SEGV in ImageMagick/MagickCore/locale.c:1517

Bug #1545367 reported by Moshe Kaplan on 2016-02-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
Undecided
Unassigned

Bug Description

This bug was found while fuzzing ImageMagick with afl-fuzz

Tested on ImageMagick git commit <unknown>

Command: magick id:000359,sig:06,src:006660,op:havoc,rep:2 /dev/null

ASAN:SIGSEGV
=================================================================
==4985==ERROR: AddressSanitizer: SEGV on unknown address 0xa13fa11c (pc 0x0808c946 sp 0xbff94780 bp 0xbff947c8 T0)
    #0 0x808c945 in strncasecmp (/usr/local/bin/magick+0x808c945)
    #1 0x814fe14 in LocaleNCompare /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/locale.c:1517
    #2 0x82857c5 in WriteTo8BimProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:1431
    #3 0x8284fac in DeleteImageProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:192
    #4 0x89e9ec4 in TransformImageColorspace /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/colorspace.c:1281
    #5 0x873f635 in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2735
    #6 0x8a6b5b8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091
    #7 0x8a6ef9c in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309
    #8 0x92af4ff in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714
    #9 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174
    #10 0x9045373 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526
    #11 0x90477f5 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786
    #12 0x904bcd9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172
    #13 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74
    #14 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85
    #15 0xb7517a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #16 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strncasecmp
==4985==ABORTING

Moshe Kaplan (mk-moshe-kaplan) wrote :

input file to trigger crash

Steve Beattie (sbeattie) wrote :
Changed in imagemagick (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.9.6.6+dfsg-1ubuntu3

---------------
imagemagick (8:6.9.6.6+dfsg-1ubuntu3) zesty; urgency=medium

  * debian/patches/0020-Revert-GradientImage-change.patch: Revert patch
    per https://github.com/ImageMagick/ImageMagick/issues/316. Thanks
    to Cristy <email address hidden>. Closes LP: #1645406.

 -- Nishanth Aravamudan <email address hidden> Tue, 06 Dec 2016 17:26:36 +0100

Changed in imagemagick (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.