Skip to content

memory leaks in ReadMATImage #878

Closed
Closed
@henices

Description

@henices

$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib

Trigger Command: magick ReadMATImage-memory-leaks /dev/null

magick: UnsupportedCellTypeInTheMatrix `ReadMATImage-memory-leaks' @ error/mat.c/ReadMATImage/1056.

=================================================================
==12635==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f43437713cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f434372bf91 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x7f434372e93e in AcquireImageInfo MagickCore/image.c:346
    #4 0x7f4343731a7f in CloneImageInfo MagickCore/image.c:947
    #5 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #6 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #7 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #8 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #9 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #10 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #11 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #12 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x401a36 in MagickMain utilities/magick.c:149
    #14 0x401ca0 in main utilities/magick.c:180
    #15 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f43437713cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f434387b05d in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x7f434387ef85 in NewSplayTree MagickCore/splay-tree.c:1148
    #4 0x7f434387c145 in CloneSplayTree MagickCore/splay-tree.c:360
    #5 0x7f4343796eaa in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f43437330ed in CloneImageInfo MagickCore/image.c:1012
    #7 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #8 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #9 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #10 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #11 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #12 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a36 in MagickMain utilities/magick.c:149
    #16 0x401ca0 in main utilities/magick.c:180
    #17 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435d4a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f43438677bd in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f43438678a7 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f434387f176 in NewSplayTree MagickCore/splay-tree.c:1159
    #4 0x7f434387c145 in CloneSplayTree MagickCore/splay-tree.c:360
    #5 0x7f4343796eaa in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f43437330ed in CloneImageInfo MagickCore/image.c:1012
    #7 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #8 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #9 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #10 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #11 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #12 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a36 in MagickMain utilities/magick.c:149
    #16 0x401ca0 in main utilities/magick.c:180
    #17 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f43437713cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f434387b596 in AddValueToSplayTree MagickCore/splay-tree.c:189
    #3 0x7f434387c2ce in CloneSplayTree MagickCore/splay-tree.c:372
    #4 0x7f4343796eaa in CloneImageOptions MagickCore/option.c:1883
    #5 0x7f43437330ed in CloneImageInfo MagickCore/image.c:1012
    #6 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #7 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #8 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #9 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #10 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #11 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #12 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #13 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x401a36 in MagickMain utilities/magick.c:149
    #15 0x401ca0 in main utilities/magick.c:180
    #16 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 26 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f43437713cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f4343771420 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f43438a5fe3 in ConstantString MagickCore/string.c:700
    #4 0x7f434387c262 in CloneSplayTree MagickCore/splay-tree.c:373
    #5 0x7f4343796eaa in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f43437330ed in CloneImageInfo MagickCore/image.c:1012
    #7 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #8 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #9 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #10 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #11 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #12 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a36 in MagickMain utilities/magick.c:149
    #16 0x401ca0 in main utilities/magick.c:180
    #17 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x7f434435c850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f43437713cc in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f4343771420 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f43438a5fe3 in ConstantString MagickCore/string.c:700
    #4 0x7f434387c2b9 in CloneSplayTree MagickCore/splay-tree.c:372
    #5 0x7f4343796eaa in CloneImageOptions MagickCore/option.c:1883
    #6 0x7f43437330ed in CloneImageInfo MagickCore/image.c:1012
    #7 0x7f4343a46e8b in ReadMATImage coders/mat.c:962
    #8 0x7f43435a43cf in ReadImage MagickCore/constitute.c:497
    #9 0x7f43435a7298 in ReadImages MagickCore/constitute.c:866
    #10 0x7f4342fff86a in CLINoImageOperator MagickWand/operation.c:4763
    #11 0x7f4343002b72 in CLIOption MagickWand/operation.c:5258
    #12 0x7f4342eab5f8 in ProcessCommandOptions MagickWand/magick-cli.c:424
    #13 0x7f4342eacea0 in MagickImageCommand MagickWand/magick-cli.c:794
    #14 0x7f4342ee60e6 in MagickCommandGenesis MagickWand/mogrify.c:183
    #15 0x401a36 in MagickMain utilities/magick.c:149
    #16 0x401ca0 in main utilities/magick.c:180
    #17 0x7f433f07b889 in __libc_start_main (/lib64/libc.so.6+0x20889)

SUMMARY: AddressSanitizer: 13243 byte(s) leaked in 6 allocation(s).

testcase:
https://github.com/henices/pocs/raw/master/ReadMATImage-memory-leaks

Credit: NSFocus Security Team <security (at) nsfocus (dot) com>

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions