Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leaks #941

Closed
littleputa1 opened this issue Jan 11, 2018 · 3 comments
Closed

memory leaks #941

littleputa1 opened this issue Jan 11, 2018 · 3 comments
Labels

Comments

@littleputa1
Copy link

ubuntu@ubuntu:~/fuzz_py$ magick -version
Version: ImageMagick 7.0.7-22 Q16 x86_64 2018-01-09 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI
Delegates (built-in): fontconfig freetype png x zlib

ubuntu@ubuntu:~/fuzz_py$ magick convert poc /dev/null
convert: unable to open image 'j2k:/tmp/magick-25528KMT_EgLJVmg': No such file or directory @ error/blob.c/OpenBlob/3335.
convert: no images defined `/dev/null' @ error/convert.c/ConvertImageCommand/3275.

=================================================================
==2552==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3)
#1 0x7f86be75ea83 in ReadDCMImage /home/ubuntu/ImageMagick/coders/dcm.c:3079:33
#2 0x7f86be2ccd91 in ReadImage /home/ubuntu/ImageMagick/MagickCore/constitute.c:497:13
#3 0x7f86be2cf594 in ReadImages /home/ubuntu/ImageMagick/MagickCore/constitute.c:866:9
#4 0x7f86bda9228c in ConvertImageCommand /home/ubuntu/ImageMagick/MagickWand/convert.c:641:18
#5 0x7f86bdbaeefd in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14
#6 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10
#7 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180
#8 0x7f86bb9eef44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: 168 byte(s) leaked in 1 allocation(s).

poc.zip

@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jan 11, 2018
@littleputa1
Copy link
Author

credit: nsfocus security team.

@littleputa1
Copy link
Author

CVE-2018-5357

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

3 participants