Null Pointer Dereference in PDFDelegateMessage #724

jgj212 · 2017-09-03T15:05:49Z

ImageMagick 7.0.7-0 Q16 x86_64

Here is the critical code:

  if (*messages == (char *) NULL) 
    *messages=(char *) AcquireQuantumMemory(length+1,sizeof(char *));	//141
  else
    {
      offset=strlen(*messages);
      *messages=(char *) ResizeQuantumMemory(*messages,offset+length+1,
        sizeof(char *));
    }
  (void) memcpy(*messages+offset,message,length);
  (*messages)[length+offset] ='\0';
  return(length);

AcquireQuantumMemory(...) may return NULL, so (*messages)[length+offset] will Dereference Null pointer to cause memory error.

Credit: ADLab of Venustech

The text was updated successfully, but these errors were encountered:

mikayla-grace · 2017-09-03T16:08:47Z

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

nohmask · 2017-10-04T09:47:35Z

This was assigned CVE-2017-15015.

urban-warrior pushed a commit that referenced this issue Sep 3, 2017

https://github.com/ImageMagick/ImageMagick/issues/724

0cbb3b3

urban-warrior pushed a commit that referenced this issue Sep 3, 2017

https://github.com/ImageMagick/ImageMagick/issues/724

a0cef9d

dlemstra added the bug label Sep 3, 2017

dlemstra closed this as completed Sep 3, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Null Pointer Dereference in PDFDelegateMessage #724

Null Pointer Dereference in PDFDelegateMessage #724

jgj212 commented Sep 3, 2017

mikayla-grace commented Sep 3, 2017

nohmask commented Oct 4, 2017

Null Pointer Dereference in PDFDelegateMessage #724

Null Pointer Dereference in PDFDelegateMessage #724

Comments

jgj212 commented Sep 3, 2017

mikayla-grace commented Sep 3, 2017

nohmask commented Oct 4, 2017