Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadBMPImage #467

Closed
birdg0 opened this issue May 3, 2017 · 3 comments
Closed

memory leak in ReadBMPImage #467

birdg0 opened this issue May 3, 2017 · 3 comments
Labels

Comments

@birdg0
Copy link

birdg0 commented May 3, 2017

$ identify -version
Version: ImageMagick 7.0.5-6 Q16 x86_64 2017-05-02 http://www.imagemagick.org

The ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.

$ identify leak-fcd4138d423f1e98d5111d52c9eadeae4a02810e
Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bb0ccc in CloneImage MagickCore/image.c:829:25
    #2 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #3 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bae06c in AcquireImageInfo MagickCore/image.c:347:28
    #2 0x7f1b97bb5384 in CloneImageInfo MagickCore/image.c:952:14
    #3 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d2acb in AcquirePixelCache MagickCore/cache.c:195:28
    #2 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #3 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #4 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #5 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #6 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #7 0x4ef157 in MagickMain utilities/magick.c:149:10
    #8 0x4ef157 in main utilities/magick.c:180
    #9 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d2acb in AcquirePixelCache MagickCore/cache.c:195:28
    #2 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #3 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97c27251 in AcquirePixelChannelMap MagickCore/pixel.c:101:35
    #2 0x7f1b97c27a9f in ClonePixelChannelMap MagickCore/pixel.c:139:13
    #3 0x7f1b97bb1270 in CloneImage MagickCore/image.c:873:28
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979ba132 in CloneBlobInfo MagickCore/blob.c:503:27
    #2 0x7f1b97bab952 in AcquireImage MagickCore/image.c:209:15
    #3 0x7f1b97ee9c54 in ReadBMPImage coders/bmp.c:555:9
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d3095 in AcquirePixelCacheNexus MagickCore/cache.c:268:31
    #2 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #3 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #4 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #5 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #6 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #7 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #8 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #9 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #10 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #11 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #12 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #13 0x4ef157 in MagickMain utilities/magick.c:149:10
    #14 0x4ef157 in main utilities/magick.c:180
    #15 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97db47d9 in NewSplayTree MagickCore/splay-tree.c:1106:32
    #2 0x7f1b97db44a8 in CloneSplayTree MagickCore/splay-tree.c:359:14
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97bb0f96 in CloneImage MagickCore/image.c:852:43
    #2 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #3 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #4 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #5 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #6 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #7 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #8 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #9 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #10 0x4ef157 in MagickMain utilities/magick.c:149:10
    #11 0x4ef157 in main utilities/magick.c:180
    #12 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b979d3095 in AcquirePixelCacheNexus MagickCore/cache.c:268:31
    #2 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #3 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #4 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #5 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #6 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #7 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #8 0x4ef157 in MagickMain utilities/magick.c:149:10
    #9 0x4ef157 in main utilities/magick.c:180
    #10 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97bf4de2 in AcquireAlignedMemory MagickCore/memory.c:261:7
    #2 0x7f1b979d307c in AcquirePixelCacheNexus MagickCore/cache.c:264:29
    #3 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b97bb14da in CloneImage MagickCore/image.c:895:26
    #4 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #5 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #6 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #7 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #8 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #9 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #10 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #11 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #12 0x4ef157 in MagickMain utilities/magick.c:149:10
    #13 0x4ef157 in main utilities/magick.c:180
    #14 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b97db48c1 in NewSplayTree MagickCore/splay-tree.c:1119:25
