Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory leaks #929

Closed
littleputa opened this issue Jan 4, 2018 · 3 comments
Closed

memory leaks #929

littleputa opened this issue Jan 4, 2018 · 3 comments
Labels
bug

Comments

@littleputa
Copy link

ubuntu@ubuntu:~/fuzz_py$ magick -version
Version: ImageMagick 7.0.7-17 Q16 x86_64 2017-12-26 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): fontconfig freetype png x zlib

ubuntu@ubuntu:~/fuzz_py$ magick montage poc.pattern /dev/null
montage: unrecognized image format poc.pattern' @ error/pattern.c/ReadPATTERNImage/980. montage: /dev/null' @ error/montage.c/MontageImageCommand/1777.

=================================================================
==108470==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f1281f6b7dd in AcquireCriticalMemory /home/ubuntu/ImageMagick/./MagickCore/memory-private.h:57:10
#2 0x7f1281f74d29 in AcquireImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:346:28
#3 0x7f1281f74d29 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:947
#4 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#5 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#6 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#7 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#8 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#9 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#10 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#11 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f1282188369 in AcquireCriticalMemory /home/ubuntu/ImageMagick/./MagickCore/memory-private.h:57:10
#2 0x7f1282188369 in NewSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:1148
#3 0x7f128218802d in CloneSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:360:14
#4 0x7f1281fe283a in CloneImageOptions /home/ubuntu/ImageMagick/MagickCore/option.c:2131:27
#5 0x7f1281f75803 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:1012:10
#6 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#7 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#8 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#9 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#10 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#11 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#12 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#13 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4ba78e in __interceptor_posix_memalign (/usr/local/bin/magick+0x4ba78e)
#1 0x7f128216864a in AcquireSemaphoreMemory /home/ubuntu/ImageMagick/MagickCore/semaphore.c:154:7
#2 0x7f128216864a in AcquireSemaphoreInfo /home/ubuntu/ImageMagick/MagickCore/semaphore.c:200
#3 0x7f1282188451 in NewSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:1159:25
#4 0x7f128218802d in CloneSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:360:14
#5 0x7f1281fe283a in CloneImageOptions /home/ubuntu/ImageMagick/MagickCore/option.c:2131:27
#6 0x7f1281f75803 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:1012:10
#7 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#8 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#9 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#10 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#11 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#12 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#13 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#14 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f12821871a6 in AddValueToSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:189:21
#2 0x7f1282188171 in CloneSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:372:12
#3 0x7f1281fe283a in CloneImageOptions /home/ubuntu/ImageMagick/MagickCore/option.c:2131:27
#4 0x7f1281f75803 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:1012:10
#5 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#6 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#7 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#8 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#9 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#10 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#11 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#12 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f12821be97e in ConstantString /home/ubuntu/ImageMagick/MagickCore/string.c:700:26
#2 0x7f1282188163 in CloneSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:373:7
#3 0x7f1281fe283a in CloneImageOptions /home/ubuntu/ImageMagick/MagickCore/option.c:2131:27
#4 0x7f1281f75803 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:1012:10
#5 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#6 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#7 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#8 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#9 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#10 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#11 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#12 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

Indirect leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f12821be97e in ConstantString /home/ubuntu/ImageMagick/MagickCore/string.c:700:26
#2 0x7f1282188131 in CloneSplayTree /home/ubuntu/ImageMagick/MagickCore/splay-tree.c:372:43
#3 0x7f1281fe283a in CloneImageOptions /home/ubuntu/ImageMagick/MagickCore/option.c:2131:27
#4 0x7f1281f75803 in CloneImageInfo /home/ubuntu/ImageMagick/MagickCore/image.c:1012:10
#5 0x7f12823a6c3b in ReadPATTERNImage /home/ubuntu/ImageMagick/coders/pattern.c:966:13
#6 0x7f1281dc9af1 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#7 0x7f1281dcc2f4 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#8 0x7f12816de3c7 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:410:20
#9 0x7f12816652d2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#10 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#11 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#12 0x7f127f1e5f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: 13229 byte(s) leaked in 6 allocation(s).

poc.zip
@littleputa littleputa reopened this Jan 4, 2018
urban-warrior pushed a commit that referenced this issue Jan 4, 2018
https://github.com/ImageMagick/ImageMagick/issues/929
1c3dd70
urban-warrior pushed a commit that referenced this issue Jan 4, 2018
https://github.com/ImageMagick/ImageMagick/issues/929
e59dc85
@urban-warrior
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jan 4, 2018
@dlemstra dlemstra closed this as completed Jan 4, 2018
@littleputa
Copy link
Author

credit: nsfocus security team.

@littleputa
Copy link
Author

CVE-2018-5246

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dlemstra @urban-warrior @littleputa