New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leaks in ReadOneMNGImage #903

Closed
henices opened this Issue Dec 19, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@henices
Copy link
Contributor

henices commented Dec 19, 2017

/usr/local/bin/magick -version
Version: ImageMagick 7.0.7-16 Q16 x86_64 2017-12-19 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib

Trigger Command: magick convert memory-leaks-wYQ0gKxwmALb50pqSNuH0mMtB2nGc6DL.mng /dev/null

convert: cache resources exhausted `memory-leaks-wYQ0gKxwmALb50pqSNuH0mMtB2nGc6DL.mng' @ error/cache.c/OpenPixelCache/3655.

=================================================================
==22719==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x7f3410196850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f340f56e8dd in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f340f325258 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x7f340f325381 in AcquirePixelCache MagickCore/cache.c:192
    #4 0x7f340f326219 in ClonePixelCache MagickCore/cache.c:411
    #5 0x7f340f32b77f in GetImagePixelCache MagickCore/cache.c:1632
    #6 0x7f340f33b5e6 in SyncImagePixelCache MagickCore/cache.c:5260
    #7 0x7f340f365a88 in SetImageColorspace MagickCore/colorspace.c:1182
    #8 0x7f340f3859d4 in CompositeImage MagickCore/composite.c:595
    #9 0x7f340f54759a in CoalesceImages MagickCore/layer.c:280
    #10 0x7f340fa1eab1 in ReadOneMNGImage coders/png.c:7583
    #11 0x7f340fa1f83c in ReadMNGImage coders/png.c:7694
    #12 0x7f340f39b48b in ReadImage MagickCore/constitute.c:497
    #13 0x7f340f39e354 in ReadImages MagickCore/constitute.c:866
    #14 0x7f340eb529bf in ConvertImageCommand MagickWand/convert.c:641
    #15 0x7f340eccd25c in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x401b16 in MagickMain utilities/magick.c:149
    #17 0x401d80 in main utilities/magick.c:180
    #18 0x7f34088b5039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Indirect leak of 704 byte(s) in 1 object(s) allocated from:
    #0 0x7f3410196850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f340f56e8dd in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f340f56e931 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f340f325ae7 in AcquirePixelCacheNexus MagickCore/cache.c:263
    #4 0x7f340f32569e in AcquirePixelCache MagickCore/cache.c:206
    #5 0x7f340f326219 in ClonePixelCache MagickCore/cache.c:411
    #6 0x7f340f32b77f in GetImagePixelCache MagickCore/cache.c:1632
    #7 0x7f340f33b5e6 in SyncImagePixelCache MagickCore/cache.c:5260
    #8 0x7f340f365a88 in SetImageColorspace MagickCore/colorspace.c:1182
    #9 0x7f340f3859d4 in CompositeImage MagickCore/composite.c:595
    #10 0x7f340f54759a in CoalesceImages MagickCore/layer.c:280
    #11 0x7f340fa1eab1 in ReadOneMNGImage coders/png.c:7583
    #12 0x7f340fa1f83c in ReadMNGImage coders/png.c:7694
    #13 0x7f340f39b48b in ReadImage MagickCore/constitute.c:497
    #14 0x7f340f39e354 in ReadImages MagickCore/constitute.c:866
    #15 0x7f340eb529bf in ConvertImageCommand MagickWand/convert.c:641
    #16 0x7f340eccd25c in MagickCommandGenesis MagickWand/mogrify.c:183
    #17 0x401b16 in MagickMain utilities/magick.c:149
    #18 0x401d80 in main utilities/magick.c:180
    #19 0x7f34088b5039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f34101974a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f340f66926e in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f340f669358 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f340f325917 in AcquirePixelCache MagickCore/cache.c:223
    #4 0x7f340f326219 in ClonePixelCache MagickCore/cache.c:411
    #5 0x7f340f32b77f in GetImagePixelCache MagickCore/cache.c:1632
    #6 0x7f340f33b5e6 in SyncImagePixelCache MagickCore/cache.c:5260
    #7 0x7f340f365a88 in SetImageColorspace MagickCore/colorspace.c:1182
