Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak in WriteImage #643

Closed
EazyLov3 opened this issue Aug 2, 2017 · 5 comments
Closed

Memory leak in WriteImage #643

EazyLov3 opened this issue Aug 2, 2017 · 5 comments
Labels

Comments

@EazyLov3
Copy link

EazyLov3 commented Aug 2, 2017

PoC Link : https://github.com/EazyLov3/FuzzPoC/blob/master/ImageMagick/Memory-Leak-1_output_fpx_1501588084.95

Trigger Command : ./magick convert Memory-Leak-1_output_fpx_1501588084.95 output.fpx

Detail:

ubuntu@ubuntu ~/I/utilities> ./magick convert Memory-Leak-1_output_fpx_1501588084.95 output.fpx
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: UnableToOpenConfigureFile `delegates.xml' @ warning/configure.c/GetConfigureOptions/715.

=================================================================
==4741==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4c0cbc in malloc /home/snd-local/releases/4.0.1/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3
    #1 0x7fd4757e2cbb in format8BIM /home/ubuntu/ImageMagick/coders/meta.c:2149:33
    #2 0x7fd4757e2cbb in WriteMETAImage /home/ubuntu/ImageMagick/coders/meta.c:2300
    #3 0x7fd475254a9e in WriteImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:1183:22
    #4 0x7fd4752555bd in WriteImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:1333:13
    #5 0x7fd474a99f01 in ConvertImageCommand /home/ubuntu/ImageMagick/MagickWand/convert.c:3280:11
    #6 0x7fd474b59e0f in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
    #7 0x4edef7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
    #8 0x4edef7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
    #9 0x7fd4735d282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
@bastien-roucaries
Copy link

open CVE
http://cveform.mitre.org/

@bastien-roucaries
Copy link

And post assigned CVE here

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@EazyLov3
Copy link
Author

EazyLov3 commented Aug 2, 2017

OK,I try to request it...

@dlemstra dlemstra added the bug label Aug 2, 2017
@dlemstra dlemstra closed this as completed Aug 2, 2017
@carnil
Copy link

carnil commented Aug 4, 2017

This has been assigned CVE-2017-12418

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants