Skip to content

memory leaks in WriteCALSImage #930

Closed
@henices

Description

@henices

INFO

Version: ImageMagick 7.0.7-20 Q16 x86_64 2018-01-04 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI
Delegates (built-in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib

Trigger Command: /usr/local/bin/magick WriteGROUP4Image-memory-leaks /dev/null

ASAN OUTPUT


=================================================================
==427==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4cf7f0 in __interceptor_malloc (/usr/local/bin/magick+0x4cf7f0)
    #1 0x7f724fe6c846 in AcquireMagickMemory /home/henices/tests/ImageMagick/MagickCore/memory.c:464:10
    #2 0x7f724f8328e4 in AcquireCriticalMemory /home/henices/tests/ImageMagick/./MagickCore/memory-private.h:57:10
    #3 0x7f724f830fcd in AcquirePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:192:28
    #4 0x7f724f834124 in ClonePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:412:28
    #5 0x7f724f87644d in GetImagePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:1633:29
    #6 0x7f724f83a3d7 in QueueAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:3948:28
    #7 0x7f724f839b60 in GetAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:1237:10
    #8 0x7f724f88d764 in GetCacheViewAuthenticPixels /home/henices/tests/ImageMagick/MagickCore/cache-view.c:312:10
    #9 0x7f724f7e3c9a in SetImageDepth /home/henices/tests/ImageMagick/MagickCore/attribute.c:1152:7
    #10 0x7f7250d2c286 in WriteGROUP4Image /home/henices/tests/ImageMagick/coders/tiff.c:2641:10
    #11 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #12 0x7f724f7ffb38 in ImageToBlob /home/henices/tests/ImageMagick/MagickCore/blob.c:1908:18
    #13 0x7f72505803b2 in WriteCALSImage /home/henices/tests/ImageMagick/coders/cals.c:564:28
    #14 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #15 0x7f724f963381 in WriteImages /home/henices/tests/ImageMagick/MagickCore/constitute.c:1333:13
    #16 0x7f724e570e7e in CLINoImageOperator /home/henices/tests/ImageMagick/MagickWand/operation.c:4798:14
    #17 0x7f724e579f60 in CLIOption /home/henices/tests/ImageMagick/MagickWand/operation.c:5258:7
    #18 0x7f724e0c87d5 in ProcessCommandOptions /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:529:3
    #19 0x7f724e0ca79d in MagickImageCommand /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:796:5
    #20 0x7f724e17c9a5 in MagickCommandGenesis /home/henices/tests/ImageMagick/MagickWand/mogrify.c:183:14
    #21 0x50a313 in MagickMain /home/henices/tests/ImageMagick/utilities/magick.c:149:10
    #22 0x5096b1 in main /home/henices/tests/ImageMagick/utilities/magick.c:180:10
    #23 0x7f7247512009 in __libc_start_main (/lib64/libc.so.6+0x21009)

