Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory-Leak in lite_font_map() coders/wmf.c #564

Closed
lcatro opened this issue Jul 16, 2017 · 4 comments

Comments

Projects
None yet
5 participants
@lcatro
Copy link

commented Jul 16, 2017

Memory Leak File Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_art_lite_font_map

Trigger Command : ./magick convert memory-leak_output_art_lite_font_map output.art

Leak Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert graphicsmagick_fuzzing/Memory-Leak-3_output_art_1500226345.53 output.art 
ERROR: player.c (470): libwmf: wmf with bizarre record size; bailing...
ERROR: player.c (471):         please send it to us at http://www.wvware.com/
maximum record size = 672189549
record size = 4115708906
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `type.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: FailedToScanFile `graphicsmagick_fuzzing/Memory-Leak-3_output_art_1500226345.53' @ error/wmf.c/ReadWMFImage/2694.
convert: NoImagesDefined `output.art' @ error/convert.c/ConvertImageCommand/3275.

=================================================================
==60505==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4101 byte(s) in 1 object(s) allocated from:
    #0 0x7f576c25d602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f576b766981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f576b7669d5 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f576b884d37 in AcquireString MagickCore/string.c:136
    #4 0x7f576b88558b in CloneString MagickCore/string.c:285
    #5 0x7f576bbc37dd in lite_font_map coders/wmf.c:2432
    #6 0x7f5768a86b77  (/usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7+0x6b77)

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x7f576c25d602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f57691c20b9  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d0b9)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f576c25d79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x7f57691c27c8  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d7c8)

SUMMARY: AddressSanitizer: 4389 byte(s) leaked in 3 allocation(s).
@mikayla-grace

This comment has been minimized.

Copy link

commented Jul 16, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 16, 2017

dlemstra pushed a commit that referenced this issue Jul 16, 2017

@dlemstra dlemstra added the bug label Jul 16, 2017

@dlemstra dlemstra closed this Jul 16, 2017

@carnil

This comment has been minimized.

Copy link

commented Jul 25, 2017

This is CVE-2017-11534

bastien-roucaries referenced this issue Jul 25, 2017

Cristy
@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 25, 2017

This is corrected by 3f21b17

@bastien-roucaries

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.