Closed
Description
root@ubuntu:/home/hjy/Desktop# convert oom-ReadTIFFImage /dev/null
==27669==ERROR: AddressSanitizer failed to allocate 0x80002000 (-2147475456) bytes of LargeMmapAllocator: 12
==27669==Process memory map follows:
0x08048000-0x09714000 /usr/local/bin/magick
0x09714000-0x09715000 /usr/local/bin/magick
0x09715000-0x0979f000 /usr/local/bin/magick
0x0979f000-0x097a3000
0x1ffff000-0x24000000
0x24000000-0x28000000
0x28000000-0x40000000
0xb2500000-0xb2600000
0xb2700000-0xb2800000
0xb2900000-0xb2a00000
0xb2b00000-0xb2c00000
0xb2d00000-0xb2e00000
0xb2f00000-0xb3000000
0xb3100000-0xb3200000
0xb3300000-0xb3400000
0xb3500000-0xb3600000
0xb3700000-0xb3800000
0xb3900000-0xb3a00000
0xb3b00000-0xb3c00000
0xb3d00000-0xb3e00000
0xb3f00000-0xb4100000 /usr/lib/locale/locale-archive
0xb4100000-0xb4200000
0xb4300000-0xb4400000
0xb4500000-0xb4600000
0xb4700000-0xb4800000
0xb4900000-0xb4a00000
0xb4b00000-0xb4c00000
0xb4d00000-0xb4e00000
0xb4f00000-0xb5000000
0xb5100000-0xb5200000
0xb5300000-0xb5400000
0xb5500000-0xb5600000
0xb5700000-0xb5800000
0xb5900000-0xb5a00000
0xb5ae0000-0xb5c00000
0xb5c05000-0xb5c6a000
0xb5c6a000-0xb5c6b000 /usr/lib/locale/locale-archive
0xb5c6b000-0xb6e21000
0xb6e21000-0xb6e45000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e45000-0xb6e46000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e46000-0xb6e47000 /lib/i386-linux-gnu/liblzma.so.5.0.0
0xb6e47000-0xb6e4a000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e4a000-0xb6e4b000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e4b000-0xb6e4c000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6e4c000-0xb6ff5000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff5000-0xb6ff7000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff7000-0xb6ff8000 /lib/i386-linux-gnu/libc-2.19.so
0xb6ff8000-0xb6ffb000
0xb6ffb000-0xb7013000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7013000-0xb7014000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7014000-0xb7015000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb7015000-0xb7017000
0xb7017000-0xb7032000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7032000-0xb7033000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7033000-0xb7034000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb7034000-0xb7035000
0xb7035000-0xb7079000 /lib/i386-linux-gnu/libm-2.19.so
0xb7079000-0xb707a000 /lib/i386-linux-gnu/libm-2.19.so
0xb707a000-0xb707b000 /lib/i386-linux-gnu/libm-2.19.so
0xb707b000-0xb70a9000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70a9000-0xb70aa000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70aa000-0xb70ab000 /usr/lib/i386-linux-gnu/libgomp.so.1.0.0
0xb70ab000-0xb70c3000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c3000-0xb70c4000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c4000-0xb70c5000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb70c5000-0xb721a000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721a000-0xb721b000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721b000-0xb721f000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb721f000-0xb7220000 /usr/lib/i386-linux-gnu/libxml2.so.2.9.1
0xb7220000-0xb7221000
0xb7221000-0xb7247000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7247000-0xb7248000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7248000-0xb7249000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7249000-0xb724a000
0xb724a000-0xb7293000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7293000-0xb7294000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7294000-0xb7295000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb7295000-0xb72a5000
0xb72a5000-0xb7344000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7344000-0xb7346000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7346000-0xb7347000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7347000-0xb77a0000
0xb77a0000-0xb77b6000
0xb77b6000-0xb77b7000 [vdso]
0xb77b7000-0xb77d7000 /lib/i386-linux-gnu/ld-2.19.so
0xb77d7000-0xb77d8000 /lib/i386-linux-gnu/ld-2.19.so
0xb77d8000-0xb77d9000 /lib/i386-linux-gnu/ld-2.19.so
0xbfd8c000-0xbfdad000 [stack]
==27669==End of process memory map.
==27669==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:66 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0xb72f94c1 (/usr/lib/i386-linux-gnu/libasan.so.1+0x544c1)
#1 0xb72fd6a9 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/i386-linux-gnu/libasan.so.1+0x586a9)
#2 0xb7302e22 (/usr/lib/i386-linux-gnu/libasan.so.1+0x5de22)
#3 0xb72bd99b (/usr/lib/i386-linux-gnu/libasan.so.1+0x1899b)
#4 0xb72be488 (/usr/lib/i386-linux-gnu/libasan.so.1+0x19488)
#5 0xb72f384a in __interceptor_malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e84a)
#6 0x8baef7a in AcquireQuantumPixels MagickCore/quantum.c:175
#7 0x8baef7a in SetQuantumDepth MagickCore/quantum.c:693
#8 0x877f852 in ReadTIFFImage coders/tiff.c:1655
#9 0x88baf5e in ReadImage MagickCore/constitute.c:497
#10 0x88bea44 in ReadImages MagickCore/constitute.c:866
#11 0x8ec36d8 in ConvertImageCommand MagickWand/convert.c:641
#12 0x8fc9e99 in MagickCommandGenesis MagickWand/mogrify.c:183
#13 0x8077d9a in MagickMain utilities/magick.c:149
#14 0x80579ca in main utilities/magick.c:180
#15 0xb6e65a82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
#16 0x807737a (/usr/local/bin/magick+0x807737a)
POC https://github.com/whiteHat001/FUZZ_POC/blob/master/oom-ReadTIFFImage