Indirect leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x4cf7f0 in __interceptor_malloc (/usr/local/bin/magick+0x4cf7f0)
    #1 0x7f724fe6c846 in AcquireMagickMemory /home/henices/tests/ImageMagick/MagickCore/memory.c:464:10
    #2 0x7f724fe6c8a8 in AcquireQuantumMemory /home/henices/tests/ImageMagick/MagickCore/memory.c:537:10
    #3 0x7f724f832c78 in AcquirePixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:264:31
    #4 0x7f724f831da5 in AcquirePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:207:26
    #5 0x7f724f834124 in ClonePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:412:28
    #6 0x7f724f87644d in GetImagePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:1633:29
    #7 0x7f724f83a3d7 in QueueAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:3948:28
    #8 0x7f724f839b60 in GetAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:1237:10
    #9 0x7f724f88d764 in GetCacheViewAuthenticPixels /home/henices/tests/ImageMagick/MagickCore/cache-view.c:312:10
    #10 0x7f724f7e3c9a in SetImageDepth /home/henices/tests/ImageMagick/MagickCore/attribute.c:1152:7
    #11 0x7f7250d2c286 in WriteGROUP4Image /home/henices/tests/ImageMagick/coders/tiff.c:2641:10
    #12 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #13 0x7f724f7ffb38 in ImageToBlob /home/henices/tests/ImageMagick/MagickCore/blob.c:1908:18
    #14 0x7f72505803b2 in WriteCALSImage /home/henices/tests/ImageMagick/coders/cals.c:564:28
    #15 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #16 0x7f724f963381 in WriteImages /home/henices/tests/ImageMagick/MagickCore/constitute.c:1333:13
    #17 0x7f724e570e7e in CLINoImageOperator /home/henices/tests/ImageMagick/MagickWand/operation.c:4798:14
    #18 0x7f724e579f60 in CLIOption /home/henices/tests/ImageMagick/MagickWand/operation.c:5258:7
    #19 0x7f724e0c87d5 in ProcessCommandOptions /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:529:3
    #20 0x7f724e0ca79d in MagickImageCommand /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:796:5
    #21 0x7f724e17c9a5 in MagickCommandGenesis /home/henices/tests/ImageMagick/MagickWand/mogrify.c:183:14
    #22 0x50a313 in MagickMain /home/henices/tests/ImageMagick/utilities/magick.c:149:10
    #23 0x5096b1 in main /home/henices/tests/ImageMagick/utilities/magick.c:180:10
    #24 0x7f7247512009 in __libc_start_main (/lib64/libc.so.6+0x21009)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4d0258 in __interceptor_posix_memalign (/usr/local/bin/magick+0x4d0258)
    #1 0x7f7250149af6 in AcquireSemaphoreMemory /home/henices/tests/ImageMagick/MagickCore/semaphore.c:154:7
    #2 0x7f7250148cec in AcquireSemaphoreInfo /home/henices/tests/ImageMagick/MagickCore/semaphore.c:200:36
    #3 0x7f724f8323d2 in AcquirePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:222:25
    #4 0x7f724f834124 in ClonePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:412:28
    #5 0x7f724f87644d in GetImagePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:1633:29
    #6 0x7f724f83a3d7 in QueueAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:3948:28
    #7 0x7f724f839b60 in GetAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:1237:10
    #8 0x7f724f88d764 in GetCacheViewAuthenticPixels /home/henices/tests/ImageMagick/MagickCore/cache-view.c:312:10
    #9 0x7f724f7e3c9a in SetImageDepth /home/henices/tests/ImageMagick/MagickCore/attribute.c:1152:7
    #10 0x7f7250d2c286 in WriteGROUP4Image /home/henices/tests/ImageMagick/coders/tiff.c:2641:10
    #11 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #12 0x7f724f7ffb38 in ImageToBlob /home/henices/tests/ImageMagick/MagickCore/blob.c:1908:18
    #13 0x7f72505803b2 in WriteCALSImage /home/henices/tests/ImageMagick/coders/cals.c:564:28
    #14 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #15 0x7f724f963381 in WriteImages /home/henices/tests/ImageMagick/MagickCore/constitute.c:1333:13
    #16 0x7f724e570e7e in CLINoImageOperator /home/henices/tests/ImageMagick/MagickWand/operation.c:4798:14
    #17 0x7f724e579f60 in CLIOption /home/henices/tests/ImageMagick/MagickWand/operation.c:5258:7
    #18 0x7f724e0c87d5 in ProcessCommandOptions /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:529:3
    #19 0x7f724e0ca79d in MagickImageCommand /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:796:5
    #20 0x7f724e17c9a5 in MagickCommandGenesis /home/henices/tests/ImageMagick/MagickWand/mogrify.c:183:14
    #21 0x50a313 in MagickMain /home/henices/tests/ImageMagick/utilities/magick.c:149:10
    #22 0x5096b1 in main /home/henices/tests/ImageMagick/utilities/magick.c:180:10
    #23 0x7f7247512009 in __libc_start_main (/lib64/libc.so.6+0x21009)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4d0258 in __interceptor_posix_memalign (/usr/local/bin/magick+0x4d0258)
    #1 0x7f7250149af6 in AcquireSemaphoreMemory /home/henices/tests/ImageMagick/MagickCore/semaphore.c:154:7
    #2 0x7f7250148cec in AcquireSemaphoreInfo /home/henices/tests/ImageMagick/MagickCore/semaphore.c:200:36
    #3 0x7f724f8325b6 in AcquirePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:224:30
    #4 0x7f724f834124 in ClonePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:412:28
    #5 0x7f724f87644d in GetImagePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:1633:29
    #6 0x7f724f83a3d7 in QueueAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:3948:28
    #7 0x7f724f839b60 in GetAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:1237:10
    #8 0x7f724f88d764 in GetCacheViewAuthenticPixels /home/henices/tests/ImageMagick/MagickCore/cache-view.c:312:10
    #9 0x7f724f7e3c9a in SetImageDepth /home/henices/tests/ImageMagick/MagickCore/attribute.c:1152:7
    #10 0x7f7250d2c286 in WriteGROUP4Image /home/henices/tests/ImageMagick/coders/tiff.c:2641:10
    #11 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #12 0x7f724f7ffb38 in ImageToBlob /home/henices/tests/ImageMagick/MagickCore/blob.c:1908:18
    #13 0x7f72505803b2 in WriteCALSImage /home/henices/tests/ImageMagick/coders/cals.c:564:28
    #14 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #15 0x7f724f963381 in WriteImages /home/henices/tests/ImageMagick/MagickCore/constitute.c:1333:13
    #16 0x7f724e570e7e in CLINoImageOperator /home/henices/tests/ImageMagick/MagickWand/operation.c:4798:14
    #17 0x7f724e579f60 in CLIOption /home/henices/tests/ImageMagick/MagickWand/operation.c:5258:7
    #18 0x7f724e0c87d5 in ProcessCommandOptions /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:529:3
    #19 0x7f724e0ca79d in MagickImageCommand /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:796:5
    #20 0x7f724e17c9a5 in MagickCommandGenesis /home/henices/tests/ImageMagick/MagickWand/mogrify.c:183:14
    #21 0x50a313 in MagickMain /home/henices/tests/ImageMagick/utilities/magick.c:149:10
    #22 0x5096b1 in main /home/henices/tests/ImageMagick/utilities/magick.c:180:10
    #23 0x7f7247512009 in __libc_start_main (/lib64/libc.so.6+0x21009)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4d0258 in __interceptor_posix_memalign (/usr/local/bin/magick+0x4d0258)
    #1 0x7f724fe6c5d7 in AcquireAlignedMemory /home/henices/tests/ImageMagick/MagickCore/memory.c:262:7
    #2 0x7f724f832ace in AcquirePixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:260:29
    #3 0x7f724f831da5 in AcquirePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:207:26
    #4 0x7f724f834124 in ClonePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:412:28
    #5 0x7f724f87644d in GetImagePixelCache /home/henices/tests/ImageMagick/MagickCore/cache.c:1633:29
    #6 0x7f724f83a3d7 in QueueAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:3948:28
    #7 0x7f724f839b60 in GetAuthenticPixelCacheNexus /home/henices/tests/ImageMagick/MagickCore/cache.c:1237:10
    #8 0x7f724f88d764 in GetCacheViewAuthenticPixels /home/henices/tests/ImageMagick/MagickCore/cache-view.c:312:10
    #9 0x7f724f7e3c9a in SetImageDepth /home/henices/tests/ImageMagick/MagickCore/attribute.c:1152:7
    #10 0x7f7250d2c286 in WriteGROUP4Image /home/henices/tests/ImageMagick/coders/tiff.c:2641:10
    #11 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #12 0x7f724f7ffb38 in ImageToBlob /home/henices/tests/ImageMagick/MagickCore/blob.c:1908:18
    #13 0x7f72505803b2 in WriteCALSImage /home/henices/tests/ImageMagick/coders/cals.c:564:28
    #14 0x7f724f960d3b in WriteImage /home/henices/tests/ImageMagick/MagickCore/constitute.c:1114:14
    #15 0x7f724f963381 in WriteImages /home/henices/tests/ImageMagick/MagickCore/constitute.c:1333:13
    #16 0x7f724e570e7e in CLINoImageOperator /home/henices/tests/ImageMagick/MagickWand/operation.c:4798:14
    #17 0x7f724e579f60 in CLIOption /home/henices/tests/ImageMagick/MagickWand/operation.c:5258:7
    #18 0x7f724e0c87d5 in ProcessCommandOptions /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:529:3
    #19 0x7f724e0ca79d in MagickImageCommand /home/henices/tests/ImageMagick/MagickWand/magick-cli.c:796:5
    #20 0x7f724e17c9a5 in MagickCommandGenesis /home/henices/tests/ImageMagick/MagickWand/mogrify.c:183:14
    #21 0x50a313 in MagickMain /home/henices/tests/ImageMagick/utilities/magick.c:149:10
    #22 0x5096b1 in main /home/henices/tests/ImageMagick/utilities/magick.c:180:10
    #23 0x7f7247512009 in __libc_start_main (/lib64/libc.so.6+0x21009)

SUMMARY: AddressSanitizer: 9376 byte(s) leaked in 5 allocation(s).

testcase: https://github.com/henices/pocs/raw/master/WriteGROUP4Image-memory-leaks

Credit: NSFocus Security Team <security (at) nsfocus (dot) com>

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions