New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leaks #904

Closed
littleputa opened this Issue Dec 20, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@littleputa

littleputa commented Dec 20, 2017

system:ubuntu 14.04 64

ubuntu@ubuntu:~/fuzz_py$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-12-19 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): fontconfig freetype png x zlib

ubuntu@ubuntu:~/fuzz_py$ magick montage poc /dev/null
montage: no decode delegate for this image format ' @ error/constitute.c/ReadImage/509. montage: /dev/null' @ error/montage.c/MontageImageCommand/1775.

=================================================================
==116829==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4712 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7ff9bd11fb76 in AcquireCriticalMemory /home/ubuntu/ImageMagick/./MagickCore/memory-private.h:57:10
#2 0x7ff9bd11fb76 in CloneMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:110
#3 0x7ff9bc8448b6 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:353:16
#4 0x7ff9bc7cd1c2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#5 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#6 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#7 0x7ff9ba34df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 4108 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7ff9bd318784 in AcquireString /home/ubuntu/ImageMagick/MagickCore/string.c:137:24
#2 0x7ff9bd120199 in GetMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:226:26
#3 0x7ff9bd11fb90 in CloneMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:111:3
#4 0x7ff9bc8448b6 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:353:16
#5 0x7ff9bc7cd1c2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#6 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#7 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#8 0x7ff9ba34df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: 8820 byte(s) leaked in 2 allocation(s).

poc.zip

urban-warrior pushed a commit that referenced this issue Dec 20, 2017

urban-warrior pushed a commit that referenced this issue Dec 20, 2017

@urban-warrior

This comment has been minimized.

Show comment
Hide comment
@urban-warrior

urban-warrior Dec 20, 2017

Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

Contributor

urban-warrior commented Dec 20, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Dec 20, 2017

@dlemstra dlemstra closed this Dec 20, 2017

@littleputa

This comment has been minimized.

Show comment
Hide comment
@littleputa

littleputa Dec 21, 2017

credit: nsfocus security team.

littleputa commented Dec 21, 2017

credit: nsfocus security team.

@littleputa

This comment has been minimized.

Show comment
Hide comment
@littleputa

littleputa Jan 8, 2018

CVE-2017-18022

littleputa commented Jan 8, 2018

CVE-2017-18022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment