Description
Trigger Command : ./magick convert heap-buffer-overflow-READ-0x7f58970bcdc4_output_ps_1500207243.43 output.ps
Crash Information :
fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert all_fuzzing_format_2017_7_16_5_13_10/crash/heap-buffer-overflow-READ-0x7f58970bcdc4_output_ps_1500207243.43 output.ps
==61378==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f06a32fedcc at pc 0x7f06aec0f9c2 bp 0x7ffcb67d5a30 sp 0x7ffcb67d5a20
READ of size 4 at 0x7f06a32fedcc thread T0
#0 0x7f06aec0f9c1 in GetPixelAlpha MagickCore/pixel-accessor.h:59
#1 0x7f06aec17ff8 in WritePSImage coders/ps.c:2046
#2 0x7f06ae7491c6 in WriteImage MagickCore/constitute.c:1114
#3 0x7f06ae749e42 in WriteImages MagickCore/constitute.c:1333
#4 0x7f06adf9c3eb in ConvertImageCommand MagickWand/convert.c:3280
#5 0x7f06ae094d98 in MagickCommandGenesis MagickWand/mogrify.c:183
#6 0x4017f1 in MagickMain utilities/magick.c:149
#7 0x4019d2 in main utilities/magick.c:180
#8 0x7f06ad80982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x401308 in _start (/home/fuzzing/fuzzing/ImageMagick/utilities/.libs/lt-magick+0x401308)
0x7f06a32fedcc is located 12 bytes to the right of 556480-byte region [0x7f06a3277000,0x7f06a32fedc0)
allocated by thread T0 here:
#0 0x7f06af3e5076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
#1 0x7f06ae8ed8de in AcquireAlignedMemory MagickCore/memory.c:262
#2 0x7f06ae6e4731 in OpenPixelCache MagickCore/cache.c:3523
#3 0x7f06ae6dd0d1 in GetImagePixelCache MagickCore/cache.c:1667
#4 0x7f06ae6ec1f0 in SyncImagePixelCache MagickCore/cache.c:5222
#5 0x7f06ae8b9609 in SetImageExtent MagickCore/image.c:2554
#6 0x7f06aec53c99 in ReadSGIImage coders/sgi.c:374
#7 0x7f06ae746068 in ReadImage MagickCore/constitute.c:497
#8 0x7f06ae748267 in ReadImages MagickCore/constitute.c:866
#9 0x7f06adf060ad in ConvertImageCommand MagickWand/convert.c:641
#10 0x7f06ae094d98 in MagickCommandGenesis MagickWand/mogrify.c:183
#11 0x4017f1 in MagickMain utilities/magick.c:149
#12 0x4019d2 in main utilities/magick.c:180
#13 0x7f06ad80982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/pixel-accessor.h:59 GetPixelAlpha
Shadow bytes around the buggy address:
0x0fe154657d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe154657d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe154657d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe154657d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe154657da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe154657db0: 00 00 00 00 00 00 00 00 fa[fa]fa fa fa fa fa fa
0x0fe154657dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe154657dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe154657de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe154657df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fe154657e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==61378==ABORTING