Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://imagemagick.com/discourse-server/

convert - IM 6.9.0-1 Beta - DoS CPU/Memory Bug - magick/colormap.c:147

https://imagemagick.com/discourse-server/viewtopic.php?t=26726

Page 1 of 1

convert - IM 6.9.0-1 Beta - DoS CPU/Memory Bug - magick/colormap.c:147

Posted: 2014-12-18T19:19:34-07:00
by JodieC
Source file sent to magick /admin.
file: 93245ec0

To reproduce:

Code: Select all

convert 93245ec0 png:/dev/null
Running this on the 24 core box used up a bunch of memory... running this on my laptop (IM 6.7.7) made it start swapping and I had to hard reset.

BT:

Code: Select all

0x00007ffff6e4db38 in AcquireImageColormap (image=0x642350, colors=<optimized out>) at magick/colormap.c:147
147         image->colormap[i].opacity=OpaqueOpacity;
(gdb) bt
#0  0x00007ffff6e4db38 in AcquireImageColormap (image=0x642350, colors=<optimized out>) at magick/colormap.c:147
#1  0x00007ffff77fe404 in ReadDIBImage (image_info=0x60f050, exception=0x605990) at coders/dib.c:594
#2  0x00007ffff6eba0ea in ReadImage (image_info=image_info@entry=0x609ea0, exception=exception@entry=0x605990) at magick/constitute.c:547
#3  0x00007ffff6ebda7b in ReadImages (image_info=0x609ea0, exception=0x605990) at magick/constitute.c:853
#4  0x00007ffff66d78d2 in ConvertImageCommand (image_info=0x609ea0, argc=3, argv=0x604490, metadata=0x0, exception=0x605990) at wand/convert.c:622
#5  0x00007ffff68cebbe in MagickCommandGenesis (image_info=0x605b10, command=0x400a30 <ConvertImageCommand@plt>, argc=3, argv=0x7fffffffde38, 
    metadata=<optimized out>, exception=0x605990) at wand/mogrify.c:168
#6  0x0000000000400b9f in ConvertMain (argv=0x7fffffffde38, argc=3) at utilities/convert.c:81
#7  main (argc=3, argv=0x7fffffffde38) at utilities/convert.c:92
#8  0x00007ffff6034ec5 in __libc_start_main (main=0x400b20 <main>, argc=3, argv=0x7fffffffde38, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffde28) at libc-start.c:287
#9  0x0000000000400bf3 in _start ()
System Details:
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

Software: ImageMagick 6.9.0-1 Beta compiled from source 20141217

Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )

Re: convert - IM 6.9.0-1 Beta - DoS CPU/Memory Bug - magick/colormap.c:147

Posted: 2014-12-19T04:57:42-07:00
by magick
We get expected results:
  • convert 93245ec0 null:
    convert: insufficient image data in file `93245ec0' @ error/dib.c/ReadDIBImage/604.
    convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3210.
However, we'll add a check to ensure bits-per-pixel has a reasonable value.

Re: convert - IM 6.9.0-1 Beta - DoS CPU/Memory Bug - magick/colormap.c:147

Posted: 2014-12-19T20:26:56-07:00
by JodieC
It seems to pass on the latest SVN checkout.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited