Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory-Leak in WriteJP2Image() coders/jp2.c #567

Closed
lcatro opened this issue Jul 16, 2017 · 3 comments
Closed

Memory-Leak in WriteJP2Image() coders/jp2.c #567

lcatro opened this issue Jul 16, 2017 · 3 comments
Labels

Comments

@lcatro
Copy link

lcatro commented Jul 16, 2017

Memory Leak File Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_jp2_WriteJP2Image

Trigger Command : ./magick convert memory-leak_output_jp2_WriteJP2Image output.jp2

Leak Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert memory-leak_output_jp2_WriteJP2Image output.jp2
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.

=================================================================
==45657==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 22 byte(s) in 1 object(s) allocated from:
    #0 0x7f3912a01602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f3911f0a981 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f3911f0a9d5 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f391202aaf3 in ConstantString MagickCore/string.c:701
    #4 0x7f39122f8c5a in WriteJP2Image coders/jp2.c:920
    #5 0x7f3911d661c6 in WriteImage MagickCore/constitute.c:1114
    #6 0x7f3911d66e42 in WriteImages MagickCore/constitute.c:1333
    #7 0x7f39115b93eb in ConvertImageCommand MagickWand/convert.c:3280
    #8 0x7f39116b1d98 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f3910e2682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 22 byte(s) leaked in 1 allocation(s).

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

It need also part of 3d5ac8c

@bastien-roucaries
Copy link

this is CVE-2017-11536

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants