireImage MagickCore/image.c:213
    #4 0x6fac15 in ReadEXRImage coders/exr.c:189
    #5 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #6 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #7 0x7f1855 in PingImage MagickCore/constitute.c:226
    #8 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #9 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #10 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x40f839 in MagickMain utilities/magick.c:149
    #12 0x40fa06 in main utilities/magick.c:180
    #13 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3741590 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cc:128
    #1 0x48bef5 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x48bf9d in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x493a64 in NewSplayTree MagickCore/splay-tree.c:1119
    #4 0x490b9b in CloneSplayTree MagickCore/splay-tree.c:359
    #5 0x4439fa in CloneImageOptions MagickCore/option.c:1868
    #6 0x41a99d in CloneImageInfo MagickCore/image.c:1007
    #7 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #8 0x416002 in AcquireImage MagickCore/image.c:290
    #9 0x6fac15 in ReadEXRImage coders/exr.c:189
    #10 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #11 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #12 0x7f1855 in PingImage MagickCore/constitute.c:226
    #13 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #14 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #15 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x40f839 in MagickMain utilities/magick.c:149
    #17 0x40fa06 in main utilities/magick.c:180
    #18 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x490066 in AddValueToSplayTree MagickCore/splay-tree.c:188
    #3 0x490d24 in CloneSplayTree MagickCore/splay-tree.c:371
    #4 0x4439fa in CloneImageOptions MagickCore/option.c:1868
    #5 0x41a99d in CloneImageInfo MagickCore/image.c:1007
    #6 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #7 0x416002 in AcquireImage MagickCore/image.c:290
    #8 0x6fac15 in ReadEXRImage coders/exr.c:189
    #9 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #10 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #11 0x7f1855 in PingImage MagickCore/constitute.c:226
    #12 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #13 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #14 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x40f839 in MagickMain utilities/magick.c:149
    #16 0x40fa06 in main utilities/magick.c:180
    #17 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x4aa745 in ConstantString MagickCore/string.c:701
    #4 0x490cb8 in CloneSplayTree MagickCore/splay-tree.c:372
    #5 0x4439fa in CloneImageOptions MagickCore/option.c:1868
    #6 0x41a99d in CloneImageInfo MagickCore/image.c:1007
    #7 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #8 0x416002 in AcquireImage MagickCore/image.c:290
    #9 0x6fac15 in ReadEXRImage coders/exr.c:189
    #10 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #11 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #12 0x7f1855 in PingImage MagickCore/constitute.c:226
    #13 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #14 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #15 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x40f839 in MagickMain utilities/magick.c:149
    #17 0x40fa06 in main utilities/magick.c:180
    #18 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x7f2bb3740b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
    #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
    #3 0x4aa745 in ConstantString MagickCore/string.c:701
    #4 0x490d0f in CloneSplayTree MagickCore/splay-tree.c:371
    #5 0x4439fa in CloneImageOptions MagickCore/option.c:1868
    #6 0x41a99d in CloneImageInfo MagickCore/image.c:1007
    #7 0x425570 in SyncImageSettings MagickCore/image.c:4051
    #8 0x416002 in AcquireImage MagickCore/image.c:290
    #9 0x6fac15 in ReadEXRImage coders/exr.c:189
    #10 0x7f27a7 in ReadImage MagickCore/constitute.c:497
    #11 0x9e41a7 in ReadStream MagickCore/stream.c:1045
    #12 0x7f1855 in PingImage MagickCore/constitute.c:226
    #13 0x7f1e08 in PingImages MagickCore/constitute.c:327
    #14 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
    #15 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x40f839 in MagickMain utilities/magick.c:149
    #17 0x40fa06 in main utilities/magick.c:180
    #18 0x7f2baea4fb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

46923 byte(s) leaked in 21 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadEXRImage-3.exr
Author: ADLab of Venustech

@mikayla-grace

This comment has been minimized.

Copy link

commented Apr 26, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Apr 26, 2017

Cristy

dlemstra pushed a commit that referenced this issue Apr 26, 2017

Cristy

@dlemstra dlemstra added the bug label Apr 27, 2017

@carnil

This comment has been minimized.

Copy link

commented May 1, 2017

This issue has been assigned CVE-2017-8347

@dlemstra dlemstra closed this May 7, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.