To reproduce:
Code: Select all
convert 2dad54b8 png:/dev/null
Code: Select all
Aborted (core dumped)
BT:
Code: Select all
Core was generated by `/home/jodicun/opt/ImageMagick-2014-12-19/utilities/.libs/lt-convert ./fuzzer141'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6e8afc8 in __GI_abort () at abort.c:89
#2 0x00007ffff78b4171 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3 <signal handler called>
#4 0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5 0x00007ffff6e8afc8 in __GI_abort () at abort.c:89
#6 0x00007ffff78b4171 in MagickSignalHandler (signal_number=24) at magick/magick.c:1171
#7 <signal handler called>
#8 0x00007ffff6e9f589 in _IO_vfprintf_internal (s=s@entry=0x7ffffffeb9e0, format=<optimized out>, format@entry=0x7ffff7a64ec1 "%.*g%sB", ap=ap@entry=0x7ffffffebb88) at vfprintf.c:1660
#9 0x00007ffff6f5acb5 in ___vsnprintf_chk (s=s@entry=0x7ffffffedcc0 "", maxlen=<optimized out>, maxlen@entry=4096, flags=flags@entry=1, slen=slen@entry=18446744073709551615, format=format@entry=0x7ffff7a64ec1 "%.*g%sB", args=args@entry=0x7ffffffebb88) at vsnprintf_chk.c:63
#10 0x00007ffff78afa46 in vsnprintf (__ap=0x7ffffffebb88, __fmt=0x7ffff7a64ec1 "%.*g%sB", __n=4096, __s=0x7ffffffedcc0 "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:77
#11 FormatLocaleStringList (string=0x7ffffffedcc0 "", length=4096, format=0x7ffff7a64ec1 "%.*g%sB", operands=operands@entry=0x7ffffffebb88) at magick/locale.c:460
#12 0x00007ffff78afb22 in FormatLocaleString (string=string@entry=0x7ffffffedcc0 "", length=length@entry=4096, format=format@entry=0x7ffff7a64ec1 "%.*g%sB") at magick/locale.c:485
#13 0x00007ffff793692a in FormatMagickSize (size=size@entry=32, bi=bi@entry=MagickFalse, format=format@entry=0x7ffffffedcc0 "") at magick/string.c:1121
#14 0x00007ffff7915f7d in AcquireMagickResource (type=type@entry=HeightResource, size=32) at magick/resource.c:176
#15 0x00007ffff77ddb56 in OpenPixelCache (image=image@entry=0x31b96750, mode=mode@entry=IOMode, exception=exception@entry=0x31b999c8) at magick/cache.c:3497
#16 0x00007ffff77c3322 in GetImagePixelCache (image=image@entry=0x31b96750, clone=clone@entry=MagickTrue, exception=exception@entry=0x31b999c8) at magick/cache.c:1551
#17 0x00007ffff77e16bb in SyncImagePixelCache (image=image@entry=0x31b96750, exception=exception@entry=0x31b999c8) at magick/cache.c:5127
#18 0x00007ffff78a45a1 in SetImageExtent (image=image@entry=0x31b96750, columns=<optimized out>, rows=<optimized out>) at magick/image.c:2456
#19 0x00007ffff798fdc2 in ReadDDSImage (image_info=0x60e050, exception=0x604990) at coders/dds.c:1858
#20 0x00007ffff780d8b8 in ReadImage (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:547
#21 0x00007ffff780e953 in ReadImages (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:853
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
ImageMagick 6 compiled from SVN checkout 20141227.
Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )