On Ubuntu 14.04, x64 and Imagemagick version 7.0+ (commit 087a059e56eec2efedefdceb6b52a093e4589dde ) https://github.com/ImageMagick/ImageMagick/commit/087a059e56eec2efedefdceb6b52a093e4589dde
gdb$ r double_free.tga /dev/null
Starting program: /home/moshe/Downloads/ImageMagick-master/utilities/magick double_free.tga /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Traceback (most recent call last):
File "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19-gdb.py", line 63, in <module>
from libstdcxx.v6.printers import register_libstdcxx_printers
ImportError: No module named 'libstdcxx'
*** Error in `/home/moshe/Downloads/ImageMagick-master/utilities/magick': double free or corruption (!prev): 0x0000000001780ec0 ***
Program received signal SIGABRT, Aborted.
-----------------------------------------------------------------------------------------------------------------------[regs]
RAX: 0x0000000000000000 RBX: 0x0000000000000084 RCX: 0xFFFFFFFFFFFFFFFF RDX: 0x0000000000000006 o d I t s z a P c
RSI: 0x0000000000007524 RDI: 0x0000000000007524 RBP: 0x00007FFFFFFF6560 RSP: 0x00007FFFFFFF61C8 RIP: 0x00007FFFF375CCC9
R8 : 0x3063653038373130 R9 : 0x6F6974707572726F R10: 0x0000000000000008 R11: 0x0000000000000206 R12: 0x00007FFFFFFF6370
R13: 0x0000000000000007 R14: 0x0000000000000084 R15: 0x0000000000000007
CS: 0033 DS: 0000 ES: 0000 FS: 0000 GS: 0000 SS: 002B
-----------------------------------------------------------------------------------------------------------------------[code]
=> 0x7ffff375ccc9 <__GI_raise+57>: cmp rax,0xfffffffffffff000
0x7ffff375cccf <__GI_raise+63>: ja 0x7ffff375ccea <__GI_raise+90>
0x7ffff375ccd1 <__GI_raise+65>: repz ret
0x7ffff375ccd3 <__GI_raise+67>: nop DWORD PTR [rax+rax*1+0x0]
0x7ffff375ccd8 <__GI_raise+72>: test eax,eax
0x7ffff375ccda <__GI_raise+74>: jg 0x7ffff375ccb9 <__GI_raise+41>
0x7ffff375ccdc <__GI_raise+76>: mov ecx,eax
0x7ffff375ccde <__GI_raise+78>: neg ecx
-----------------------------------------------------------------------------------------------------------------------------
0x00007ffff375ccc9 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb$ bt
#0 0x00007ffff375ccc9 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff37600d8 in __GI_abort () at abort.c:89
#2 0x00007ffff3799394 in __libc_message (do_abort=do_abort@entry=0x1, fmt=fmt@entry=0x7ffff38a7b28 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff37a566e in malloc_printerr (ptr=<optimized out>, str=0x7ffff38a7c10 "double free or corruption (!prev)", action=0x1) at malloc.c:4996
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0x0) at malloc.c:3840
#5 0x000000000048db72 in RelinquishMagickMemory (memory=<optimized out>) at MagickCore/memory.c:967
#6 0x00000000004456c9 in DestroyImage (image=image@entry=0x1793ff0) at MagickCore/image.c:1200
#7 0x000000000045f6e4 in DeleteImageFromList (images=<synthetic pointer>) at MagickCore/list.c:298
#8 DestroyImageList (images=0x0, images@entry=0x1793ff0) at MagickCore/list.c:451
#9 0x0000000000991b20 in ReadTGAImage (image_info=<optimized out>, exception=0x1763f90) at coders/tga.c:221
#10 0x0000000000c20414 in ReadImage (image_info=image_info@entry=0x1768350, exception=exception@entry=0x1763f90) at MagickCore/constitute.c:547
#11 0x0000000000c23a6b in ReadImages (image_info=0x1764110, filename=0x175f1f0 "/home/moshe/Desktop/imagemagick_crashes/examine_more/sf_540cee04253030f363f7902b6edc732d-lpszam-0x00000000-minimized.tga", exception=0x1763f90) at MagickCore/constitute.c:846
#12 0x0000000001302829 in CLINoImageOperator (cli_wand=cli_wand@entry=0x1761320, option=option@entry=0x138d002 "-read", arg1n=arg1n@entry=0x7fffffffe12f "/home/moshe/Desktop/imagemagick_crashes/examine_more/sf_540cee04253030f363f7902b6edc732d-lpszam-0x00000000-minimized.tga", arg2n=arg2n@entry=0x0) at MagickWand/operation.c:4654
#13 0x0000000001305cb1 in CLIOption (cli_wand=cli_wand@entry=0x1761320, option=option@entry=0x138d002 "-read") at MagickWand/operation.c:5148
#14 0x000000000110d833 in ProcessCommandOptions (cli_wand=cli_wand@entry=0x1761320, argc=argc@entry=0x3, argv=argv@entry=0x7fffffffdd68, index=index@entry=0x1) at MagickWand/magick-cli.c:421
#15 0x000000000110f64f in MagickImageCommand (image_info=image_info@entry=0x1764110, argc=argc@entry=0x3, argv=argv@entry=0x7fffffffdd68, metadata=metadata@entry=0x0, exception=exception@entry=0x1763f90) at MagickWand/magick-cli.c:786
#16 0x0000000001164ade in MagickCommandGenesis (image_info=image_info@entry=0x1764110, command=0x110e300 <MagickImageCommand>, argc=argc@entry=0x3, argv=argv@entry=0x7fffffffdd68, metadata=metadata@entry=0x0, exception=exception@entry=0x1763f90) at MagickWand/mogrify.c:172
#17 0x000000000041238f in MagickMain (argv=0x7fffffffdd68, argc=0x3) at utilities/magick.c:74
#18 main (argc=0x3, argv=0x7fffffffdd68) at utilities/magick.c:85
Thanks; has this been reported upstream yet? has this been assigned a CVE yet?
Thanks