Skip to content

memory leak in ReadXPMImage #873

Closed
Closed
@henices

Description

@henices

$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib

Trigger Command: magick ReadXPMImage-memory-leak /dev/null

magick: image depth not supported `ReadXPMImage-memory-leak' @ error/image.c/SetImageExtent/2558.
==============================================================
==27118==ERROR: LeakSanitizer: detected memory leaks  
Direct leak of 135168 byte(s) in 1 object(s) allocated from:                                   
    #0 0x7f9d85071c40 in realloc (/lib64/libasan.so.4+0xdec40)                                 
    #1 0x7f9d84487446 in ResizeMagickMemory MagickCore/memory.c:1225                           
    #2 0x7f9d844874ca in ResizeQuantumMemory MagickCore/memory.c:1289                          
    #3 0x7f9d848d7c30 in ReadXPMImage coders/xpm.c:315                                         
    #4 0x7f9d842b90f5 in ReadImage MagickCore/constitute.c:497                                 
    #5 0x7f9d842bbfbe in ReadImages MagickCore/constitute.c:866                                
    #6 0x7f9d83d1486a in CLINoImageOperator MagickWand/operation.c:4763                        
    #7 0x7f9d83d17b72 in CLIOption MagickWand/operation.c:5258                                 
    #8 0x7f9d83bc05f8 in ProcessCommandOptions MagickWand/magick-cli.c:424                     
    #9 0x7f9d83bc1ea0 in MagickImageCommand MagickWand/magick-cli.c:794                        
    #10 0x7f9d83bfb0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x401a36 in MagickMain utilities/magick.c:149                                          
    #12 0x401ca0 in main utilities/magick.c:180
    #13 0x7f9d7fd90889 in __libc_start_main (/lib64/libc.so.6+0x20889)                         
                                                                                               
Direct leak of 88 byte(s) in 1 object(s) allocated from:                                       
    #0 0x7f9d85071850 in malloc (/lib64/libasan.so.4+0xde850)                                  
    #1 0x7f9d844860f2 in AcquireMagickMemory MagickCore/memory.c:464                           
    #2 0x7f9d8458fd6e in AcquireCriticalMemory MagickCore/memory-private.h:57                  
    #3 0x7f9d84593c96 in NewSplayTree MagickCore/splay-tree.c:1148                             
    #4 0x7f9d848d82dd in ReadXPMImage coders/xpm.c:365                                         
    #5 0x7f9d842b90f5 in ReadImage MagickCore/constitute.c:497                                 
    #6 0x7f9d842bbfbe in ReadImages MagickCore/constitute.c:866                                
    #7 0x7f9d83d1486a in CLINoImageOperator MagickWand/operation.c:4763                        
    #8 0x7f9d83d17b72 in CLIOption MagickWand/operation.c:5258                                 
    #9 0x7f9d83bc05f8 in ProcessCommandOptions MagickWand/magick-cli.c:424                     
    #10 0x7f9d83bc1ea0 in MagickImageCommand MagickWand/magick-cli.c:794                       
    #11 0x7f9d83bfb0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x401a36 in MagickMain utilities/magick.c:149                                          
    #13 0x401ca0 in main utilities/magick.c:180
    #14 0x7f9d7fd90889 in __libc_start_main (/lib64/libc.so.6+0x20889)     

Indirect leak of 6912 byte(s) in 216 object(s) allocated from:
    #0 0x7f9d85071850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f9d844860f2 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f9d845902a7 in AddValueToSplayTree MagickCore/splay-tree.c:189
    #3 0x7f9d848d84ce in ReadXPMImage coders/xpm.c:382
    #4 0x7f9d842b90f5 in ReadImage MagickCore/constitute.c:497
    #5 0x7f9d842bbfbe in ReadImages MagickCore/constitute.c:866
    #6 0x7f9d83d1486a in CLINoImageOperator MagickWand/operation.c:4763
    #7 0x7f9d83d17b72 in CLIOption MagickWand/operation.c:5258
    #8 0x7f9d83bc05f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #9 0x7f9d83bc1ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #10 0x7f9d83bfb0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x401a36 in MagickMain utilities/magick.c:149
    #12 0x401ca0 in main utilities/magick.c:180
    #13 0x7f9d7fd90889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 648 byte(s) in 216 object(s) allocated from:
    #0 0x7f9d85071850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f9d844860f2 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f9d84486146 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f9d845bacf4 in ConstantString MagickCore/string.c:700
    #4 0x7f9d848d84b6 in ReadXPMImage coders/xpm.c:382
    #5 0x7f9d842b90f5 in ReadImage MagickCore/constitute.c:497
    #6 0x7f9d842bbfbe in ReadImages MagickCore/constitute.c:866
    #7 0x7f9d83d1486a in CLINoImageOperator MagickWand/operation.c:4763
    #8 0x7f9d83d17b72 in CLIOption MagickWand/operation.c:5258
    #9 0x7f9d83bc05f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #10 0x7f9d83bc1ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #11 0x7f9d83bfb0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x401a36 in MagickMain utilities/magick.c:149
    #13 0x401ca0 in main utilities/magick.c:180
    #14 0x7f9d7fd90889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f9d850724a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f9d8457c4ce in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f9d8457c5b8 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f9d84593e87 in NewSplayTree MagickCore/splay-tree.c:1159
    #4 0x7f9d848d82dd in ReadXPMImage coders/xpm.c:365
    #5 0x7f9d842b90f5 in ReadImage MagickCore/constitute.c:497
    #6 0x7f9d842bbfbe in ReadImages MagickCore/constitute.c:866
    #7 0x7f9d83d1486a in CLINoImageOperator MagickWand/operation.c:4763
    #8 0x7f9d83d17b72 in CLIOption MagickWand/operation.c:5258
    #9 0x7f9d83bc05f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #10 0x7f9d83bc1ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #11 0x7f9d83bfb0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x401a36 in MagickMain utilities/magick.c:149
    #13 0x401ca0 in main utilities/magick.c:180
    #14 0x7f9d7fd90889 in __libc_start_main (/lib64/libc.so.6+0x20889)

SUMMARY: AddressSanitizer: 142880 byte(s) leaked in 435 allocation(s).

testcase:
https://github.com/henices/pocs/raw/master/ReadXPMImage-memory-leak

Credit: NSFocus Security Team <security (at) nsfocus (dot) com>

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions