[Bug 1448803] Re: Double free in coders/pict.c:2000
Seth Arnold
1448803 at bugs.launchpad.net
Thu Oct 8 18:48:10 UTC 2015
Stefan Cornelius suggests the pict.c changes in
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
address this issue: http://www.openwall.com/lists/oss-
security/2015/10/08/3
Thanks
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1448803
Title:
Double free in coders/pict.c:2000
Status in imagemagick package in Ubuntu:
Confirmed
Bug description:
Running: convert pict_double_free.pict /dev/null
Program received signal SIGABRT, Aborted.
Stack Trace:
--------------------------------------------------------------------------------
0xb7fdbbe0 in __kernel_vsyscall ()
gdb$ bt
#0 0xffffffff in __kernel_vsyscall ()
#1 0xffffffff in __GI_raise (sig=0x6) at ../sysdeps/unix/sysv/linux/raise.c:55
#2 0xffffffff in __GI_abort () at abort.c:89
#3 0xffffffff in __libc_message (do_abort=0x1, fmt=0xb78bc444 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#4 0xffffffff in malloc_printerr (action=<optimized out>, str=0xb78bc4fc "double free or corruption (out)", ptr=0x8092f20) at malloc.c:4965
#5 0xffffffff in _int_free (av=0xb790f840 <main_arena>, p=<optimized out>, have_lock=0x0) at malloc.c:3834
#6 0xffffffff in RelinquishMagickMemory (memory=0x8092f20) at magick/memory.c:956
#7 0xffffffff in WritePICTImage (image_info=0x807fc28, image=0x807fc28) at coders/pict.c:2000
#8 0xffffffff in WriteImage (image_info=0x1, image=0x807fc28) at magick/constitute.c:1184
#9 0xffffffff in WriteImages (image_info=0x0, images=0x807fc28, filename=0x0, exception=0x80538d8) at magick/constitute.c:1327
#10 0xffffffff in ConvertImageCommand (image_info=0x8082df0, argc=0x3, argv=0x8054ce8, metadata=0x0, exception=0x80538d8) at wand/convert.c:3215
#11 0xffffffff in MagickCommandGenesis (image_info=0x8056248, command=0x8048620 <ConvertImageCommand at plt>, argc=0x3, argv=0xbffff024, metadata=0x0, exception=0x80538d8) at wand/mogrify.c:168
#12 0x080486ec in main (argv=0xbffff024, argc=<optimized out>) at utilities/convert.c:81
#13 0x080486ec in main (argc=0x3, argv=0xbffff024) at utilities/convert.c:92
gdb$
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803/+subscriptions
More information about the foundations-bugs
mailing list