GraphicsMagick / Bugs / #431 memory leak in ReadJNGImage

#431 memory leak in ReadJNGImage

Milestone: v1.0_(example)

Status: closed-works-for-me

Owner: Bob Friesenhahn

Labels: None

Priority: 5

Updated: 2017-08-12

Created: 2017-08-11

Creator: bestshow

Private: No

On GraphicsMagick 1.3.26 2017-07-04 Q8

A memory leak vulnerability was found in function ReadJNGImage in coders/png.c,which allow attackers to cause a denial of service via a crafted file.

#./gm identify $FILE
=================================================================
==39930==ERROR: detected memory leaks

Indirect leak of 6856 byte(s) in 1 object(s) allocated from:
    #0 0x4e96f6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x6dca7f in AllocateImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/image.c:336:18
    #2 0xaa777f in ReadJNGImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/png.c:3718:9
    #3 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
    #4 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
    #5 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
    #6 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
    #7 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
    #8 0x7fece074cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

Indirect leak of 4224 byte(s) in 1 object(s) allocated from:
    #0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
    #1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
    #2 0x769a32 in GetCacheInfo /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:1986:14
    #3 0xaa777f in ReadJNGImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/png.c:3718:9
    #4 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
    #5 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
    #6 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
    #7 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
    #8 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
    #9 0x7fece074cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

......

11839 byte(s) leaked in 14 allocation(s).

The poc file is in the attachment.

Credit: ADLab of Venustech

1 Attachments

gm_memory_leak_in_ReadJNGImage.jng

Discussion

Bob Friesenhahn - 2017-08-12

status: open --> closed-works-for-me

assigned_to: Bob Friesenhahn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bob Friesenhahn - 2017-08-12

This problem can no longer be reproduced with current Mercurial sources.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

memory leak in ReadJNGImage

Swiss army knife of image processing

Group

Searches

Help

#431 memory leak in ReadJNGImage

Discussion