New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leaks in ReadPGXImage #877

Closed
henices opened this Issue Nov 24, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@henices
Copy link
Contributor

henices commented Nov 24, 2017

$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib

Trigger Command: magick ReadPGXImage-memory-leaks /dev/null


=================================================================
==11698==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 152 byte(s) in 1 object(s) allocated from:
    #0 0x7f1ce5e32850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f1ce52473cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f1ce52da540 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x7f1ce52da66f in AcquireQuantumInfo MagickCore/quantum.c:119
    #4 0x7f1ce55c26a7 in ReadPGXImage coders/pgx.c:204
    #5 0x7f1ce507a3cf in ReadImage MagickCore/constitute.c:497
    #6 0x7f1ce507d298 in ReadImages MagickCore/constitute.c:866
    #7 0x7f1ce4ad586a in CLINoImageOperator MagickWand/operation.c:4763
    #8 0x7f1ce4ad8b72 in CLIOption MagickWand/operation.c:5258
    #9 0x7f1ce49815f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #10 0x7f1ce4982ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #11 0x7f1ce49bc0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x401a36 in MagickMain utilities/magick.c:149
    #13 0x401ca0 in main utilities/magick.c:180
    #14 0x7f1ce0b51889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 2402 byte(s) in 2 object(s) allocated from:
    #0 0x7f1ce5e32850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f1ce52473cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f1ce5247420 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f1ce52da9dc in AcquireQuantumPixels MagickCore/quantum.c:174
    #4 0x7f1ce52dc6c3 in SetQuantumDepth MagickCore/quantum.c:692
    #5 0x7f1ce52da70d in AcquireQuantumInfo MagickCore/quantum.c:124
    #6 0x7f1ce55c26a7 in ReadPGXImage coders/pgx.c:204
    #7 0x7f1ce507a3cf in ReadImage MagickCore/constitute.c:497
    #8 0x7f1ce507d298 in ReadImages MagickCore/constitute.c:866
    #9 0x7f1ce4ad586a in CLINoImageOperator MagickWand/operation.c:4763
    #10 0x7f1ce4ad8b72 in CLIOption MagickWand/operation.c:5258
    #11 0x7f1ce49815f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #12 0x7f1ce4982ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #13 0x7f1ce49bc0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x401a36 in MagickMain utilities/magick.c:149
    #15 0x401ca0 in main utilities/magick.c:180
    #16 0x7f1ce0b51889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f1ce5e334a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f1ce533d7bd in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f1ce533d8a7 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f1ce52db698 in GetQuantumInfo MagickCore/quantum.c:426
    #4 0x7f1ce52da6bd in AcquireQuantumInfo MagickCore/quantum.c:121
    #5 0x7f1ce55c26a7 in ReadPGXImage coders/pgx.c:204
    #6 0x7f1ce507a3cf in ReadImage MagickCore/constitute.c:497
    #7 0x7f1ce507d298 in ReadImages MagickCore/constitute.c:866
    #8 0x7f1ce4ad586a in CLINoImageOperator MagickWand/operation.c:4763
    #9 0x7f1ce4ad8b72 in CLIOption MagickWand/operation.c:5258
    #10 0x7f1ce49815f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #11 0x7f1ce4982ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #12 0x7f1ce49bc0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x401a36 in MagickMain utilities/magick.c:149
    #14 0x401ca0 in main utilities/magick.c:180
    #15 0x7f1ce0b51889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x7f1ce5e32850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f1ce52473cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f1ce5247420 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f1ce52da89b in AcquireQuantumPixels MagickCore/quantum.c:165
    #4 0x7f1ce52dc6c3 in SetQuantumDepth MagickCore/quantum.c:692
    #5 0x7f1ce52da70d in AcquireQuantumInfo MagickCore/quantum.c:124
    #6 0x7f1ce55c26a7 in ReadPGXImage coders/pgx.c:204
    #7 0x7f1ce507a3cf in ReadImage MagickCore/constitute.c:497
    #8 0x7f1ce507d298 in ReadImages MagickCore/constitute.c:866
    #9 0x7f1ce4ad586a in CLINoImageOperator MagickWand/operation.c:4763
    #10 0x7f1ce4ad8b72 in CLIOption MagickWand/operation.c:5258
    #11 0x7f1ce49815f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #12 0x7f1ce4982ea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #13 0x7f1ce49bc0e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x401a36 in MagickMain utilities/magick.c:149
    #15 0x401ca0 in main utilities/magick.c:180
    #16 0x7f1ce0b51889 in __libc_start_main (/lib64/libc.so.6+0x20889)

SUMMARY: AddressSanitizer: 2634 byte(s) leaked in 5 allocation(s).

testcase:
https://github.com/henices/pocs/raw/master/ReadPGXImage-memory-leaks

Credit: NSFocus Security Team <security (at) nsfocus (dot) com>

urban-warrior pushed a commit that referenced this issue Nov 24, 2017

Cristy

urban-warrior pushed a commit that referenced this issue Nov 24, 2017

Cristy
@urban-warrior

This comment has been minimized.

Copy link
Contributor

urban-warrior commented Nov 24, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Nov 24, 2017

@dlemstra dlemstra closed this Nov 24, 2017

@nohmask

This comment has been minimized.

Copy link

nohmask commented Dec 25, 2017

This was assigned CVE-2017-17883.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment