Ubuntu
imagemagick package

SEGV in MagickCore/memory.c:974

Bug #1542125 reported by Moshe Kaplan on 2016-02-05

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ImageMagick	Fix Released	Unknown	auto-github-imagemagick-imagemagick #123
	imagemagick (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

This bug was found while fuzzing ImageMagick with afl-fuzz

Tested on ImageMagick git commit %s

Command: magick id:000004,sig:06,src:000000,op:int32,pos:16,val:-1 /dev/null

ASAN:SIGSEGV
=================================================================
==18636==ERROR: AddressSanitizer: SEGV on unknown address 0x00ecfeef (pc 0x080839f2 sp 0xbfd20580 bp 0xbfd20610 T0)
    #0 0x80839f1 in __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839f1)
    #1 0x80839a3 in __asan::asan_free(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839a3)
    #2 0x80c6a61 in __interceptor_free (/usr/local/bin/magick+0x80c6a61)
    #3 0x818d2e8 in RelinquishMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:974
    #4 0x82c0fc6 in DestroySplayTree /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/splay-tree.c:695
    #5 0x819ce1f in DestroyImageOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/option.c:1954
    #6 0x8105132 in DestroyImageInfo /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1277
    #7 0x80ffe67 in DestroyImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1213
    #8 0x813321c in DeleteImageFromList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:298
    #9 0x813321c in DestroyImageList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:451
    #10 0x87f79b3 in ReadSUNImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/sun.c:300
    #11 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494
    #12 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844
    #13 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685
    #14 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179
    #15 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474
    #16 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786
    #17 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172
    #18 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74
    #19 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85
    #20 0xb7475a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #21 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType)
==18636==ABORTING