[Bug 1492881] Re: Null dereference in coders/png.c:5134
Launchpad Bug Tracker
1492881 at bugs.launchpad.net
Mon Jan 18 07:45:31 UTC 2016
This bug was fixed in the package imagemagick - 8:6.8.9.9-7
---------------
imagemagick (8:6.8.9.9-7) unstable; urgency=low
* Fix various minor security issues
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
- Fix an integer overflow that can lead to a double free in
pict parsing (LP: #1448803, closes: #806441).
- Memory Leak while handle psd file (closes: #811308)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
- IM 6.9.2 crash with some PNG (closes: #811308, LP: #1492881)
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
- Null pointer access in magick/constitute.c (closes: #811308)
https://github.com/ImageMagick/ImageMagick/pull/34
- PixelColor off by one on i386 (closes: #811308)
https://github.com/ImageMagick/ImageMagick/issues/54
- Fixed other memory leaks (closes: #811308)
-- Vincent Fourmond <fourmond at debian.org> Sun, 17 Jan 2016 21:18:19
+0100
** Changed in: imagemagick (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1492881
Title:
Null dereference in coders/png.c:5134
Status in imagemagick package in Ubuntu:
Fix Released
Bug description:
Program received signal SIGSEGV, Segmentation fault.
--------------------------------------------------------------------------[regs]
EAX: 0x0000B0D0 EBX: 0x00000000 ECX: 0x0881A578 EDX: 0x0881A578 o d I t s z a p c
ESI: 0x00000000 EDI: 0x0885FEF4 EBP: 0x0883E394 ESP: 0xBFFF3AF0 EIP: 0x082E8E71
CS: 0073 DS: 007B ES: 007B FS: 0000 GS: 0033 SS: 007B
--------------------------------------------------------------------------[code]
=> 0x82e8e71 <ReadMNGImage+2801>: movzx eax,BYTE PTR [ebx]
0x82e8e74 <ReadMNGImage+2804>: shl eax,0x18
0x82e8e77 <ReadMNGImage+2807>: movzx ecx,BYTE PTR [ebx+0x1]
0x82e8e7b <ReadMNGImage+2811>: shl ecx,0x10
0x82e8e7e <ReadMNGImage+2814>: or ecx,eax
0x82e8e80 <ReadMNGImage+2816>: movzx edx,BYTE PTR [ebx+0x2]
0x82e8e84 <ReadMNGImage+2820>: shl edx,0x8
0x82e8e87 <ReadMNGImage+2823>: or edx,ecx
--------------------------------------------------------------------------------
0x082e8e71 in ReadMNGImage (image_info=<optimized out>, exception=0x8847650) at ../ImageMagick_git/coders/png.c:5134
5134 mng_info->mng_width=(size_t) ((p[0] << 24) | (p[1] << 16) |
The variable "p" can be NULL.
Stack trace:
#0 0x082e8e71 in ReadMNGImage (image_info=<optimized out>, exception=0x8847650) at ../ImageMagick_git/coders/png.c:5134
#1 0x083a678d in ReadImage (image_info=<optimized out>, exception=0x88331d8) at ../ImageMagick_git/MagickCore/constitute.c:493
#2 0x083a85ef in ReadImages (image_info=<optimized out>, filename=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickCore/constitute.c:846
#3 0x086535a4 in CLINoImageOperator (cli_wand=0x0, option=<optimized out>, arg1n=<optimized out>, arg2n=0x0) at ../ImageMagick_git/MagickWand/operation.c:4656
#4 0x08655664 in CLIOption (cli_wand=0x8838bf0, option=0x868c8a1 "-read") at ../ImageMagick_git/MagickWand/operation.c:5150
#5 0x085a00bc in ProcessCommandOptions (cli_wand=<optimized out>, argc=<optimized out>, argv=<optimized out>, index=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:474
#6 0x085a0ee5 in MagickImageCommand (image_info=<optimized out>, argc=0x3, argv=0xbffff104, metadata=<optimized out>, exception=<optimized out>) at ../ImageMagick_git/MagickWand/magick-cli.c:786
#7 0x085d0983 in MagickCommandGenesis (image_info=<optimized out>, command=<optimized out>, argc=<optimized out>, argv=<optimized out>, metadata=0x0, exception=0x88331d8) at ../ImageMagick_git/MagickWand/mogrify.c:172
#8 0x08052897 in MagickMain (argc=<optimized out>, argv=0xbffff104) at ../ImageMagick_git/utilities/magick.c:76
#9 main (argc=<optimized out>, argv=0xbffff104) at ../ImageMagick_git/utilities/magick.c:89
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1492881/+subscriptions
More information about the foundations-bugs
mailing list