Closed
Description
poc1
version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1
crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505120100
trigger command :
./magick convert im_poc_1505120100 output.mpc
./magick convert output.mpc output.uil
detail :
root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick im_poc_1505120100 out.mpc
root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick out.mpc out.aai
ASAN:SIGSEGV
=================================================================
==49786==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9150edb72b bp 0x7ffd830679e0 sp 0x7ffd83067980 T0)
#0 0x7f9150edb72a in GetVirtualPixels MagickCore/cache.c:3185
#1 0x7f9151203e88 in WriteAAIImage coders/aai.c:386
#2 0x7f9150f44782 in WriteImage MagickCore/constitute.c:1114
#3 0x7f9150f453fe in WriteImages MagickCore/constitute.c:1333
#4 0x7f9150a4097a in CLINoImageOperator MagickWand/operation.c:4795
#5 0x7f9150a431d8 in CLIOption MagickWand/operation.c:5255
#6 0x7f91508e0d5f in ProcessCommandOptions MagickWand/magick-cli.c:529
#7 0x7f91508e1f27 in MagickImageCommand MagickWand/magick-cli.c:794
#8 0x7f915091a246 in MagickCommandGenesis MagickWand/mogrify.c:183
#9 0x4017e1 in MagickMain utilities/magick.c:149
#10 0x4019c2 in main utilities/magick.c:180
#11 0x7f915014682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x4012f8 in _start (/home/work/fuzzing/ImageMagick/utilities/.libs/lt-magick+0x4012f8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV MagickCore/cache.c:3185 GetVirtualPixels
==49786==ABORTING
Credit:Baidu Security Lab