Skip to content

memory leak in ReadXCFImage #649

Closed
Closed
@jgj212

Description

@jgj212

Version: ImageMagick 7.0.6-6 Q16 x86_64

A memory leak vulnerability was found in function ReadXCFImage ,which allow attackers to cause a denial of service via a crafted file.

#./identify $FILE

==10362==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 545177268 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3facb035b in load_tile xcf.c:362:28
    #4 0x7ff3facafcfe in load_level xcf.c:671:15
    #5 0x7ff3facaf89a in load_hierarchy xcf.c:758:7
    #6 0x7ff3facaf202 in ReadOneLayer xcf.c:938:7
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa689aef in CloneImage image.c:829:25
    #3 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #4 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #5 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #6 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #7 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #8 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #9 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #10 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #11 0x514a47 in MagickMain magick.c:149:10
    #12 0x5144a1 in main magick.c:180:10
    #13 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa687ba3 in AcquireImageInfo image.c:347:28
    #3 0x7ff3fa690d13 in CloneImageInfo image.c:952:14
    #4 0x7ff3fa68a38c in CloneImage image.c:845:27
    #5 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #9 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #13 0x514a47 in MagickMain magick.c:149:10
    #14 0x5144a1 in main magick.c:180:10
    #15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa433164 in AcquirePixelCache cache.c:195:28
    #4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
    #5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
    #6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
    #7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
    #8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
    #9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
    #10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #13 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #17 0x514a47 in MagickMain magick.c:149:10
    #18 0x5144a1 in main magick.c:180:10
    #19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa433164 in AcquirePixelCache cache.c:195:28
    #4 0x7ff3fa84abec in ReadStream stream.c:1027:20
    #5 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #9 0x514a47 in MagickMain magick.c:149:10
    #10 0x5144a1 in main magick.c:180:10
    #11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa71704a in AcquirePixelChannelMap pixel.c:101:35
    #4 0x7ff3fa717224 in ClonePixelChannelMap pixel.c:139:13
    #5 0x7ff3fa68a766 in CloneImage image.c:856:28
    #6 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 280 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa4118cd in CloneBlobInfo blob.c:504:27
    #3 0x7ff3fa68ac1f in CloneImage image.c:874:25
    #4 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #5 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #6 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #7 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #8 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #9 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #10 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #11 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #12 0x514a47 in MagickMain magick.c:149:10
    #13 0x5144a1 in main magick.c:180:10
    #14 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa433c24 in AcquirePixelCacheNexus cache.c:268:31
    #4 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
    #5 0x7ff3fa84abec in ReadStream stream.c:1027:20
    #6 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #7 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #8 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #9 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #10 0x514a47 in MagickMain magick.c:149:10
    #11 0x5144a1 in main magick.c:180:10
    #12 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa82aee5 in NewSplayTree splay-tree.c:1106:32
    #3 0x7ff3fa7633aa in SetImageProperty property.c:4022:23
    #4 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
    #5 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
    #6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #9 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #13 0x514a47 in MagickMain magick.c:149:10
    #14 0x5144a1 in main magick.c:180:10
    #15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa433c24 in AcquirePixelCacheNexus cache.c:268:31
    #4 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
    #5 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
    #6 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
    #7 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
    #8 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
    #9 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
    #10 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
    #11 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #12 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #13 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #14 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #15 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #16 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #17 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #18 0x514a47 in MagickMain magick.c:149:10
    #19 0x5144a1 in main magick.c:180:10
    #20 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa82aee5 in NewSplayTree splay-tree.c:1106:32
    #3 0x7ff3fa82ab14 in CloneSplayTree splay-tree.c:359:14
    #4 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
    #5 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
    #6 0x7ff3fa68a38c in CloneImage image.c:845:27
    #7 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #8 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #9 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #10 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #11 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #12 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #13 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #14 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #15 0x514a47 in MagickMain magick.c:149:10
    #16 0x5144a1 in main magick.c:180:10
    #17 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa82b266 in NewSplayTree splay-tree.c:1119:25
    #4 0x7ff3fa82ab14 in CloneSplayTree splay-tree.c:359:14
    #5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
    #6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
    #7 0x7ff3fa68a38c in CloneImage image.c:845:27
    #8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #12 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #16 0x514a47 in MagickMain magick.c:149:10
    #17 0x5144a1 in main magick.c:180:10
    #18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa4339d2 in AcquirePixelCache cache.c:228:30
    #4 0x7ff3fa84abec in ReadStream stream.c:1027:20
    #5 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #9 0x514a47 in MagickMain magick.c:149:10
    #10 0x5144a1 in main magick.c:180:10
    #11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa4126c7 in GetBlobInfo blob.c:1414:24
    #4 0x7ff3fa4119bc in CloneBlobInfo blob.c:507:3
    #5 0x7ff3fa68ac1f in CloneImage image.c:874:25
    #6 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa433943 in AcquirePixelCache cache.c:226:25
    #4 0x7ff3fa84abec in ReadStream stream.c:1027:20
    #5 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #9 0x514a47 in MagickMain magick.c:149:10
    #10 0x5144a1 in main magick.c:180:10
    #11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa6d73a2 in AcquireAlignedMemory memory.c:262:7
    #2 0x7ff3fa433b2e in AcquirePixelCacheNexus cache.c:264:29
    #3 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
    #4 0x7ff3fa84abec in ReadStream stream.c:1027:20
    #5 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #9 0x514a47 in MagickMain magick.c:149:10
    #10 0x5144a1 in main magick.c:180:10
    #11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa82b266 in NewSplayTree splay-tree.c:1119:25
    #4 0x7ff3fa7633aa in SetImageProperty property.c:4022:23
    #5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
    #6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa4339d2 in AcquirePixelCache cache.c:228:30
    #4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
    #5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
    #6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
    #7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
    #8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
    #9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
    #10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #13 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #17 0x514a47 in MagickMain magick.c:149:10
    #18 0x5144a1 in main magick.c:180:10
    #19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa433943 in AcquirePixelCache cache.c:226:25
    #4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
    #5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
    #6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
    #7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
    #8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
    #9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
    #10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #13 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #17 0x514a47 in MagickMain magick.c:149:10
    #18 0x5144a1 in main magick.c:180:10
    #19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa6d73a2 in AcquireAlignedMemory memory.c:262:7
    #2 0x7ff3fa433b2e in AcquirePixelCacheNexus cache.c:264:29
    #3 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
    #4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
    #5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
    #6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
    #7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
    #8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
    #9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
    #10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #13 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #17 0x514a47 in MagickMain magick.c:149:10
    #18 0x5144a1 in main magick.c:180:10
    #19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
    #1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
    #2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
    #3 0x7ff3fa68adb6 in CloneImage image.c:878:26
    #4 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #5 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #6 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #7 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #8 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #9 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #10 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #11 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #12 0x514a47 in MagickMain magick.c:149:10
    #13 0x5144a1 in main magick.c:180:10
    #14 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa829e70 in AddValueToSplayTree splay-tree.c:188:21
    #3 0x7ff3fa764e53 in SetImageProperty property.c:4462:10
    #4 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
    #5 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
    #6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #9 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #13 0x514a47 in MagickMain magick.c:149:10
    #14 0x5144a1 in main magick.c:180:10
    #15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa829e70 in AddValueToSplayTree splay-tree.c:188:21
    #3 0x7ff3fa82ad1c in CloneSplayTree splay-tree.c:371:12
    #4 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
    #5 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
    #6 0x7ff3fa68a38c in CloneImage image.c:845:27
    #7 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #8 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #9 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #10 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #11 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #12 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #13 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #14 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #15 0x514a47 in MagickMain magick.c:149:10
    #16 0x5144a1 in main magick.c:180:10
    #17 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 15 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa860653 in ConstantString string.c:701:26
    #4 0x7ff3fa82ad06 in CloneSplayTree splay-tree.c:372:7
    #5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
    #6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
    #7 0x7ff3fa68a38c in CloneImage image.c:845:27
    #8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #12 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #16 0x514a47 in MagickMain magick.c:149:10
    #17 0x5144a1 in main magick.c:180:10
    #18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa860653 in ConstantString string.c:701:26
    #4 0x7ff3fa82ac81 in CloneSplayTree splay-tree.c:371:43
    #5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
    #6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
    #7 0x7ff3fa68a38c in CloneImage image.c:845:27
    #8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
    #9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #12 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #16 0x514a47 in MagickMain magick.c:149:10
    #17 0x5144a1 in main magick.c:180:10
    #18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 6 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa860653 in ConstantString string.c:701:26
    #4 0x7ff3fa764e33 in SetImageProperty property.c:4463:5
    #5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
    #6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

Indirect leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
    #2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7ff3fa860653 in ConstantString string.c:701:26
    #4 0x7ff3fa764e43 in SetImageProperty property.c:4463:30
    #5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
    #6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
    #7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
    #8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
    #9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
    #10 0x7ff3fa4b060f in PingImage constitute.c:226:9
    #11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
    #12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
    #13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
    #14 0x514a47 in MagickMain magick.c:149:10
    #15 0x5144a1 in main magick.c:180:10
    #16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 545223851 byte(s) leaked in 27 allocation(s).

POC: https://github.com/jgj212/poc/blob/master/leak-ReadXCFImage
Credit: ADLab of Venustech

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions