[Bug 1542125] Re: SEGV in MagickCore/memory.c:974
Bug Watch Updater
1542125 at bugs.launchpad.net
Thu May 2 20:06:49 UTC 2019
** Changed in: imagemagick
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1542125
Title:
SEGV in MagickCore/memory.c:974
Status in ImageMagick:
Fix Released
Status in imagemagick package in Ubuntu:
Fix Released
Bug description:
This bug was found while fuzzing ImageMagick with afl-fuzz
Tested on ImageMagick git commit %s
Command: magick id:000004,sig:06,src:000000,op:int32,pos:16,val:-1
/dev/null
ASAN:SIGSEGV
=================================================================
==18636==ERROR: AddressSanitizer: SEGV on unknown address 0x00ecfeef (pc 0x080839f2 sp 0xbfd20580 bp 0xbfd20610 T0)
#0 0x80839f1 in __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839f1)
#1 0x80839a3 in __asan::asan_free(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839a3)
#2 0x80c6a61 in __interceptor_free (/usr/local/bin/magick+0x80c6a61)
#3 0x818d2e8 in RelinquishMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:974
#4 0x82c0fc6 in DestroySplayTree /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/splay-tree.c:695
#5 0x819ce1f in DestroyImageOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/option.c:1954
#6 0x8105132 in DestroyImageInfo /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1277
#7 0x80ffe67 in DestroyImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1213
#8 0x813321c in DeleteImageFromList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:298
#9 0x813321c in DestroyImageList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:451
#10 0x87f79b3 in ReadSUNImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/sun.c:300
#11 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494
#12 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844
#13 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685
#14 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179
#15 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474
#16 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786
#17 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172
#18 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74
#19 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85
#20 0xb7475a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#21 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType)
==18636==ABORTING
To manage notifications about this bug go to:
https://bugs.launchpad.net/imagemagick/+bug/1542125/+subscriptions
More information about the foundations-bugs
mailing list