Closed
Description
root@ubuntu:/home/hjy/Desktop# magick --version
Version: ImageMagick 7.0.6-6 Q16 i686 2017-08-05 http://www.imagemagick.org
root@ubuntu:/home/hjy/Desktop# magick convert oom-ReadBMPImage2 test.png
==5856==ERROR: AddressSanitizer failed to allocate 0xa07a4000 (-1602600960) bytes of LargeMmapAllocator: 12
==5856==Process memory map follows:
0x08048000-0x094d3000 /usr/local/bin/magick
0x094d3000-0x094d4000 /usr/local/bin/magick
0x094d4000-0x09555000 /usr/local/bin/magick
0x09555000-0x09558000
0x1ffff000-0x24000000
0x24000000-0x28000000
0x28000000-0x40000000
0xb2d00000-0xb2e00000
0xb2f00000-0xb3000000
0xb3100000-0xb3200000
0xb3300000-0xb3400000
0xb3500000-0xb3600000
0xb3700000-0xb3800000
0xb3900000-0xb3a00000
0xb3b00000-0xb3c00000
0xb3d00000-0xb3e00000
0xb3f00000-0xb4100000 /usr/lib/locale/locale-archive
0xb4100000-0xb4200000
0xb4300000-0xb4400000
0xb4500000-0xb4600000
0xb4700000-0xb4800000
0xb4900000-0xb4a00000
0xb4b00000-0xb4c00000
0xb4d00000-0xb4e00000
0xb4f00000-0xb5000000
0xb5100000-0xb5200000
0xb5300000-0xb5400000
0xb5500000-0xb5600000
0xb5700000-0xb5800000
0xb5900000-0xb5a00000
0xb5ae0000-0xb5c00000
0xb5c07000-0xb5c6c000
0xb5c6c000-0xb5c6d000 /usr/lib/locale/locale-archive
0xb5c6d000-0xb6e20000
0xb6e20000-0xb6e44000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e44000-0xb6e45000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e45000-0xb6e46000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e46000-0xb6e49000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e49000-0xb6e4a000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e4a000-0xb6e4b000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e4b000-0xb6ff4000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff4000-0xb6ff6000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff6000-0xb6ff7000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff7000-0xb6ffa000
0xb6ffa000-0xb7012000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7012000-0xb7013000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7013000-0xb7014000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7014000-0xb7016000
0xb7016000-0xb7031000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7031000-0xb7032000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7032000-0xb7033000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7033000-0xb7034000
0xb7034000-0xb7078000 /lib/i386-linux-gnu/libm-2.19.so
0xb7078000-0xb7079000 /lib/i386-linux-gnu/libm-2.19.so
0xb7079000-0xb707a000 /lib/i386-linux-gnu/libm-2.19.so
0xb707a000-0xb70a8000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70a8000-0xb70a9000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70a9000-0xb70aa000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70aa000-0xb70c2000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c2000-0xb70c3000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c3000-0xb70c4000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c4000-0xb7219000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb7219000-0xb721a000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721a000-0xb721e000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721e000-0xb721f000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721f000-0xb7220000
0xb7220000-0xb7246000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7246000-0xb7247000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7247000-0xb7248000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7248000-0xb7249000
0xb7249000-0xb7292000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7292000-0xb7293000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7293000-0xb7294000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7294000-0xb72a4000
0xb72a4000-0xb7343000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7343000-0xb7345000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7345000-0xb7346000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7346000-0xb779f000
0xb779f000-0xb77b5000
0xb77b5000-0xb77b6000 [vdso]
0xb77b6000-0xb77d6000 /lib/i386-linux-gnu/ld-2.19.so
0xb77d6000-0xb77d7000 /lib/i386-linux-gnu/ld-2.19.so
0xb77d7000-0xb77d8000 /lib/i386-linux-gnu/ld-2.19.so
0xbfc49000-0xbfc6a000 [stack]
==5856==End of process memory map.
==5856==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:66 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0xb72f84c1 (/usr/lib/i386-linux-gnu/libasan.so.1+0x544c1)
#1 0xb72fc6a9 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/i386-linux-gnu/libasan.so.1+0x586a9)
#2 0xb7301e22 (/usr/lib/i386-linux-gnu/libasan.so.1+0x5de22)
#3 0xb72bc99b (/usr/lib/i386-linux-gnu/libasan.so.1+0x1899b)
#4 0xb72bd5e9 (/usr/lib/i386-linux-gnu/libasan.so.1+0x195e9)
#5 0xb72f2d71 in __interceptor_posix_memalign (/usr/lib/i386-linux-gnu/libasan.so.1+0x4ed71)
#6 0x80e783b in AcquireAlignedMemory MagickCore/memory.c:262
#7 0x80e783b in AcquireVirtualMemory MagickCore/memory.c:636
#8 0x829c509 in ReadBMPImage coders/bmp.c:945
#9 0x88980c8 in ReadImage MagickCore/constitute.c:497
#10 0x889bb49 in ReadImages MagickCore/constitute.c:866
#11 0x8ea0ba0 in ConvertImageCommand MagickWand/convert.c:641
#12 0x8fa97d1 in MagickCommandGenesis MagickWand/mogrify.c:183
#13 0x8074e7a in MagickMain utilities/magick.c:149
#14 0x805572a in main utilities/magick.c:180
#15 0xb6e64a82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
#16 0x80744ba (/usr/local/bin/magick+0x80744ba)
POC:https://github.com/whiteHat001/FUZZ_POC/blob/master/oom-ReadBMPImage2