Skip to content

memory leak in CloneDrawInfo #544

Closed
Closed
@bestshow

Description

@bestshow

Version: ImageMagick 7.0.6-1 Q16 x86_64

The function CloneDrawInfo in draw.c allows attackers to cause a denial of service (memory leak) via a crafted file.

#identify $FILE 

================================== 
Direct leak of 1080 byte(s) in 1 object(s) allocated from: 
    #0 0x4e0276 in __interceptor_malloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66 
    #1 0x7f0ddae47272 in CloneDrawInfo /home/haojun/ImageMagick-master/MagickCore/draw.c:252:27 
    #2 0x7f0ddad31154 in ReadImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:497:13 
    #3 0x7f0ddb41c79f in ReadStream /home/haojun/ImageMagick-master/MagickCore/stream.c:1045:9 
    #4 0x7f0ddad2fd07 in PingImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:226:9 
    #5 0x7f0dda3df898 in IdentifyImageCommand /home/haojun/ImageMagick-master/MagickWand/identify.c:319:18 
    #6 0x7f0dda4c5f9b in MagickCommandGenesis /home/haojun/ImageMagick-master/MagickWand/mogrify.c:183:14 
    #7 0x516867 in MagickMain /home/haojun/ImageMagick-master/utilities/magick.c:149:10 
    #8 0x516867 in main /home/haojun/ImageMagick-master/utilities/magick.c:180 
    #9 0x7f0dd4b04b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274 

SUMMARY: 1080 byte(s) leaked in 1 allocation(s). 

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_CloneDrawInfo
Credit:ADLab of Venustech

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions