Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leaks in WriteMSLImage #636

Closed
zhouat opened this issue Jul 31, 2017 · 7 comments
Closed

Memory leaks in WriteMSLImage #636

zhouat opened this issue Jul 31, 2017 · 7 comments
Labels

Comments

@zhouat
Copy link

zhouat commented Jul 31, 2017

poc_link: https://github.com/zhouat/poc_IM/blob/master/Memory-Leak-19_output_msl_1501504023.36

Trigger Command:

echo "" >output.msl
magick convert Memory-Leak-19_output_msl_1501504023.36 output.msl
=================================================================
==108698==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x7f8068d1fb98 in __interceptor_malloc ../../.././libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x7f806825b7ad in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f806851a2bf in ProcessMSLScript coders/msl.c:7833
    #3 0x7f806851c382 in WriteMSLImage coders/msl.c:8334
    #4 0x7f80680ccaa1 in WriteImage MagickCore/constitute.c:1183
    #5 0x7f80680cd1d8 in WriteImages MagickCore/constitute.c:1333
    #6 0x7f8067936265 in ConvertImageCommand MagickWand/convert.c:3280
    #7 0x7f8067a2e1f1 in MagickCommandGenesis MagickWand/mogrify.c:183
    #8 0x40199b in MagickMain utilities/magick.c:149
    #9 0x401b68 in main utilities/magick.c:180
    #10 0x7f8064092b14 in __libc_start_main (/lib64/libc.so.6+0x21b14)

Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x7f8068d1fb98 in __interceptor_malloc ../../.././libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x7f806825b7ad in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f806851a2f2 in ProcessMSLScript coders/msl.c:7839
    #3 0x7f806851c382 in WriteMSLImage coders/msl.c:8334
    #4 0x7f80680ccaa1 in WriteImage MagickCore/constitute.c:1183
    #5 0x7f80680cd1d8 in WriteImages MagickCore/constitute.c:1333
    #6 0x7f8067936265 in ConvertImageCommand MagickWand/convert.c:3280
    #7 0x7f8067a2e1f1 in MagickCommandGenesis MagickWand/mogrify.c:183
    #8 0x40199b in MagickMain utilities/magick.c:149
    #9 0x401b68 in main utilities/magick.c:180
    #10 0x7f8064092b14 in __libc_start_main (/lib64/libc.so.6+0x21b14)
@mikayla-grace
Copy link

mikayla-grace commented Jul 31, 2017

Unfortunately we cannot reproduce the problem with ImageMagick 6.0.9-5 beta, gcc 7.1.1, and ASan. We get:

magick convert Memory-Leak-19_output_msl_1501504023.36 output.msl
convert: unexpected end-of-file `Memory-Leak-19_output_msl_1501504023.36': No such file or directory @ error/pwp.c/ReadPWPImage/259.
convert: negative or zero image size `output.msl' @ error/image.c/CloneImage/825.
convert: unable to open image 'output.msl': No such file or directory @ error/blob.c/OpenBlob/3109.
convert: unable to open file 'output.msl': No such file or directory @ error/msl.c/ProcessMSLScript/7822.

@zhouat
Copy link
Author

zhouat commented Aug 1, 2017

@mikayla-grace

  1. need a empty file: output.msl
  2. magick --version
Version: ImageMagick 7.0.6-5 Q16 x86_64 2017-07-31 http://www.imagemagick.org

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

Please open CVE

@bastien-roucaries
Copy link

And post CVE number when assigned (fill here http://cveform.mitre.org/)

@dlemstra dlemstra added the bug label Aug 2, 2017
@dlemstra dlemstra closed this as completed Aug 2, 2017
@zhouat
Copy link
Author

zhouat commented Aug 4, 2017

@bastien-roucaries done,cve-2017-12427

@zhouat
Copy link
Author

zhouat commented Aug 4, 2017

@dlemstra @mikayla-grace @bastien-roucaries hi all, does ImageMagick think about publish a bulletin ever when release a new version, which contain cve and “credit-to” info?thks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants