Skip to content

memory leak in ReadMATImage coders/mat.c:962 #740

Closed
@jerryl3e

Description

@jerryl3e

version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1

crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1504844768.mat

trigger command :
./magick convert im_poc_1504844768.mat /dev/null

detail :


root@work:/home/work/fuzzing/ImageMagick-7.0.7-1/utilities# ./magick im_poc_1504844768.mat /dev/null
lt-magick: multi-dimensional matrices are not supported `im_poc_1504844768.mat' @ error/mat.c/ReadMATImage/1002.

=================================================================
==129199==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fda920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7f835365c336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f835361997f in AcquireImageInfo MagickCore/image.c:347
    #3 0x7f835361cb9a in CloneImageInfo MagickCore/image.c:952
    #4 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #5 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #6 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #7 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #8 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #9 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #10 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #11 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x401a25 in MagickMain utilities/magick.c:149
    #13 0x401c9e in main utilities/magick.c:180
    #14 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fda920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7f835365c336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f83537691e4 in NewSplayTree MagickCore/splay-tree.c:1106
    #3 0x7f8353766572 in CloneSplayTree MagickCore/splay-tree.c:359
    #4 0x7f8353681e2a in CloneImageOptions MagickCore/option.c:1883
    #5 0x7f835361e18d in CloneImageInfo MagickCore/image.c:1007
    #6 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #7 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #8 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #9 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #10 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #11 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #12 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #13 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x401a25 in MagickMain utilities/magick.c:149
    #15 0x401c9e in main utilities/magick.c:180
    #16 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fdb570 in posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdf570)
    #1 0x7f8353752634 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f835375271c in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f83537694b1 in NewSplayTree MagickCore/splay-tree.c:1119
    #4 0x7f8353766572 in CloneSplayTree MagickCore/splay-tree.c:359
    #5 0x7f8353681e2a in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f835361e18d in CloneImageInfo MagickCore/image.c:1007
    #7 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #8 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #9 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #10 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #11 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #12 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a25 in MagickMain utilities/magick.c:149
    #16 0x401c9e in main utilities/magick.c:180
    #17 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fda920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7f835365c336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f83537659c9 in AddValueToSplayTree MagickCore/splay-tree.c:188
    #3 0x7f83537666fb in CloneSplayTree MagickCore/splay-tree.c:371
    #4 0x7f8353681e2a in CloneImageOptions MagickCore/option.c:1883
    #5 0x7f835361e18d in CloneImageInfo MagickCore/image.c:1007
    #6 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #7 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #8 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #9 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #10 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #11 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #12 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #13 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x401a25 in MagickMain utilities/magick.c:149
    #15 0x401c9e in main utilities/magick.c:180
    #16 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 22 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fda920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7f835365c336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f835365c38a in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f835378fe89 in ConstantString MagickCore/string.c:701
    #4 0x7f835376668f in CloneSplayTree MagickCore/splay-tree.c:372
    #5 0x7f8353681e2a in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f835361e18d in CloneImageInfo MagickCore/image.c:1007
    #7 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #8 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #9 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #10 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #11 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #12 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a25 in MagickMain utilities/magick.c:149
    #16 0x401c9e in main utilities/magick.c:180
    #17 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x7f8353fda920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7f835365c336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f835365c38a in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f835378fe89 in ConstantString MagickCore/string.c:701
    #4 0x7f83537666e6 in CloneSplayTree MagickCore/splay-tree.c:371
    #5 0x7f8353681e2a in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f835361e18d in CloneImageInfo MagickCore/image.c:1007
    #7 0x7f8353895594 in ReadMATImage coders/mat.c:962
    #8 0x7f83534ef6b0 in ReadImage MagickCore/constitute.c:497
    #9 0x7f83534f2597 in ReadImages MagickCore/constitute.c:866
    #10 0x7f8352fd81fa in CLINoImageOperator MagickWand/operation.c:4760
    #11 0x7f8352fdb518 in CLIOption MagickWand/operation.c:5255
    #12 0x7f8352e83cba in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f8352e85562 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f8352ebeacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a25 in MagickMain utilities/magick.c:149
    #16 0x401c9e in main utilities/magick.c:180
    #17 0x7f83524ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 13239 byte(s) leaked in 6 allocation(s).

Credit:Baidu Security Lab

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions