Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

assertion failed in DestroyImage #610

Closed
bestshow opened this issue Jul 24, 2017 · 3 comments
Closed

assertion failed in DestroyImage #610

bestshow opened this issue Jul 24, 2017 · 3 comments
Labels

Comments

@bestshow
Copy link

Version: ImageMagick 7.0.6-3 Q16 x86_64

A crafted file revealed an assertion failure in image.c.

identify: MagickCore/image.c:1186: Image *DestroyImage(Image *): Assertion `image->signature == 0xabacadabUL' failed.
Aborted

testcase :https://github.com/bestshow/p0cs/blob/master/assertion_failed_in_DestroyImage
Credit : ADLab of Venustech

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

Need also a CVE https://cveform.mitre.org/

bastien-roucaries referenced this issue in LocutusOfBorg/ImageMagick Jul 29, 2017
Fix for ImageMagick#624 introduced a race condition on the else branch, leading to a FTBFS:
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -I./config -I. -I../.. -Wdate-time -D_FORTIFY_SOURCE=2 -DMAGICKCORE_HDRI_ENABLE=0 -DMAGICKCORE_QUANTUM_DEPTH=16 -I/usr/include/X11 -I/usr/include/libxml2 -I/usr/include/libpng16 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/OpenEXR -I/usr/include/lqr-1 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/freetype2 -pthread -fopenmp -g -O2 -fdebug-prefix-map=/<<BUILDDIR>>/imagemagick-6.9.7.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -fexceptions -pthread -DMAGICKCORE_HDRI_ENABLE=0 -DMAGICKCORE_QUANTUM_DEPTH=16 -c ../../coders/mat.c  -fPIC -DPIC -o coders/.libs/coders_mat_la-mat.o
../../coders/mat.c: In function ‘ReadMATImage’:
../../coders/mat.c:1372:3: error: ‘else’ without a previous ‘if’
   else
   ^~~~
Makefile:7883: recipe for target 'coders/coders_mat_la-mat.lo' failed

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870047
LocutusOfBorg added a commit to LocutusOfBorg/ImageMagick that referenced this issue Jul 29, 2017
Fix for ImageMagick#624 introduced a race condition on the else branch, leading to a FTBFS:
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -I./config -I. -I../.. -Wdate-time -D_FORTIFY_SOURCE=2 -DMAGICKCORE_HDRI_ENABLE=0 -DMAGICKCORE_QUANTUM_DEPTH=16 -I/usr/include/X11 -I/usr/include/libxml2 -I/usr/include/libpng16 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/OpenEXR -I/usr/include/lqr-1 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/freetype2 -pthread -fopenmp -g -O2 -fdebug-prefix-map=/<<BUILDDIR>>/imagemagick-6.9.7.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -fexceptions -pthread -DMAGICKCORE_HDRI_ENABLE=0 -DMAGICKCORE_QUANTUM_DEPTH=16 -c ../../coders/mat.c  -fPIC -DPIC -o coders/.libs/coders_mat_la-mat.o
../../coders/mat.c: In function ‘ReadMATImage’:
../../coders/mat.c:1372:3: error: ‘else’ without a previous ‘if’
   else
   ^~~~
Makefile:7883: recipe for target 'coders/coders_mat_la-mat.lo' failed

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870047
@nohmask
Copy link

nohmask commented Sep 8, 2017

This was assigned CVE-2017-12670.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants