Ubuntu
imagemagick package

IM-6 causes memory leaks when used with PHP after upgrade

Bug #2027598 reported by Piotr P
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After upgrading ImageMagick from 8:6.9.10.23+dfsg-2.1ubuntu11.7 to 8:6.9.10.23+dfsg-2.1ubuntu11.9, our PHP server that renders images started using up a lot of memory. Some changes in IM6 (or some bad incompatible implementation in php7.4-imagick plugin) is causing apparently memory leaks.

This was reproducible both on AWS EC2 instance and inside 20.04 Docker image.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: imagemagick-6-common 8:6.9.10.23+dfsg-2.1ubuntu11.9
ProcVersionSignature: Ubuntu 5.4.0-153.170-generic 5.4.235
Uname: Linux 5.4.0-153-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.27
Architecture: amd64
CasperMD5CheckResult: skip
Date: Wed Jul 12 17:28:33 2023
Dependencies:

PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Piotr P (pp-sp) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in imagemagick (Ubuntu):
status: New → Confirmed
Revision history for this message
Nick Browning (ccbcreg) wrote :

I'm seeing the memory leak too. I believe it is ImageMagick though. There is a bug fix for it here:

https://github.com/ImageMagick/ImageMagick6/commit/24a88a922df011830dde8329825b6ded73209db8

Is it possible for the package maintainers to update to ImageMagick 6.9.12-91?

https://github.com/ImageMagick/ImageMagick6/releases/tag/6.9.12-91

I believe that will fix the memory issue present downstream.

Revision history for this message
Nick Browning (ccbcreg) wrote :

Looks like there were two memory fixes:

https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12

and

https://github.com/ImageMagick/ImageMagick6/commit/24a88a922df011830dde8329825b6ded73209db8

Anyway, the new version ImageMagick 6.9.12-91 fixed the memory leak issue I was seeing with ImageMagick 6.9.12-90.

Hope that helps.

Revision history for this message
broucaries (roucaries-bastien+bugs) wrote :

If you have a test case self contained (a exponential memory usage is suffisant) I will do a release ASAP

rouca

Revision history for this message
Nick Browning (ccbcreg) wrote (last edit ):

Thanks Rouca,

Dirk Lemstra describes a memory leak command line example here in another downstream library:

convert -size 100x100 xc:red -draw "text 0,0 'Test'" info:

https://github.com/rmagick/rmagick/issues/1401#issuecomment-1636777233

Is that helpful?

Revision history for this message
Piotr P (pp-sp) wrote :

Hi,

Did anyone test the new IM version mentioned by ccbcreg as a Ubuntu package?

Revision history for this message
Nick Browning (ccbcreg) wrote :

As I mentioned above. I have tested ImageMagick 6.9.12-91 and it fixes the memory issues I have. I'm just waiting for a Ubuntu 20 package update to test. Please let me know where I can find the Ubuntu 20 package when it exists and I'll test immediately.

Revision history for this message
Nick Browning (ccbcreg) wrote :

Hey Rouca,

Since we have the CVE for ImageMagick 6.9.12-91, can we push out a Ubuntu security update for ImageMagick 6 please?

https://github.com/advisories/GHSA-j6x7-7g72-8ww2

You've mentioned that you needed CVE for RMagick too but that is a downstream library which is a ruby gem unrelated to the memory issue with ImageMagick 6.

https://github.com/rmagick/rmagick/issues/1401#issuecomment-1670121713

What is needed to push this forward?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.