memory leak in ReadMPCImage

[jgj212]

Version: ImageMagick 7.0.6-1 Q16 x86_64

#./magick identify $FILE

=================================================================
==9771==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fe5639f3f76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fe5639d1657 in NewLinkedList linked-list.c:717
    #3 0x7fe563df4919 in ReadMPCImage mpc.c:625:32
    #4 0x7fe5637e3f98 in ReadImage constitute.c:497:13
    #5 0x7fe563b5abd9 in ReadStream stream.c:1045:9
    #6 0x7fe5637e2b3f in PingImage constitute.c:226:9
    #7 0x7fe5637e32e3 in PingImages constitute.c:327:10
    #8 0x7fe562f44126 in IdentifyImageCommand identify.c:319:18
    #9 0x7fe563001dff in MagickCommandGenesis mogrify.c:183:14
    #10 0x514f77 in MagickMain magick.c:151:10
    #11 0x5149d1 in main magick.c:263:10
    #12 0x7fe55d83ff44 in __libc_start_main libc-start.c:287

Indirect leak of 4128 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fe5639f3f76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fe5639f3fd8 in AcquireQuantumMemory memory.c:536:10
    #3 0x7fe563b6d527 in AcquireString string.c:136:24
    #4 0x7fe563df4941 in ReadMPCImage mpc.c:627:23
    #5 0x7fe5637e3f98 in ReadImage constitute.c:497:13
    #6 0x7fe563b5abd9 in ReadStream stream.c:1045:9
    #7 0x7fe5637e2b3f in PingImage constitute.c:226:9
    #8 0x7fe5637e32e3 in PingImages constitute.c:327:10
    #9 0x7fe562f44126 in IdentifyImageCommand identify.c:319:18
    #10 0x7fe563001dff in MagickCommandGenesis mogrify.c:183:14
    #11 0x514f77 in MagickMain magick.c:151:10
    #12 0x5149d1 in main magick.c:263:10
    #13 0x7fe55d83ff44 in __libc_start_main libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7fe563b30788 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7fe563b2fffc in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7fe5639d1763 in NewLinkedList linked-list.c:726
    #4 0x7fe563df4919 in ReadMPCImage mpc.c:625:32
    #5 0x7fe5637e3f98 in ReadImage constitute.c:497:13
    #6 0x7fe563b5abd9 in ReadStream stream.c:1045:9
    #7 0x7fe5637e2b3f in PingImage constitute.c:226:9
    #8 0x7fe5637e32e3 in PingImages constitute.c:327:10
    #9 0x7fe562f44126 in IdentifyImageCommand identify.c:319:18
    #10 0x7fe563001dff in MagickCommandGenesis mogrify.c:183:14
    #11 0x514f77 in MagickMain magick.c:151:10
    #12 0x5149d1 in main magick.c:263:10
    #13 0x7fe55d83ff44 in __libc_start_main libc-start.c:287

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fe5639f3f76 in AcquireMagickMemory memory.c:463:10
    #2 0x7fe5639d0af5 in AppendValueToLinkedList linked-list.c:120
    #3 0x7fe563df4950 in ReadMPCImage mpc.c:626:28
    #4 0x7fe5637e3f98 in ReadImage constitute.c:497:13
    #5 0x7fe563b5abd9 in ReadStream stream.c:1045:9
    #6 0x7fe5637e2b3f in PingImage constitute.c:226:9
    #7 0x7fe5637e32e3 in PingImages constitute.c:327:10
    #8 0x7fe562f44126 in IdentifyImageCommand identify.c:319:18
    #9 0x7fe563001dff in MagickCommandGenesis mogrify.c:183:14
    #10 0x514f77 in MagickMain magick.c:151:10
    #11 0x5149d1 in main magick.c:263:10
    #12 0x7fe55d83ff44 in __libc_start_main libc-start.c:287

SUMMARY: AddressSanitizer: 4264 byte(s) leaked in 4 allocation(s).

testcase: https://github.com/jgj212/poc/blob/master/leak-ReadMPCImage

Credit : ADLab of Venustech

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2017-12642.