To reproduce:
Code: Select all
convert f56e9710 png:/dev/null
BT during the 100%:
Code: Select all
#0 ReadBlobByte (image=0x648010) at magick/blob.c:3008
#1 0x00007ffff795f238 in PNMInteger (base=<optimized out>, image=<optimized out>) at coders/pnm.c:197
#2 ReadPNMImage (image_info=0x60f050, exception=0x605990) at coders/pnm.c:487
#3 0x00007ffff6ebf78a in ReadImage (image_info=image_info@entry=0x609ea0, exception=exception@entry=0x605990)
at magick/constitute.c:547
#4 0x00007ffff6ec311b in ReadImages (image_info=0x609ea0, exception=0x605990) at magick/constitute.c:853
#5 0x00007ffff66dc8d2 in ConvertImageCommand (image_info=0x609ea0, argc=3, argv=0x604490, metadata=0x0, exception=0x605990)
at wand/convert.c:622
#6 0x00007ffff68d3a7e in MagickCommandGenesis (image_info=0x605b10, command=0x400a30 <ConvertImageCommand@plt>, argc=3,
argv=0x7fffffffdbe8, metadata=<optimized out>, exception=0x605990) at wand/mogrify.c:168
#7 0x0000000000400b9f in ConvertMain (argv=0x7fffffffdbe8, argc=3) at utilities/convert.c:81
#8 main (argc=3, argv=0x7fffffffdbe8) at utilities/convert.c:92
#9 0x00007ffff6039ec5 in __libc_start_main (main=0x400b20 <main>, argc=3, argv=0x7fffffffdbe8, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdbd8) at libc-start.c:287
#10 0x0000000000400bf3 in _start ()
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
Software: ImageMagick 6.9.0-1 Beta compiled from source.
(Does not occur on 6.7.7.10-6ubuntu )
Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )