New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null Pointer Dereference at SketchImage of MagickCore/fx.c #775

Closed
viennadd opened this Issue Sep 22, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@viennadd

viennadd commented Sep 22, 2017

Hi all,

ImageMagick-7.0.6-5, still exist in latest development branch

AcquireRandomInfoThreadSet might return NULL if AcquireMagickMemory fails, then it will cause Null Pointer Deference and Denial of Service.

MagickExport Image *SketchImage(const Image *image,const double radius,
  const double sigma,const double angle,ExceptionInfo *exception)
{
.......................
  status=MagickTrue;
  random_info=AcquireRandomInfoThreadSet();          // Might return NULL if allocating memory failed 
  random_view=AcquireAuthenticCacheView(random_image,exception);
#if defined(MAGICKCORE_OPENMP_SUPPORT)
  key=GetRandomSecretKey(random_info[0]);             // one of the Dereference of variable `random_info`
  #pragma omp parallel for schedule(static,4) shared(status) \
    magick_threads(random_image,random_image,random_image->rows,key == ~0UL)
#endif
  for (y=0; y < (ssize_t) random_image->rows; y++)
  

Similar suspicious code pieces might also share the same issue:

random_info=AcquireRandomInfoThreadSet();

random_info=AcquireRandomInfoThreadSet();

random_info=AcquireRandomInfoThreadSet();

Regards,
Alex, SourceBrella Inc.

urban-warrior pushed a commit that referenced this issue Sep 22, 2017

urban-warrior pushed a commit that referenced this issue Sep 22, 2017

@mikayla-grace

This comment has been minimized.

Show comment
Hide comment
@mikayla-grace

mikayla-grace Sep 22, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

mikayla-grace commented Sep 22, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@carnil

This comment has been minimized.

Show comment
Hide comment
@carnil

carnil Jan 3, 2018

This issue was assigned CVE-2017-1000445

carnil commented Jan 3, 2018

This issue was assigned CVE-2017-1000445

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment