Closed
Description
$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib
Trigger Command: magick ReadPSDChannelZip-memory-leaks /dev/null
magick: unexpected end-of-file `ReadPSDChannelZip-memory-leaks' @ error/psd.c/ReadPSDChannelZip/1247.
magick: unable to decompress image `ReadPSDChannelZip-memory-leaks' @ error/psd.c/ReadPSDChannel/1408.
=================================================================
==10717==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 27260 byte(s) in 1 object(s) allocated from:
#0 0x7f14e35e8850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x7f14e29fd38c in AcquireMagickMemory MagickCore/memory.c:464
#2 0x7f14e29fd3e0 in AcquireQuantumMemory MagickCore/memory.c:537
#3 0x7f14e2db6505 in ReadPSDChannelZip coders/psd.c:1236
#4 0x7f14e2db7364 in ReadPSDChannel coders/psd.c:1387
#5 0x7f14e2db7ea0 in ReadPSDLayer coders/psd.c:1470
#6 0x7f14e2dbaee7 in ReadPSDLayersInternal coders/psd.c:1834
#7 0x7f14e2dbe4ed in ReadPSDImage coders/psd.c:2182
#8 0x7f14e283038f in ReadImage MagickCore/constitute.c:497
#9 0x7f14e2833258 in ReadImages MagickCore/constitute.c:866
#10 0x7f14e228b86a in CLINoImageOperator MagickWand/operation.c:4763
#11 0x7f14e228eb72 in CLIOption MagickWand/operation.c:5258
#12 0x7f14e21375f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
#13 0x7f14e2138ea0 in MagickImageCommand MagickWand/magick-cli.c:794
#14 0x7f14e21720e6 in MagickCommandGenesis MagickWand/mogrify.c:183
#15 0x401a36 in MagickMain utilities/magick.c:149
#16 0x401ca0 in main utilities/magick.c:180
#17 0x7f14de307889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: 27260 byte(s) leaked in 1 allocation(s).
testcase:
https://github.com/henices/pocs/raw/master/ReadPSDChannelZip-memory-leaks
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>