    #8 0x7f340f3859d4 in CompositeImage MagickCore/composite.c:595
    #9 0x7f340f54759a in CoalesceImages MagickCore/layer.c:280
    #10 0x7f340fa1eab1 in ReadOneMNGImage coders/png.c:7583
    #11 0x7f340fa1f83c in ReadMNGImage coders/png.c:7694
    #12 0x7f340f39b48b in ReadImage MagickCore/constitute.c:497
    #13 0x7f340f39e354 in ReadImages MagickCore/constitute.c:866
    #14 0x7f340eb529bf in ConvertImageCommand MagickWand/convert.c:641
    #15 0x7f340eccd25c in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x401b16 in MagickMain utilities/magick.c:149
    #17 0x401d80 in main utilities/magick.c:180
    #18 0x7f34088b5039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f34101974a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f340f66926e in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f340f669358 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f340f3258a7 in AcquirePixelCache MagickCore/cache.c:221
    #4 0x7f340f326219 in ClonePixelCache MagickCore/cache.c:411
    #5 0x7f340f32b77f in GetImagePixelCache MagickCore/cache.c:1632
    #6 0x7f340f33b5e6 in SyncImagePixelCache MagickCore/cache.c:5260
    #7 0x7f340f365a88 in SetImageColorspace MagickCore/colorspace.c:1182
    #8 0x7f340f3859d4 in CompositeImage MagickCore/composite.c:595
    #9 0x7f340f54759a in CoalesceImages MagickCore/layer.c:280
    #10 0x7f340fa1eab1 in ReadOneMNGImage coders/png.c:7583
    #11 0x7f340fa1f83c in ReadMNGImage coders/png.c:7694
    #12 0x7f340f39b48b in ReadImage MagickCore/constitute.c:497
    #13 0x7f340f39e354 in ReadImages MagickCore/constitute.c:866
    #14 0x7f340eb529bf in ConvertImageCommand MagickWand/convert.c:641
    #15 0x7f340eccd25c in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x401b16 in MagickMain utilities/magick.c:149
    #17 0x401d80 in main utilities/magick.c:180
    #18 0x7f34088b5039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f34101974a0 in posix_memalign (/lib64/libasan.so.4+0xdf4a0)
    #1 0x7f340f56e7dd in AcquireAlignedMemory MagickCore/memory.c:262
    #2 0x7f340f3259f6 in AcquirePixelCacheNexus MagickCore/cache.c:259
    #3 0x7f340f32569e in AcquirePixelCache MagickCore/cache.c:206
    #4 0x7f340f326219 in ClonePixelCache MagickCore/cache.c:411
    #5 0x7f340f32b77f in GetImagePixelCache MagickCore/cache.c:1632
    #6 0x7f340f33b5e6 in SyncImagePixelCache MagickCore/cache.c:5260
    #7 0x7f340f365a88 in SetImageColorspace MagickCore/colorspace.c:1182
    #8 0x7f340f3859d4 in CompositeImage MagickCore/composite.c:595
    #9 0x7f340f54759a in CoalesceImages MagickCore/layer.c:280
    #10 0x7f340fa1eab1 in ReadOneMNGImage coders/png.c:7583
    #11 0x7f340fa1f83c in ReadMNGImage coders/png.c:7694
    #12 0x7f340f39b48b in ReadImage MagickCore/constitute.c:497
    #13 0x7f340f39e354 in ReadImages MagickCore/constitute.c:866
    #14 0x7f340eb529bf in ConvertImageCommand MagickWand/convert.c:641
    #15 0x7f340eccd25c in MagickCommandGenesis MagickWand/mogrify.c:183
    #16 0x401b16 in MagickMain utilities/magick.c:149
    #17 0x401d80 in main utilities/magick.c:180
    #18 0x7f34088b5039 in __libc_start_main (/lib64/libc.so.6+0x21039)

SUMMARY: AddressSanitizer: 9992 byte(s) leaked in 5 allocation(s).

testcase

Credit: NSFocus Security Team <security (at) nsfocus (dot) com>

@urban-warrior

This comment has been minimized.

Copy link
Contributor

urban-warrior commented Dec 19, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

urban-warrior pushed a commit that referenced this issue Dec 19, 2017

Cristy

urban-warrior pushed a commit that referenced this issue Dec 19, 2017

Cristy

@henices henices closed this Dec 20, 2017

@dlemstra dlemstra added the bug label Dec 20, 2017

@nohmask

This comment has been minimized.

Copy link

nohmask commented Dec 25, 2017

This was assigned CVE-2017-17887.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment