*** This bug is a security vulnerability *** Public security bug reported:
This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 5afc3a6a4c6cc8a2226bbd96ea60c80d975b56cc Command: magick id:000119,sig:06,src:001982,op:int32,pos:16,val:-1 /dev/null ASAN:SIGSEGV ================================================================= ==23655==ERROR: AddressSanitizer: SEGV on unknown address 0xfeffffff (pc 0x0808c433 sp 0xbfb18140 bp 0xbfb18188 T0) #0 0x808c432 in __interceptor_strcasecmp (/usr/local/bin/magick+0x808c432) #1 0x814aa4c in LocaleCompare /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/locale.c:1417 #2 0x8232e86 in CompareSplayTreeString /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:419 #3 0x823fdbe in Splay /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1492 #4 0x823040f in SplaySplayTree /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1583 #5 0x82351c0 in DeleteNodeFromSplayTree /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:619 #6 0x822281f in RelinquishUniqueFileResource /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/resource.c:1000 #7 0x88941e8 in RelinquishPixelCachePixels /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:886 #8 0x8893e87 in DestroyPixelCache /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:943 #9 0x8893b66 in DestroyImagePixels /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:823 #10 0x80ff39a in DestroyImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/image.c:1189 #11 0x8132efc in DeleteImageFromList /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:298 #12 0x8132efc in DestroyImageList /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:451 #13 0x8748c73 in ReadSUNImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/sun.c:300 #14 0x89163de in ReadImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:494 #15 0x89181ee in ReadImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:844 #16 0x8dac5b9 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4690 #17 0x8db4aa1 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5184 #18 0x8b3f08d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:474 #19 0x8b42405 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786 #20 0x8b468e9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 #21 0x80ddf3d in MagickMain /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74 #22 0x80ddf3d in main /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85 #23 0xb755aa82 in __libc_start_main /build/eglibc-617sU_/eglibc-2.19/csu/libc-start.c:287 #24 0x80ddd64 in _start (/usr/local/bin/magick+0x80ddd64) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 __interceptor_strcasecmp ==23655==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549042 Title: SEGV in MagickCore/locale.c:1417 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1549042/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs