Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c #566

Closed
lcatro opened this issue Jul 16, 2017 · 6 comments
Closed

Memory-Leak in WriteHISTOGRAMImage() coders/histogram.c #566

lcatro opened this issue Jul 16, 2017 · 6 comments
Labels
bug

Comments

@lcatro
Copy link

lcatro commented Jul 16, 2017

Memory Leak File Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_histogram_WriteHISTOGRAMImage

Trigger Command : ./magick convert memory-leak_output_histogram_WriteHISTOGRAMImage output.histogram

Leak Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert graphicsmagick_fuzzing/Memory-Leak-6_output_histogram_1500226138.33 output.histogram 
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `type.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToReadFont `graphicsmagick_fuzzing/Memory-Leak-6_output_histogram_1500226138.33' @ error/annotate.c/RenderFreetype/1389.
convert: NonconformingDrawingPrimitiveDefinition `text' @ error/draw.c/DrawImage/3269.
convert: UnableToOpenConfigureFile `delegates.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `colors.xml' @ warning/configure.c/GetConfigureOptions/715.

=================================================================
==26711==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8eeed981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f8b8ecbe82b in CloneBlobInfo MagickCore/blob.c:504
    #3 0x7f8b8eeb221f in CloneImage MagickCore/image.c:874
    #4 0x7f8b8f13cd0c in WriteHISTOGRAMImage coders/histogram.c:233
    #5 0x7f8b8ed496f7 in WriteImage MagickCore/constitute.c:1183
    #6 0x7f8b8ed49e42 in WriteImages MagickCore/constitute.c:1333
    #7 0x7f8b8e59c3eb in ConvertImageCommand MagickWand/convert.c:3280
    #8 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8eeed981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f8b8ecbe82b in CloneBlobInfo MagickCore/blob.c:504
    #3 0x7f8b8eeae1e1 in AcquireImage MagickCore/image.c:209
    #4 0x7f8b8f28764a in ReadTTFImage coders/ttf.c:214
    #5 0x7f8b8ed46068 in ReadImage MagickCore/constitute.c:497
    #6 0x7f8b8ed48267 in ReadImages MagickCore/constitute.c:866
    #7 0x7f8b8e5060ad in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e4602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f8b8c9490b9  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d0b9)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e5076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x7f8b8efd10fc in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f8b8efd11b8 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f8b8ecc3756 in GetBlobInfo MagickCore/blob.c:1414
    #4 0x7f8b8ecbe917 in CloneBlobInfo MagickCore/blob.c:507
    #5 0x7f8b8eeb221f in CloneImage MagickCore/image.c:874
    #6 0x7f8b8f13cd0c in WriteHISTOGRAMImage coders/histogram.c:233
    #7 0x7f8b8ed496f7 in WriteImage MagickCore/constitute.c:1183
    #8 0x7f8b8ed49e42 in WriteImages MagickCore/constitute.c:1333
    #9 0x7f8b8e59c3eb in ConvertImageCommand MagickWand/convert.c:3280
    #10 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x4017f1 in MagickMain utilities/magick.c:149
    #12 0x4019d2 in main utilities/magick.c:180
    #13 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e5076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x7f8b8efd10fc in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f8b8efd11b8 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f8b8ecc3756 in GetBlobInfo MagickCore/blob.c:1414
    #4 0x7f8b8ecbe917 in CloneBlobInfo MagickCore/blob.c:507
    #5 0x7f8b8eeae1e1 in AcquireImage MagickCore/image.c:209
    #6 0x7f8b8f28764a in ReadTTFImage coders/ttf.c:214
    #7 0x7f8b8ed46068 in ReadImage MagickCore/constitute.c:497
    #8 0x7f8b8ed48267 in ReadImages MagickCore/constitute.c:866
    #9 0x7f8b8e5060ad in ConvertImageCommand MagickWand/convert.c:641
    #10 0x7f8b8e694d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x4017f1 in MagickMain utilities/magick.c:149
    #12 0x4019d2 in main utilities/magick.c:180
    #13 0x7f8b8de0982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f8b8f9e479a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x7f8b8c9497c8  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d7c8)

SUMMARY: AddressSanitizer: 976 byte(s) leaked in 6 allocation(s).
@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 17, 2017
https://github.com/ImageMagick/ImageMagick/issues/566
c81594c
dlemstra pushed a commit that referenced this issue Jul 17, 2017
https://github.com/ImageMagick/ImageMagick/issues/566
1885ab1
@dlemstra dlemstra added the bug label Jul 17, 2017
@carnil
Copy link

carnil commented Jul 23, 2017

This has been assigned CVE-2017-11531

@bastien-roucaries
Copy link

This is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869725

@lcatro
Copy link
Author

lcatro commented Jul 26, 2017

@bastien-roucaries Hello bastien-roucaries ,is that me or you apply CVE ?

@carnil
Copy link

carnil commented Jul 26, 2017 via email
edited
Loading

@lcatro
Copy link
Author

lcatro commented Jul 26, 2017

@carnil I know ,because i had submit CVE apply after your assigned at last week .Thanks .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
5 participants
@carnil @bastien-roucaries @dlemstra @lcatro @mikayla-grace