Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null Pointer Dereference at SketchImage of MagickCore/fx.c #775

Closed
viennadd opened this issue Sep 22, 2017 · 2 comments
Closed

Null Pointer Dereference at SketchImage of MagickCore/fx.c #775

viennadd opened this issue Sep 22, 2017 · 2 comments
Labels

Comments

@viennadd
Copy link

viennadd commented Sep 22, 2017

Hi all,

ImageMagick-7.0.6-5, still exist in latest development branch

AcquireRandomInfoThreadSet might return NULL if AcquireMagickMemory fails, then it will cause Null Pointer Deference and Denial of Service.

MagickExport Image *SketchImage(const Image *image,const double radius,
  const double sigma,const double angle,ExceptionInfo *exception)
{
.......................
  status=MagickTrue;
  random_info=AcquireRandomInfoThreadSet();          // Might return NULL if allocating memory failed 
  random_view=AcquireAuthenticCacheView(random_image,exception);
#if defined(MAGICKCORE_OPENMP_SUPPORT)
  key=GetRandomSecretKey(random_info[0]);             // one of the Dereference of variable `random_info`
  #pragma omp parallel for schedule(static,4) shared(status) \
    magick_threads(random_image,random_image,random_image->rows,key == ~0UL)
#endif
  for (y=0; y < (ssize_t) random_image->rows; y++)
  

Similar suspicious code pieces might also share the same issue:

random_info=AcquireRandomInfoThreadSet();

random_info=AcquireRandomInfoThreadSet();

random_info=AcquireRandomInfoThreadSet();

Regards,
Alex, SourceBrella Inc.

@mikayla-grace
Copy link

mikayla-grace commented Sep 22, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@carnil
Copy link

carnil commented Jan 3, 2018

This issue was assigned CVE-2017-1000445

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants