https://www.dropbox.com/s/n0oy95mwsyvu7nt/cb1f4fa5?dl=0
To reproduce
Code: Select all
convert cb1f4fa5 png:/dev/null
Code: Select all
*** Error in `convert': free(): invalid next size (normal): 0x0000000000651c80 ***
Aborted (core dumped)
Code: Select all
Program terminated with signal SIGABRT, Aborted.
#0 0x00007ffff6049bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff6049bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff604cfc8 in __GI_abort () at abort.c:89
#2 0x00007ffff739c225 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3 <signal handler called>
#4 0x00007ffff6049bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5 0x00007ffff604cfc8 in __GI_abort () at abort.c:89
#6 0x00007ffff6086e14 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff61955a8 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#7 0x00007ffff60930ee in malloc_printerr (ptr=<optimized out>, str=0x7ffff6195720 "free(): invalid next size (normal)", action=1) at malloc.c:4996
#8 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#9 0x00007ffff73b1de1 in RelinquishAlignedMemory (memory=<optimized out>) at magick/memory.c:919
#10 0x00007ffff73b2125 in RelinquishVirtualMemory (memory_info=0x650ac0) at magick/memory.c:1027
#11 0x00007ffff79bc52a in ReadRLEImage (image_info=0x60f050, exception=0x605990) at coders/rle.c:582
#12 0x00007ffff6eba0ea in ReadImage (image_info=image_info@entry=0x609ea0, exception=exception@entry=0x605990) at magick/constitute.c:547
#13 0x00007ffff6ebda7b in ReadImages (image_info=0x609ea0, exception=0x605990) at magick/constitute.c:853
#14 0x00007ffff66d78d2 in ConvertImageCommand (image_info=0x609ea0, argc=3, argv=0x605010, metadata=0x0, exception=0x605990) at wand/convert.c:622
#15 0x00007ffff68cebbe in MagickCommandGenesis (image_info=0x605b10, command=0x400a30 <ConvertImageCommand@plt>, argc=3, argv=0x7fffffffe348,
metadata=<optimized out>, exception=0x605990) at wand/mogrify.c:168
#16 0x0000000000400b9f in ConvertMain (argv=0x7fffffffe348, argc=3) at utilities/convert.c:81
#17 main (argc=3, argv=0x7fffffffe348) at utilities/convert.c:92
#18 0x00007ffff6034ec5 in __libc_start_main (main=0x400b20 <main>, argc=3, argv=0x7fffffffe348, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe338) at libc-start.c:287
#19 0x0000000000400bf3 in _start ()
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
Software: ImageMagick 6.9.0-1 Beta compiled from source 20141217
Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )