Skip to content

cpu exhaustion in WritePixelCachePixels #659

Closed
@xcainiao

Description

@xcainiao

Version: ImageMagick 7.0.6-6 Q16 i686 2017-08-08 http://www.imagemagick.org

./magick cpu-poc2 /dev/null

static MagickBooleanType WritePixelCachePixels(
CacheInfo *magick_restrict cache_info,NexusInfo *magick_restrict nexus_info,
ExceptionInfo *exception)
{
.....

        switch (cache_info->type)

{
case MemoryCache:
case MapCache:
{
register Quantum
*magick_restrict q;

  /*
    Write pixels to memory.
  */
  if ((cache_info->columns == nexus_info->region.width) &&
      (extent == (MagickSizeType) ((size_t) extent)))
    {
      length=extent;
      rows=1UL;
    }
  q=cache_info->pixels+offset*cache_info->number_channels;
  for (y=0; y < (ssize_t) rows; y++)
  {
    (void) memcpy(q,p,(size_t) length);
    p+=cache_info->number_channels*nexus_info->region.width;
    q+=cache_info->columns*cache_info->number_channels;
  }
  break;
}
case DiskCache:
{
  /*
    Write pixels to disk.
  */
  LockSemaphoreInfo(cache_info->file_semaphore);
  if (OpenPixelCacheOnDisk(cache_info,IOMode) == MagickFalse)
    {
      ThrowFileException(exception,FileOpenError,"UnableToOpenFile",
        cache_info->cache_filename);
      UnlockSemaphoreInfo(cache_info->file_semaphore);
      return(MagickFalse);
    }
  if ((cache_info->columns == nexus_info->region.width) &&
      (extent <= MagickMaxBufferExtent))
    {
      length=extent;
      rows=1UL;
    }
  for (y=0; y < (ssize_t) rows; y++)
  {
    count=WritePixelCacheRegion(cache_info,cache_info->offset+offset*
      cache_info->number_channels*sizeof(*p),length,(const unsigned char *)
      p);
    if (count != (MagickOffsetType) length)
      break;
    p+=cache_info->number_channels*nexus_info->region.width;
    offset+=cache_info->columns;
  }

       ..... 

}

poc: https://github.com/xcainiao/poc/blob/master/cpu-poc2

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions