SIGABRT convert - IM 6.9.0-1 - 36b70be2

[JodieC]

Tested 12/15/2014 with http://www.imagemagick.org/download/bet ... 215.tar.gz Result: Fail

[dlemstra]

Can you try with a newer beta or a svn checkout? I am getting the following output:

Code: Select all

D:\Images\Fuzz>convert 36b70be2 36b70be2.png
convert.exe: Negative or zero image size `36b70be2' @ error/pnm.c/ReadPNMImage/417.
convert.exe: no images defined `36b70be2.png' @ error/convert.c/ConvertImageCommand/3210.

[JodieC]

Tested 12/17/2014 with http://www.imagemagick.org/download/bet ... 217.tar.gz Result:Fail

[dlemstra]

Would you mind adding a stacktrace, I cannot seem to make it crash and we are using the same version of pnm.c

[JodieC]

Here you go sir.

Code: Select all

Core was generated by `../../ImageMagick-6.9.0-1/utilities/.libs/convert ./36b70be2?dl=0 png:/dev/null'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6051fc8 in __GI_abort () at abort.c:89
#2  0x00007ffff73a17a5 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3  <signal handler called>
#4  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007ffff6051fc8 in __GI_abort () at abort.c:89
#6  0x00007ffff6047a76 in __assert_fail_base (fmt=0x7ffff61992b0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x7ffff7ac0fa0 "quantum_info->pixels[i][extent] == 0xab", file=file@entry=0x7ffff7ac0ea0 "magick/quantum.c", 
    line=line@entry=259, function=function@entry=0x7ffff7ac1370 <__PRETTY_FUNCTION__.12359> "DestroyQuantumPixels") at assert.c:92
#7  0x00007ffff6047b22 in __GI___assert_fail (assertion=assertion@entry=0x7ffff7ac0fa0 "quantum_info->pixels[i][extent] == 0xab", 
    file=file@entry=0x7ffff7ac0ea0 "magick/quantum.c", line=line@entry=259, 
    function=function@entry=0x7ffff7ac1370 <__PRETTY_FUNCTION__.12359> "DestroyQuantumPixels") at assert.c:101
#8  0x00007ffff74c1ab7 in DestroyQuantumPixels (quantum_info=quantum_info@entry=0x647470) at magick/quantum.c:259
#9  0x00007ffff74c1cd5 in DestroyQuantumInfo (quantum_info=0x647470) at magick/quantum.c:211
#10 0x00007ffff795eaaa in ReadPNMImage (image_info=0x60e050, exception=0x604990) at coders/pnm.c:744
#11 0x00007ffff6ebf78a in ReadImage (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:547
#12 0x00007ffff6ec311b in ReadImages (image_info=0x608ea0, exception=0x604990) at magick/constitute.c:853
#13 0x00007ffff66dc8d2 in ConvertImageCommand (image_info=0x608ea0, argc=3, argv=0x604010, metadata=0x0, exception=0x604990) at wand/convert.c:622
#14 0x00007ffff68d3a7e in MagickCommandGenesis (image_info=0x604b10, command=0x4007c0 <ConvertImageCommand@plt>, argc=3, argv=0x7fffffffe388, 
    metadata=<optimized out>, exception=0x604990) at wand/mogrify.c:168
#15 0x0000000000400887 in ConvertMain (argv=0x7fffffffe388, argc=3) at utilities/convert.c:81
#16 main (argc=3, argv=0x7fffffffe388) at utilities/convert.c:92

FWIW this also ABRTs on 6.7.7.10-6ubuntu3.

[magick]

Notice the stack trace shows an assertion @ magick/quantum.c:259. ImageMagick-6.9.0-1 Beta has this assertion @ line # 265 suggesting you are not running the latest ImageMagick 6.9.0-1 Beta.

[dlemstra]

Maybe I am not reading your stack-trace properly but it looks like there is a call to DestroyQuantumInfo from line 744 of pnm.c. But with in the file you linked there is no such call on line 744. Are you using a different library by accident?

[JodieC]

Aha! Local environment was exporting variables with older libs (Fuzzer is still running on the vulnerable libs).

I will do another round on the outstanding bugs with library path.

[JodieC]

It's good on this round.

[broucaries]

Where is the patch for this one ?

[magick]

Look for diffs from ImageMagick 6.9.0-0 and 6.9.0-1 in source modules magick/quantum.c and coders/pnm.c. We made numerous patches to pnm.c to address a number of flaws based on image fuzzing.