Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory-Leak in WriteJP2Image() coders/jp2.c #567

Closed
lcatro opened this issue Jul 16, 2017 · 3 comments

Comments

Projects
None yet
4 participants
@lcatro
Copy link

commented Jul 16, 2017

Memory Leak File Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_jp2_WriteJP2Image

Trigger Command : ./magick convert memory-leak_output_jp2_WriteJP2Image output.jp2

Leak Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert memory-leak_output_jp2_WriteJP2Image output.jp2
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.

=================================================================
==45657==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 22 byte(s) in 1 object(s) allocated from:
    #0 0x7f3912a01602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f3911f0a981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f3911f0a9d5 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f391202aaf3 in ConstantString MagickCore/string.c:701
    #4 0x7f39122f8c5a in WriteJP2Image coders/jp2.c:920
    #5 0x7f3911d661c6 in WriteImage MagickCore/constitute.c:1114
    #6 0x7f3911d66e42 in WriteImages MagickCore/constitute.c:1333
    #7 0x7f39115b93eb in ConvertImageCommand MagickWand/convert.c:3280
    #8 0x7f39116b1d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f3910e2682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 22 byte(s) leaked in 1 allocation(s).

@mikayla-grace

This comment has been minimized.

Copy link

commented Jul 16, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 16, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jul 16, 2017

Cristy

@dlemstra dlemstra added the bug label Jul 16, 2017

@dlemstra dlemstra closed this Jul 16, 2017

@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 26, 2017

It need also part of 3d5ac8c

@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 26, 2017

this is CVE-2017-11536

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.