Each redmap, greenmap, and bluemap can be overwritten by a new pointer, so it loses previous pointer, which leads to memory leak. I guess we should check if the each XXXmap variable is already allocated or not.
$ ./magick convert ~/leak1.dcm ./out.png
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/714.
convert: InsufficientImageDataInFile `/home/skid/leak1.dcm' @ error/dcm.c/ReadDCMImage/3280.
convert: NoImagesDefined `./out.png' @ error/convert.c/ConvertImageCommand/3275.
=================================================================
==62826==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 20 byte(s) in 1 object(s) allocated from:
#0 0x4bd753 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
#1 0x537d1d in AcquireMagickMemory (/imagemagick.latest/utilities/magick+0x537d1d)
#2 0x537dcd in AcquireQuantumMemory (/imagemagick.latest/utilities/magick+0x537dcd)
#3 0x6c91c2 in ReadDCMImage (/imagemagick.latest/utilities/magick+0x6c91c2)
#4 0xaf0948 in ReadImage (/imagemagick.latest/utilities/magick+0xaf0948)
#5 0xaf4ff4 in ReadImages (/imagemagick.latest/utilities/magick+0xaf4ff4)
#6 0xe61486 in ConvertImageCommand (/imagemagick.latest/utilities/magick+0xe61486)
#7 0xf41f40 in MagickCommandGenesis (/imagemagick.latest/utilities/magick+0xf41f40)
#8 0x4e8af9 in MagickMain (/imagemagick.latest/utilities/magick+0x4e8af9)
#9 0x4e8401 in main (/imagemagick.latest/utilities/magick+0x4e8401)
#10 0x7f09662ab82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
$ ./magick convert ~/leak2.dcm ./a.png
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/714.
convert: ImproperImageHeader `/home/skid/leak2.dcm' @ error/dcm.c/ReadDCMImage/3151.
convert: NoImagesDefined `./a.png' @ error/convert.c/ConvertImageCommand/3275.
=================================================================
==63144==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 52 byte(s) in 1 object(s) allocated from:
#0 0x4bd753 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
#1 0x537d1d in AcquireMagickMemory (/imagemagick.latest/utilities/magick+0x537d1d)
#2 0x537dcd in AcquireQuantumMemory (/imagemagick.latest/utilities/magick+0x537dcd)
#3 0x6c8a80 in ReadDCMImage (/imagemagick.latest/utilities/magick+0x6c8a80)
#4 0xaf0948 in ReadImage (/imagemagick.latest/utilities/magick+0xaf0948)
#5 0xaf4ff4 in ReadImages (/imagemagick.latest/utilities/magick+0xaf4ff4)
#6 0xe61486 in ConvertImageCommand /imagemagick.latest/utilities/magick+0xe61486)
#7 0xf41f40 in MagickCommandGenesis (/imagemagick.latest/utilities/magick+0xf41f40)
#8 0x4e8af9 in MagickMain (/imagemagick.latest/utilities/magick+0x4e8af9)
#9 0x4e8401 in main (/imagemagick.latest/utilities/magick+0x4e8401)
#10 0x7f8ea250982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: 52 byte(s) leaked in 1 allocation(s).
$ ./magick convert ~/leak3.dcm ./a.png
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/714.
convert: InsufficientImageDataInFile `/home/skid/leak3.dcm' @ error/dcm.c/ReadDCMImage/3280.
convert: NoImagesDefined `./a.png' @ error/convert.c/ConvertImageCommand/3275.
=================================================================
==63151==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 196 byte(s) in 1 object(s) allocated from:
#0 0x4bd753 in __interceptor_malloc /home/brian/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:3
#1 0x537d1d in AcquireMagickMemory (/imagemagick.latest/utilities/magick+0x537d1d)
#2 0x537dcd in AcquireQuantumMemory (/imagemagick.latest/utilities/magick+0x537dcd)
#3 0x6c9904 in ReadDCMImage (/imagemagick.latest/utilities/magick+0x6c9904)
#4 0xaf0948 in ReadImage (/imagemagick.latest/utilities/magick+0xaf0948)
#5 0xaf4ff4 in ReadImages (/imagemagick.latest/utilities/magick+0xaf4ff4)
#6 0xe61486 in ConvertImageCommand (/imagemagick.latest/utilities/magick+0xe61486)
#7 0xf41f40 in MagickCommandGenesis (/imagemagick.latest/utilities/magick+0xf41f40)
#8 0x4e8af9 in MagickMain (/imagemagick.latest/utilities/magick+0x4e8af9)
#9 0x4e8401 in main (/imagemagick.latest/utilities/magick+0x4e8401)
#10 0x7fb320bdc82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: 196 byte(s) leaked in 1 allocation(s).
System Configuration
Description
ImageMagick/coders/dcm.c
Line 3583 in 23246df
ImageMagick/coders/dcm.c
Line 3611 in 23246df
ImageMagick/coders/dcm.c
Line 3639 in 23246df
Each redmap, greenmap, and bluemap can be overwritten by a new pointer, so it loses previous pointer, which leads to memory leak. I guess we should check if the each XXXmap variable is already allocated or not.
Crash File : crashes.zip
Credit : Kyeongseok Yang & Choongwoo Han, Naver Security Team
The text was updated successfully, but these errors were encountered: