[Bug 1886185] Re: Imagemagick/convert can be crashed by processing an empty PNG
Saverio Miroddi
1886185 at bugs.launchpad.net
Mon Jul 6 14:27:46 UTC 2020
Wouldn't it be better to exit with an error message, rather than
panicking? Panicking seems very drastic.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1886185
Title:
Imagemagick/convert can be crashed by processing an empty PNG
Status in imagemagick package in Ubuntu:
New
Bug description:
(I'm not sure if this classifies as security issue or not, as the
crash itself is due to an assertion failure, not to a buffer overflow
or similar).
When executing the command:
convert empty.png -resize 150x150 -colors 16 -colorspace RGB
-quantize RGB -depth 8 -alpha remove -alpha off -format %c
histogram:info:
on an empty PNG, `convert` crashes with:
convert: ../../magick/quantum.c:216: DestroyQuantumInfo: Assertion `quantum_info != (QuantumInfo *) NULL' failed.
Aborted (core dumped)
I've provided an empty PNG file for testing.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.8
ProcVersionSignature: Ubuntu 5.3.0-1017.18~18.04.1-aws 5.3.18
Uname: Linux 5.3.0-1017-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.15
Architecture: amd64
Date: Fri Jul 3 11:40:12 2020
Ec2AMI: ami-0df60f5a0d9a27a14
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: eu-west-1a
Ec2InstanceType: t3.xlarge
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1886185/+subscriptions
More information about the foundations-bugs
mailing list