Legacy ImageMagick Discussions Archive

Here's a file that causes invalid heap memory read accesses in convert which show up when compiled with address sanitizer:
https://crashes.fuzzing-project.org/ima ... y-read.wpg

Test:

Code: Select all

convert -resize 1 [input] out

This happened while testing some older files I had laying around from previous bug reports. This makes me wonder: Does imagemagick collect sample files that triggered past bugs somewhere? It would certainly be useful to do this and have a test suite that checks with those previous bug triggering files.

Error from asan:

Code: Select all

==29646==ERROR: AddressSanitizer: SEGV on unknown address 0x7f62029268a4 (pc 0x0000005e892a bp 0x7ffcf8507370 sp 0x7ffcf8506040 T0)
==29646==The signal is caused by a READ memory access.
    #0 0x5e8929 in .omp_outlined..68 /mnt/ram/ImageMagick-6.9.7-9/magick/resize.c:2819:30
    #1 0x7f6229055732 in __kmp_invoke_microtask (/usr/lib64/libomp.so+0xa3732)
    #2 0x7f6228ffb952  (/usr/lib64/libomp.so+0x49952)
    #3 0x7f6228ffcdb4 in __kmp_fork_call (/usr/lib64/libomp.so+0x4adb4)
    #4 0x7f6228fe9ac7 in __kmpc_fork_call (/usr/lib64/libomp.so+0x37ac7)
    #5 0x5da696 in VerticalFilter /mnt/ram/ImageMagick-6.9.7-9/magick/resize.c:2722:11
    #6 0x5d7b09 in ResizeImage /mnt/ram/ImageMagick-6.9.7-9/magick/resize.c:3007:14
    #7 0xf22b7d in MogrifyImage /mnt/ram/ImageMagick-6.9.7-9/wand/mogrify.c:2678:27
    #8 0xfbd4bb in MogrifyImages /mnt/ram/ImageMagick-6.9.7-9/wand/mogrify.c:8913:13
    #9 0xe982c7 in ConvertImageCommand /mnt/ram/ImageMagick-6.9.7-9/wand/convert.c:3256:3
    #10 0xf13745 in MagickCommandGenesis /mnt/ram/ImageMagick-6.9.7-9/wand/mogrify.c:172:14
    #11 0x516535 in ConvertMain /mnt/ram/ImageMagick-6.9.7-9/utilities/convert.c:81:10
    #12 0x516535 in main /mnt/ram/ImageMagick-6.9.7-9/utilities/convert.c:92
    #13 0x7f6228a251e0 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.24-r1/work/glibc-2.24/csu/../csu/libc-start.c:289
    #14 0x426a89 in _start (/mnt/ram/ImageMagick-6.9.7-9/utilities/convert+0x426a89)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/ram/ImageMagick-6.9.7-9/magick/resize.c:2819:30 in .omp_outlined..68

Your image link does not seem to work. Can you give us a new link? We have create an issue for your suggestion: https://github.com/ImageMagick/ImageMagick/issues/124. Maybe we should create a separate project that we can use to run these tests on. Would you be open to helping us out with this?

I'm sorry, file permission problem, download works now.

I'm open to helping creating an image corpus. I agree that bundling them in the imagemagick distribution may not be the best idea, due to the fact that this could quickly become pretty large. But it could simply be a git repository where the files are collected, together with a small description linking to which bug report / commit they correspond to or something alike plus maybe a simple script testing all the files.

Obviously you may feel free to use all the image samples I provided in the past to the imagemagick team in bugreports.

Unfortunately we cannot reproduce the problem you reported. Your command completed without complaint with ImageMagick-6.9.7-10, the current release. We're using clang 3.8.1 and libasan 6.3.1-1 but without OpenMP. It did not validate while configuring ImageMagick. If we disable ASAN, OpenMP is enabled and your command again completes without complaint. As expected, we need to reproduce the problem before we can fix it.

Does the command fail for you when OpenMP is disabled?

Legacy ImageMagick Discussions Archive

Invalid memory read on malformed wpg image

Invalid memory read on malformed wpg image

Re: Invalid memory read on malformed wpg image

Re: Invalid memory read on malformed wpg image

Re: Invalid memory read on malformed wpg image