Skip to content

memory leaks in MSLPushImage #920

Closed
Closed
@just0day

Description

@just0day

Version: ImageMagick 7.0.7-17 Q16 x86_64 2017-12-26 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib djvu fftw fontconfig freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff wmf x xml zlib

magick convert Memory-Leak-MSLPushImage 1.msl

convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/714.
convert: UnableToOpenConfigureFile `type.xml' @ warning/configure.c/GetConfigureOptions/714.
convert: UnableToReadFont `Memory-Leak-MSLPushImage' @ error/annotate.c/RenderFreetype/1388.
convert: NonconformingDrawingPrimitiveDefinition `text' @ error/draw.c/DrawImage/3282.
convert: UnableToOpenConfigureFile `delegates.xml' @ warning/configure.c/GetConfigureOptions/714.

=================================================================
==23783==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x414423 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x418140 in CloneImage MagickCore/image.c:826
    #4 0x5dec13 in MSLPushImage coders/msl.c:579
    #5 0x60b78c in ProcessMSLScript coders/msl.c:7855
    #6 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #7 0x82822e in WriteImage MagickCore/constitute.c:1183
    #8 0x82894f in WriteImages MagickCore/constitute.c:1333
    #9 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #10 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x40fdfc in MagickMain utilities/magick.c:149
    #12 0x40ffdd in main utilities/magick.c:180
    #13 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 13488 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x414423 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x4149a0 in AcquireImage MagickCore/image.c:170
    #4 0x60b307 in ProcessMSLScript coders/msl.c:7817
    #5 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #6 0x82822e in WriteImage MagickCore/constitute.c:1183
    #7 0x82894f in WriteImages MagickCore/constitute.c:1333
    #8 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #9 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #10 0x40fdfc in MagickMain utilities/magick.c:149
    #11 0x40ffdd in main utilities/magick.c:180
    #12 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x414423 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x416851 in AcquireImageInfo MagickCore/image.c:346
    #4 0x41976a in CloneImageInfo MagickCore/image.c:947
    #5 0x5de96c in MSLPushImage coders/msl.c:572
    #6 0x60b78c in ProcessMSLScript coders/msl.c:7855
    #7 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #8 0x82822e in WriteImage MagickCore/constitute.c:1183
    #9 0x82894f in WriteImages MagickCore/constitute.c:1333
    #10 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #11 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x40fdfc in MagickMain utilities/magick.c:149
    #13 0x40ffdd in main utilities/magick.c:180
    #14 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 1080 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x8ab595 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x8ab94a in CloneDrawInfo MagickCore/draw.c:251
    #4 0x5dea70 in MSLPushImage coders/msl.c:573
    #5 0x60b78c in ProcessMSLScript coders/msl.c:7855
    #6 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #7 0x82822e in WriteImage MagickCore/constitute.c:1183
    #8 0x82894f in WriteImages MagickCore/constitute.c:1333
    #9 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #10 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x40fdfc in MagickMain utilities/magick.c:149
    #12 0x40ffdd in main utilities/magick.c:180
    #13 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 512 byte(s) in 2 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f476ab680b9  (/usr/lib/x86_64-linux-gnu/libfontconfig.so.1+0x1d0b9)

Indirect leak of 4608000 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c604076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x440289 in AcquireAlignedMemory MagickCore/memory.c:262
    #2 0x7d4e8d in OpenPixelCache MagickCore/cache.c:3542
    #3 0x7cda8c in GetImagePixelCache MagickCore/cache.c:1663
    #4 0x7dcd2e in SyncImagePixelCache MagickCore/cache.c:5267
    #5 0x41ffba in SetImageExtent MagickCore/image.c:2559
    #6 0x6d4f71 in ReadTTFImage coders/ttf.c:227
    #7 0x824cc4 in ReadImage MagickCore/constitute.c:497
    #8 0x826dff in ReadImages MagickCore/constitute.c:866
    #9 0xb376c2 in ConvertImageCommand MagickWand/convert.c:641
    #10 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x40fdfc in MagickMain utilities/magick.c:149
    #12 0x40ffdd in main utilities/magick.c:180
    #13 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x414423 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x416851 in AcquireImageInfo MagickCore/image.c:346
    #4 0x41976a in CloneImageInfo MagickCore/image.c:947
    #5 0x426183 in SyncImageSettings MagickCore/image.c:4056
    #6 0x416422 in AcquireImage MagickCore/image.c:289
    #7 0x60b307 in ProcessMSLScript coders/msl.c:7817
    #8 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #9 0x82822e in WriteImage MagickCore/constitute.c:1183
    #10 0x82894f in WriteImages MagickCore/constitute.c:1333
    #11 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #12 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x40fdfc in MagickMain utilities/magick.c:149
    #14 0x40ffdd in main utilities/magick.c:180
    #15 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x414423 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x416851 in AcquireImageInfo MagickCore/image.c:346
    #4 0x41976a in CloneImageInfo MagickCore/image.c:947
    #5 0x4186c7 in CloneImage MagickCore/image.c:840
    #6 0x5dec13 in MSLPushImage coders/msl.c:579
    #7 0x60b78c in ProcessMSLScript coders/msl.c:7855
    #8 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #9 0x82822e in WriteImage MagickCore/constitute.c:1183
    #10 0x82894f in WriteImages MagickCore/constitute.c:1333
    #11 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #12 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #13 0x40fdfc in MagickMain utilities/magick.c:149
    #14 0x40ffdd in main utilities/magick.c:180
    #15 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7c7977 in AcquireCriticalMemory MagickCore/memory-private.h:57
    #3 0x7c7a98 in AcquirePixelCache MagickCore/cache.c:192
    #4 0x414fc8 in AcquireImage MagickCore/image.c:205
    #5 0x6d4d9a in ReadTTFImage coders/ttf.c:214
    #6 0x824cc4 in ReadImage MagickCore/constitute.c:497
    #7 0x826dff in ReadImages MagickCore/constitute.c:866
    #8 0xb376c2 in ConvertImageCommand MagickWand/convert.c:641
    #9 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #10 0x40fdfc in MagickMain utilities/magick.c:149
    #11 0x40ffdd in main utilities/magick.c:180
    #12 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

......


Indirect leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x7f476c603602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x44032c in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x440380 in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x4b2cdb in ConstantString MagickCore/string.c:700
    #4 0x49764e in CloneSplayTree MagickCore/splay-tree.c:372
    #5 0x7a8e6b in CloneImageArtifacts MagickCore/artifact.c:118
    #6 0x418735 in CloneImage MagickCore/image.c:843
    #7 0x5dec13 in MSLPushImage coders/msl.c:579
    #8 0x60b78c in ProcessMSLScript coders/msl.c:7855
    #9 0x60d5ec in WriteMSLImage coders/msl.c:8347
    #10 0x82822e in WriteImage MagickCore/constitute.c:1183
    #11 0x82894f in WriteImages MagickCore/constitute.c:1333
    #12 0xbcc473 in ConvertImageCommand MagickWand/convert.c:3280
    #13 0xcb7441 in MagickCommandGenesis MagickWand/mogrify.c:183
    #14 0x40fdfc in MagickMain utilities/magick.c:149
    #15 0x40ffdd in main utilities/magick.c:180
    #16 0x7f4767dfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 4698557 byte(s) leaked in 53 allocation(s).

testcase:https://github.com/just0day/poc/blob/master/Memory-Leak-MSLPushImage

by future-sec

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions