Skip to content

memory leak in ReadBMPImage #467

Closed
Closed
@birdg0

Description

@birdg0
$ identify -version
Version: ImageMagick 7.0.5-6 Q16 x86_64 2017-05-02 http://www.imagemagick.org

The ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.

$ identify leak-fcd4138d423f1e98d5111d52c9eadeae4a02810e
Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bb0ccc in CloneImage MagickCore/image.c:829:25
    #2 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #3 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bae06c in AcquireImageInfo MagickCore/image.c:347:28
    #2 0x7f1b97bb5384 in CloneImageInfo MagickCore/image.c:952:14
    #3 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d2acb in AcquirePixelCache MagickCore/cache.c:195:28
    #2 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #3 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #4 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #5 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #6 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #7 0x4ef157 in MagickMain utilities/magick.c:149:10
    #8 0x4ef157 in main utilities/magick.c:180
    #9 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d2acb in AcquirePixelCache MagickCore/cache.c:195:28
    #2 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #3 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97c27251 in AcquirePixelChannelMap MagickCore/pixel.c:101:35
    #2 0x7f1b97c27a9f in ClonePixelChannelMap MagickCore/pixel.c:139:13
    #3 0x7f1b97bb1270 in CloneImage MagickCore/image.c:873:28
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979ba132 in CloneBlobInfo MagickCore/blob.c:503:27
    #2 0x7f1b97bab952 in AcquireImage MagickCore/image.c:209:15
    #3 0x7f1b97ee9c54 in ReadBMPImage coders/bmp.c:555:9
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d3095 in AcquirePixelCacheNexus MagickCore/cache.c:268:31
    #2 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #3 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #4 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #5 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #6 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #7 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #8 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #9 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #10 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #11 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #12 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #13 0x4ef157 in MagickMain utilities/magick.c:149:10
    #14 0x4ef157 in main utilities/magick.c:180
    #15 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97db47d9 in NewSplayTree MagickCore/splay-tree.c:1106:32
    #2 0x7f1b97db44a8 in CloneSplayTree MagickCore/splay-tree.c:359:14
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bb0f96 in CloneImage MagickCore/image.c:852:43
    #2 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #3 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d3095 in AcquirePixelCacheNexus MagickCore/cache.c:268:31
    #2 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #3 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #4 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #5 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #6 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #7 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #8 0x4ef157 in MagickMain utilities/magick.c:149:10
    #9 0x4ef157 in main utilities/magick.c:180
    #10 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97bf4de2 in AcquireAlignedMemory MagickCore/memory.c:261:7
    #2 0x7f1b979d307c in AcquirePixelCacheNexus MagickCore/cache.c:264:29
    #3 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b97bb14da in CloneImage MagickCore/image.c:895:26
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b97db48c1 in NewSplayTree MagickCore/splay-tree.c:1119:25
    #4 0x7f1b97db44a8 in CloneSplayTree MagickCore/splay-tree.c:359:14
    #5 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #6 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #7 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #8 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #9 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #10 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #11 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #12 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #13 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #14 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #15 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #16 0x4ef157 in MagickMain utilities/magick.c:149:10
    #17 0x4ef157 in main utilities/magick.c:180
    #18 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2d9f in AcquirePixelCache MagickCore/cache.c:226:25
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979ba6cc in GetBlobInfo MagickCore/blob.c:1413:24
    #4 0x7f1b979ba149 in CloneBlobInfo MagickCore/blob.c:506:3
    #5 0x7f1b97bab952 in AcquireImage MagickCore/image.c:209:15
    #6 0x7f1b97ee9c54 in ReadBMPImage coders/bmp.c:555:9
    #7 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #8 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #9 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #10 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #11 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #12 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #13 0x4ef157 in MagickMain utilities/magick.c:149:10
    #14 0x4ef157 in main utilities/magick.c:180
    #15 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2dec in AcquirePixelCache MagickCore/cache.c:228:30
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2d9f in AcquirePixelCache MagickCore/cache.c:226:25
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2dec in AcquirePixelCache MagickCore/cache.c:228:30
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97bf4de2 in AcquireAlignedMemory MagickCore/memory.c:261:7
    #2 0x7f1b979d307c in AcquirePixelCacheNexus MagickCore/cache.c:264:29
    #3 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 46 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97de587d in ConstantString MagickCore/string.c:701:26
    #2 0x7f1b97db45d5 in CloneSplayTree MagickCore/splay-tree.c:372:7
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97db359a in AddValueToSplayTree MagickCore/splay-tree.c:188:21
    #2 0x7f1b97db45e3 in CloneSplayTree MagickCore/splay-tree.c:371:12
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97de587d in ConstantString MagickCore/string.c:701:26
    #2 0x7f1b97db45a2 in CloneSplayTree MagickCore/splay-tree.c:371:43
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

46511 byte(s) leaked in 22 allocation(s).

testcase:https://github.com/birdg0/poc/blob/master/ImageMagicK/leak-fcd4138d423f1e98d5111d52c9eadeae4a02810e
Author: bird@TSRC

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions