Closed
Description
version:
Version: ImageMagick 7.0.7-4 Q16 x86_64
gcc 7.1
crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505984356.vips
trigger command :
./magick convert im_poc_1505984356.vips /dev/null
detail :
root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick convert im_poc_1505984356.vips /dev/null
=================================================================
==86680==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1834159 byte(s) in 1 object(s) allocated from:
#0 0x7f676d3ead10 in __interceptor_realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded10)
#1 0x7f676c7c7feb in ResizeMagickMemory MagickCore/memory.c:1225
#2 0x7f676c7c806f in ResizeQuantumMemory MagickCore/memory.c:1289
#3 0x7f676c8fe6bf in ConcatenateString MagickCore/string.c:501
#4 0x7f676cc048c6 in ReadVIPSImage coders/vips.c:511
#5 0x7f676c5f36dd in ReadImage MagickCore/constitute.c:497
#6 0x7f676c5f65c4 in ReadImages MagickCore/constitute.c:866
#7 0x7f676bdae8be in ConvertImageCommand MagickWand/convert.c:641
#8 0x7f676bf29722 in MagickCommandGenesis MagickWand/mogrify.c:183
#9 0x401a15 in MagickMain utilities/magick.c:149
#10 0x401c8e in main utilities/magick.c:180
#11 0x7f676b49182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: 1834159 byte(s) leaked in 1 allocation(s).
Credit:jerryl3e of Baidu Security Lab