Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c #566

Closed
lcatro opened this issue Jul 16, 2017 · 6 comments

Comments

Projects
None yet
5 participants
@lcatro
Copy link

commented Jul 16, 2017

Memory Leak File Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_histogram_WriteHISTOGRAMImage

Trigger Command : ./magick convert memory-leak_output_histogram_WriteHISTOGRAMImage output.histogram

Leak Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert graphicsmagick_fuzzing/Memory-Leak-6_output_histogram_1500226138.33 output.histogram 
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `type.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToReadFont `graphicsmagick_fuzzing/Memory-Leak-6_output_histogram_1500226138.33' @ error/annotate.c/RenderFreetype/1389.
convert: NonconformingDrawingPrimitiveDefinition `text' @ error/draw.c/DrawImage/3269.
convert: UnableToOpenConfigureFile `delegates.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `colors.xml' @ warning/configure.c/GetConfigureOptions/715.

=================================================================
==26711==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8eeed981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f8b8ecbe82b in CloneBlobInfo MagickCore/blob.c:504
    #3 0x7f8b8eeb221f in CloneImage MagickCore/image.c:874
    #4 0x7f8b8f13cd0c in WriteHISTOGRAMImage coders/histogram.c:233
    #5 0x7f8b8ed496f7 in WriteImage MagickCore/constitute.c:1183
    #6 0x7f8b8ed49e42 in WriteImages MagickCore/constitute.c:1333
    #7 0x7f8b8e59c3eb in ConvertImageCommand MagickWand/convert.c:3280
    #8 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8eeed981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f8b8ecbe82b in CloneBlobInfo MagickCore/blob.c:504
    #3 0x7f8b8eeae1e1 in AcquireImage MagickCore/image.c:209
    #4 0x7f8b8f28764a in ReadTTFImage coders/ttf.c:214
    #5 0x7f8b8ed46068 in ReadImage MagickCore/constitute.c:497
    #6 0x7f8b8ed48267 in ReadImages MagickCore/constitute.c:866
    #7 0x7f8b8e5060ad in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8c9490b9  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d0b9)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e5076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x7f8b8efd10fc in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f8b8efd11b8 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f8b8ecc3756 in GetBlobInfo MagickCore/blob.c:1414
    #4 0x7f8b8ecbe917 in CloneBlobInfo MagickCore/blob.c:507
    #5 0x7f8b8eeb221f in CloneImage MagickCore/image.c:874
    #6 0x7f8b8f13cd0c in WriteHISTOGRAMImage coders/histogram.c:233
    #7 0x7f8b8ed496f7 in WriteImage MagickCore/constitute.c:1183
    #8 0x7f8b8ed49e42 in WriteImages MagickCore/constitute.c:1333
    #9 0x7f8b8e59c3eb in ConvertImageCommand MagickWand/convert.c:3280
    #10 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x4017f1 in MagickMain utilities/magick.c:149
    #12 0x4019d2 in main utilities/magick.c:180
    #13 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e5076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x7f8b8efd10fc in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f8b8efd11b8 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f8b8ecc3756 in GetBlobInfo MagickCore/blob.c:1414
    #4 0x7f8b8ecbe917 in CloneBlobInfo MagickCore/blob.c:507
    #5 0x7f8b8eeae1e1 in AcquireImage MagickCore/image.c:209
    #6 0x7f8b8f28764a in ReadTTFImage coders/ttf.c:214
    #7 0x7f8b8ed46068 in ReadImage MagickCore/constitute.c:497
    #8 0x7f8b8ed48267 in ReadImages MagickCore/constitute.c:866
    #9 0x7f8b8e5060ad in ConvertImageCommand MagickWand/convert.c:641
    #10 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x4017f1 in MagickMain utilities/magick.c:149
    #12 0x4019d2 in main utilities/magick.c:180
    #13 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e479a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x7f8b8c9497c8  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d7c8)

SUMMARY: AddressSanitizer: 976 byte(s) leaked in 6 allocation(s).

@mikayla-grace

This comment has been minimized.

Copy link

commented Jul 16, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 17, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jul 17, 2017

@dlemstra dlemstra added the bug label Jul 17, 2017

@dlemstra dlemstra closed this Jul 17, 2017

@carnil

This comment has been minimized.

Copy link

commented Jul 23, 2017

This has been assigned CVE-2017-11531

@bastien-roucaries

This comment has been minimized.

@lcatro

This comment has been minimized.

Copy link
Author

commented Jul 26, 2017

@bastien-roucaries Hello bastien-roucaries ,is that me or you apply CVE ?

@carnil

This comment has been minimized.

Copy link

commented Jul 26, 2017

@lcatro

This comment has been minimized.

Copy link
Author

commented Jul 26, 2017

@carnil I know ,because i had submit CVE apply after your assigned at last week .Thanks .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.