    #4 0x7f1b97db44a8 in CloneSplayTree MagickCore/splay-tree.c:359:14
    #5 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #6 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #7 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #8 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #9 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #10 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #11 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #12 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #13 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #14 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #15 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #16 0x4ef157 in MagickMain utilities/magick.c:149:10
    #17 0x4ef157 in main utilities/magick.c:180
    #18 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2d9f in AcquirePixelCache MagickCore/cache.c:226:25
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979ba6cc in GetBlobInfo MagickCore/blob.c:1413:24
    #4 0x7f1b979ba149 in CloneBlobInfo MagickCore/blob.c:506:3
    #5 0x7f1b97bab952 in AcquireImage MagickCore/image.c:209:15
    #6 0x7f1b97ee9c54 in ReadBMPImage coders/bmp.c:555:9
    #7 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #8 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #9 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #10 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #11 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #12 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #13 0x4ef157 in MagickMain utilities/magick.c:149:10
    #14 0x4ef157 in main utilities/magick.c:180
    #15 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2dec in AcquirePixelCache MagickCore/cache.c:228:30
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2d9f in AcquirePixelCache MagickCore/cache.c:226:25
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97d9bc44 in AcquireSemaphoreMemory MagickCore/semaphore.c:154:7
    #2 0x7f1b97d9bc44 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1b979d2dec in AcquirePixelCache MagickCore/cache.c:228:30
    #4 0x7f1b979d3a70 in ClonePixelCache MagickCore/cache.c:418:28
    #5 0x7f1b97bb1a4d in CloneImage MagickCore/image.c:917:22
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4c286e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4c286e)
    #1 0x7f1b97bf4de2 in AcquireAlignedMemory MagickCore/memory.c:261:7
    #2 0x7f1b979d307c in AcquirePixelCacheNexus MagickCore/cache.c:264:29
    #3 0x7f1b979d2c82 in AcquirePixelCache MagickCore/cache.c:211:26
    #4 0x7f1b97dcdc56 in ReadStream MagickCore/stream.c:1027:20
    #5 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #6 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #7 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #8 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #9 0x4ef157 in MagickMain utilities/magick.c:149:10
    #10 0x4ef157 in main utilities/magick.c:180
    #11 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 46 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97de587d in ConstantString MagickCore/string.c:701:26
    #2 0x7f1b97db45d5 in CloneSplayTree MagickCore/splay-tree.c:372:7
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97db359a in AddValueToSplayTree MagickCore/splay-tree.c:188:21
    #2 0x7f1b97db45e3 in CloneSplayTree MagickCore/splay-tree.c:371:12
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x4c1db3 in malloc (/usr/local/bin/magick+0x4c1db3)
    #1 0x7f1b97de587d in ConstantString MagickCore/string.c:701:26
    #2 0x7f1b97db45a2 in CloneSplayTree MagickCore/splay-tree.c:371:43
    #3 0x7f1b97c18ee2 in CloneImageOptions MagickCore/option.c:1868:27
    #4 0x7f1b97bb5d79 in CloneImageInfo MagickCore/image.c:1007:10
    #5 0x7f1b97bb1105 in CloneImage MagickCore/image.c:862:27
    #6 0x7f1b97df5571 in FlipImage MagickCore/transform.c:1210:14
    #7 0x7f1b97eeec1c in ReadBMPImage coders/bmp.c:1379:23
    #8 0x7f1b97a4988e in ReadImage MagickCore/constitute.c:497:13
    #9 0x7f1b97dcde5c in ReadStream MagickCore/stream.c:1045:9
    #10 0x7f1b97a488d6 in PingImage MagickCore/constitute.c:226:9
    #11 0x7f1b97a48e98 in PingImages MagickCore/constitute.c:327:10
    #12 0x7f1b9729587c in IdentifyImageCommand MagickWand/identify.c:319:18
    #13 0x7f1b973175bd in MagickCommandGenesis MagickWand/mogrify.c:183:14
    #14 0x4ef157 in MagickMain utilities/magick.c:149:10
    #15 0x4ef157 in main utilities/magick.c:180
    #16 0x7f1b94a7b82f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

46511 byte(s) leaked in 22 allocation(s).

testcase:https://github.com/birdg0/poc/blob/master/ImageMagicK/leak-fcd4138d423f1e98d5111d52c9eadeae4a02810e
Author: bird@TSRC

@dlemstra
Copy link
Member

dlemstra commented May 3, 2017

Would you mind removing the '/home/bird/imagemagick_fuzz/ImageMagick-master/' part from your dump? We can then read your info without having to scroll.

@birdg0
Copy link
Author

birdg0 commented May 3, 2017

Is this okay?

@dlemstra
Copy link
Member

dlemstra commented May 3, 2017

Yeah thanks a lot, makes it much easier to read :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

2 participants