fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert heap-overflow_output_picon_READ_GetPixelIndex output.picon
=================================================================
==43957==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d000017a88 at pc 0x7f298fbefc28 bp 0x7fff46d63780 sp 0x7fff46d63770
READ of size 4 at 0x61d000017a88 thread T0
#0 0x7f298fbefc27 in GetPixelIndex MagickCore/pixel-accessor.h:191
#1 0x7f298fbf3eea in WritePICONImage coders/xpm.c:819
#2 0x7f298f68122b in WriteImage MagickCore/constitute.c:1114
#3 0x7f298f681ea7 in WriteImages MagickCore/constitute.c:1333
#4 0x7f298eed13bb in ConvertImageCommand MagickWand/convert.c:3280
#5 0x7f298efc9d68 in MagickCommandGenesis MagickWand/mogrify.c:183
#6 0x4017f1 in MagickMain utilities/magick.c:149
#7 0x4019d2 in main utilities/magick.c:180
#8 0x7f298e73e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x401308 in _start (/home/fuzzing/fuzzing/ImageMagick/utilities/.libs/lt-magick+0x401308)
0x61d000017a88 is located 8 bytes to the right of 2048-byte region [0x61d000017280,0x61d000017a80)
allocated by thread T0 here:
#0 0x7f299032e076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
#1 0x7f298f82bd17 in AcquireAlignedMemory MagickCore/memory.c:262
#2 0x7f298f61c796 in OpenPixelCache MagickCore/cache.c:3558
#3 0x7f298f614fd1 in GetImagePixelCache MagickCore/cache.c:1667
#4 0x7f298f624255 in SyncImagePixelCache MagickCore/cache.c:5257
#5 0x7f298f64ba94 in SetImageGray MagickCore/colorspace.c:1182
#6 0x7f298f8af8a5 in QuantizeImage MagickCore/quantize.c:2668
#7 0x7f298f8a9604 in CompressImageColormap MagickCore/quantize.c:1203
#8 0x7f298fbf3113 in WritePICONImage coders/xpm.c:701
#9 0x7f298f68122b in WriteImage MagickCore/constitute.c:1114
#10 0x7f298f681ea7 in WriteImages MagickCore/constitute.c:1333
#11 0x7f298eed13bb in ConvertImageCommand MagickWand/convert.c:3280
#12 0x7f298efc9d68 in MagickCommandGenesis MagickWand/mogrify.c:183
#13 0x4017f1 in MagickMain utilities/magick.c:149
#14 0x4019d2 in main utilities/magick.c:180
#15 0x7f298e73e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/pixel-accessor.h:191 GetPixelIndex
Shadow bytes around the buggy address:
0x0c3a7fffaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3a7fffaf10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3a7fffaf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3a7fffaf30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3a7fffaf40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3a7fffaf50: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a7fffaf60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a7fffaf70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a7fffaf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a7fffaf90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3a7fffafa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==43957==ABORTING
The text was updated successfully, but these errors were encountered:
Crash Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/heap-overflow_output_picon_READ_GetPixelIndex
Trigger Command : ./magick convert heap-overflow_output_picon_READ_GetPixelIndex output.picon
Crash Detail :
The text was updated successfully, but these errors were encountered: