Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadOneJNGImage #550

Closed
jgj212 opened this issue Jul 8, 2017 · 3 comments
Closed

memory leak in ReadOneJNGImage #550

jgj212 opened this issue Jul 8, 2017 · 3 comments
Labels

Comments

@jgj212
Copy link
Contributor

jgj212 commented Jul 8, 2017

Version: ImageMagick 7.0.6-1 Q16 x86_64

#./magick identify $FILE

=================================================================
==32637==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d5b9db9 in AcquireImage image.c:169:19
    #3 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #4 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #5 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #6 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #7 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #8 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #9 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #10 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #11 0x514f77 in MagickMain magick.c:151:10
    #12 0x5149d1 in main magick.c:263:10
    #13 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8dc4739f in ReadOneJNGImage png.c:4477:39
    #3 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #4 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #5 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #6 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #7 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #8 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #9 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #10 0x514f77 in MagickMain magick.c:151:10
    #11 0x5149d1 in main magick.c:263:10
    #12 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d5be753 in AcquireImageInfo image.c:347:28
    #3 0x7fbe8d5c78c3 in CloneImageInfo image.c:952:14
    #4 0x7fbe8d5be688 in SyncImageSettings image.c:4051:21
    #5 0x7fbe8d5bbe88 in AcquireImage image.c:290:10
    #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #14 0x514f77 in MagickMain magick.c:151:10
    #15 0x5149d1 in main magick.c:263:10
    #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
    #3 0x7fbe8d3891e4 in AcquirePixelCache cache.c:195:28
    #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
    #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #13 0x514f77 in MagickMain magick.c:151:10
    #14 0x5149d1 in main magick.c:263:10
    #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
    #3 0x7fbe8d64a44a in AcquirePixelChannelMap pixel.c:101:35
    #4 0x7fbe8d5ba77b in AcquireImage image.c:208:22
    #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #13 0x514f77 in MagickMain magick.c:151:10
    #14 0x5149d1 in main magick.c:263:10
    #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d367dfd in CloneBlobInfo blob.c:504:27
    #3 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15
    #4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #12 0x514f77 in MagickMain magick.c:151:10
    #13 0x5149d1 in main magick.c:263:10
    #14 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
    #3 0x7fbe8d389ca4 in AcquirePixelCacheNexus cache.c:268:31
    #4 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26
    #5 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
    #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #14 0x514f77 in MagickMain magick.c:151:10
    #15 0x5149d1 in main magick.c:263:10
    #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7fbe8d5ba935 in AcquireImage image.c:213:20
    #4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #12 0x514f77 in MagickMain magick.c:151:10
    #13 0x5149d1 in main magick.c:263:10
    #14 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7fbe8d3899c3 in AcquirePixelCache cache.c:226:25
    #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
    #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #13 0x514f77 in MagickMain magick.c:151:10
    #14 0x5149d1 in main magick.c:263:10
    #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7fbe8d368bf7 in GetBlobInfo blob.c:1414:24
    #4 0x7fbe8d367eec in CloneBlobInfo blob.c:507:3
    #5 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15
    #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #14 0x514f77 in MagickMain magick.c:151:10
    #15 0x5149d1 in main magick.c:263:10
    #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7fbe8d389a52 in AcquirePixelCache cache.c:228:30
    #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
    #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #13 0x514f77 in MagickMain magick.c:151:10
    #14 0x5149d1 in main magick.c:263:10
    #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fbe8d60adb2 in AcquireAlignedMemory memory.c:261:7
    #2 0x7fbe8d389bae in AcquirePixelCacheNexus cache.c:264:29
    #3 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26
    #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
    #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
    #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
    #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
    #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
    #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
    #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
    #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
    #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
    #13 0x514f77 in MagickMain magick.c:151:10
    #14 0x5149d1 in main magick.c:263:10
    #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287

SUMMARY: AddressSanitizer: 49832 byte(s) leaked in 12 allocation(s).

testcase: https://github.com/jgj212/poc/blob/master/leak-ReadOneJNGImage

Credit : ADLab of Venustech

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

Hi, I suppose 982d89a#diff-06e0c72bb0a365a2fa4145b89e0a750a is also needed

@nohmask
Copy link

nohmask commented Sep 8, 2017

This was assigned CVE-2017-12641.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants