[Bug 1496649] [NEW] Segfault in ReadRLEImage (coders/rle.c:334)

[Moshe Kaplan]

Public bug reported:

magick rle.c_334_invalid_dereference.rle /dev/null

gdb$ bt
#0  0x08271eb2 in ReadRLEImage (image_info=<optimized out>, exception=0xbfff6bae) at ../ImageMagick_git/coders/rle.c:334
#1  0x083a63fd in ReadImage (image_info=<optimized out>, exception=0x88321d8) at ../ImageMagick_git/MagickCore/constitute.c:494
#2  0x083a825f in ReadImages (image_info=<optimized out>, filename=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickCore/constitute.c:847
#3  0x08653324 in CLINoImageOperator (cli_wand=0x0, option=<optimized out>, arg1n=<optimized out>, arg2n=0x0) at ../ImageMagick_git/MagickWand/operation.c:4656
#4  0x086553e6 in CLIOption (cli_wand=0x8837bf0, option=0x868c621 "-read") at ../ImageMagick_git/MagickWand/operation.c:5150
#5  0x0859fe2c in ProcessCommandOptions (cli_wand=<optimized out>, argc=<optimized out>, argv=<optimized out>, index=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:474
#6  0x085a0c55 in MagickImageCommand (image_info=<optimized out>, argc=0x3, argv=0xbffff0f4, metadata=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:786
#7  0x085d06f3 in MagickCommandGenesis (image_info=<optimized out>, command=<optimized out>, argc=<optimized out>, argv=<optimized out>, metadata=0x0, exception=0x88321d8) at ../ImageMagick_git/MagickWand/mogrify.c:172
#8  0x08052897 in MagickMain (argc=<optimized out>, argv=0xbffff0f4) at ../ImageMagick_git/utilities/magick.c:76
#9  main (argc=<optimized out>, argv=0xbffff0f4) at ../ImageMagick_git/utilities/magick.c:89


=> 0x8271eb2 <ReadRLEImage+3250>:	mov    BYTE PTR [edi],cl
   0x8271eb4 <ReadRLEImage+3252>:	inc    edi
   0x8271eb5 <ReadRLEImage+3253>:	inc    esi
   0x8271eb6 <ReadRLEImage+3254>:	dec    ebx
   0x8271eb7 <ReadRLEImage+3255>:	jne    0x8271e90 <ReadRLEImage+3216>
   0x8271eb9 <ReadRLEImage+3257>:	movzx  ecx,WORD PTR ds:0x8819d96
   0x8271ec0 <ReadRLEImage+3264>:	mov    esi,DWORD PTR ds:0x87fa718
   0x8271ec6 <ReadRLEImage+3270>:	xor    ecx,0x9ac0
--------------------------------------------------------------------------------
0x08271eb2 in ReadRLEImage (image_info=<optimized out>, exception=0xbfff6bae) at ../ImageMagick_git/coders/rle.c:334
334	              *p++=background_color[j];

** Affects: imagemagick (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "rle.c_334_invalid_dereference.rle"
   https://bugs.launchpad.net/bugs/1496649/+attachment/4466465/+files/rle.c_334_invalid_dereference.rle

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1496649

Title:
  Segfault in ReadRLEImage (coders/rle.c:334)

Status in imagemagick package in Ubuntu:
  New

Bug description:
  magick rle.c_334_invalid_dereference.rle /dev/null

  gdb$ bt
  #0  0x08271eb2 in ReadRLEImage (image_info=<optimized out>, exception=0xbfff6bae) at ../ImageMagick_git/coders/rle.c:334
  #1  0x083a63fd in ReadImage (image_info=<optimized out>, exception=0x88321d8) at ../ImageMagick_git/MagickCore/constitute.c:494
  #2  0x083a825f in ReadImages (image_info=<optimized out>, filename=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickCore/constitute.c:847
  #3  0x08653324 in CLINoImageOperator (cli_wand=0x0, option=<optimized out>, arg1n=<optimized out>, arg2n=0x0) at ../ImageMagick_git/MagickWand/operation.c:4656
  #4  0x086553e6 in CLIOption (cli_wand=0x8837bf0, option=0x868c621 "-read") at ../ImageMagick_git/MagickWand/operation.c:5150
  #5  0x0859fe2c in ProcessCommandOptions (cli_wand=<optimized out>, argc=<optimized out>, argv=<optimized out>, index=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:474
  #6  0x085a0c55 in MagickImageCommand (image_info=<optimized out>, argc=0x3, argv=0xbffff0f4, metadata=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:786
  #7  0x085d06f3 in MagickCommandGenesis (image_info=<optimized out>, command=<optimized out>, argc=<optimized out>, argv=<optimized out>, metadata=0x0, exception=0x88321d8) at ../ImageMagick_git/MagickWand/mogrify.c:172
  #8  0x08052897 in MagickMain (argc=<optimized out>, argv=0xbffff0f4) at ../ImageMagick_git/utilities/magick.c:76
  #9  main (argc=<optimized out>, argv=0xbffff0f4) at ../ImageMagick_git/utilities/magick.c:89

  
  => 0x8271eb2 <ReadRLEImage+3250>:	mov    BYTE PTR [edi],cl
     0x8271eb4 <ReadRLEImage+3252>:	inc    edi
     0x8271eb5 <ReadRLEImage+3253>:	inc    esi
     0x8271eb6 <ReadRLEImage+3254>:	dec    ebx
     0x8271eb7 <ReadRLEImage+3255>:	jne    0x8271e90 <ReadRLEImage+3216>
     0x8271eb9 <ReadRLEImage+3257>:	movzx  ecx,WORD PTR ds:0x8819d96
     0x8271ec0 <ReadRLEImage+3264>:	mov    esi,DWORD PTR ds:0x87fa718
     0x8271ec6 <ReadRLEImage+3270>:	xor    ecx,0x9ac0
  --------------------------------------------------------------------------------
  0x08271eb2 in ReadRLEImage (image_info=<optimized out>, exception=0xbfff6bae) at ../ImageMagick_git/coders/rle.c:334
  334	              *p++=background_color[j];

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1496649/+subscriptions