Page 1 of 1

SIGABRT - lt-convert - IM6 SVN - 2dad54b8 - magick/locale.c:460

Posted: 2014-12-28T21:43:57-07:00
by JodieC
Source file: https://www.dropbox.com/s/08gplggj9tqkgna/2dad54b8?dl=0

To reproduce:

Code: Select all

convert 2dad54b8 png:/dev/null
Output:

Code: Select all

Aborted (core dumped)
(This ran for about 30 seconds, used up around 827MB of RSS when I was running it)

BT:

Code: Select all

Core was generated by `/home/jodicun/opt/ImageMagick-2014-12-19/utilities/.libs/lt-convert ./fuzzer141'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6e8afc8 in __GI_abort () at abort.c:89
#2  0x00007ffff78b4171 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3  <signal handler called>
#4  0x00007ffff6e87bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007ffff6e8afc8 in __GI_abort () at abort.c:89
#6  0x00007ffff78b4171 in MagickSignalHandler (signal_number=24) at magick/magick.c:1171
#7  <signal handler called>
#8  0x00007ffff6e9f589 in _IO_vfprintf_internal (s=s@entry=0x7ffffffeb9e0, format=<optimized out>, format@entry=0x7ffff7a64ec1 "%.*g%sB", ap=ap@entry=0x7ffffffebb88) at vfprintf.c:1660
#9  0x00007ffff6f5acb5 in ___vsnprintf_chk (s=s@entry=0x7ffffffedcc0 "", maxlen=<optimized out>, maxlen@entry=4096, flags=flags@entry=1, slen=slen@entry=18446744073709551615, format=format@entry=0x7ffff7a64ec1 "%.*g%sB", args=args@entry=0x7ffffffebb88) at vsnprintf_chk.c:63
#10 0x00007ffff78afa46 in vsnprintf (__ap=0x7ffffffebb88, __fmt=0x7ffff7a64ec1 "%.*g%sB", __n=4096, __s=0x7ffffffedcc0 "") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:77
#11 FormatLocaleStringList (string=0x7ffffffedcc0 "", length=4096, format=0x7ffff7a64ec1 "%.*g%sB", operands=operands@entry=0x7ffffffebb88) at magick/locale.c:460
#12 0x00007ffff78afb22 in FormatLocaleString (string=string@entry=0x7ffffffedcc0 "", length=length@entry=4096, format=format@entry=0x7ffff7a64ec1 "%.*g%sB") at magick/locale.c:485
#13 0x00007ffff793692a in FormatMagickSize (size=size@entry=32, bi=bi@entry=MagickFalse, format=format@entry=0x7ffffffedcc0 "") at magick/string.c:1121
#14 0x00007ffff7915f7d in AcquireMagickResource (type=type@entry=HeightResource, size=32) at magick/resource.c:176
#15 0x00007ffff77ddb56 in OpenPixelCache (image=image@entry=0x31b96750, mode=mode@entry=IOMode, exception=exception@entry=0x31b999c8) at magick/cache.c:3497
#16 0x00007ffff77c3322 in GetImagePixelCache (image=image@entry=0x31b96750, clone=clone@entry=MagickTrue, exception=exception@entry=0x31b999c8) at magick/cache.c:1551
#17 0x00007ffff77e16bb in SyncImagePixelCache (image=image@entry=0x31b96750, exception=exception@entry=0x31b999c8) at magick/cache.c:5127
#18 0x00007ffff78a45a1 in SetImageExtent (image=image@entry=0x31b96750, columns=<optimized out>, rows=<optimized out>) at magick/image.c:2456
#19 0x00007ffff798fdc2 in ReadDDSImage (image_info=0x60e050, exception=0x604990) at coders/dds.c:1858
#20 0x00007ffff780d8b8 in ReadImage (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:547
#21 0x00007ffff780e953 in ReadImages (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:853
System Details:
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

ImageMagick 6 compiled from SVN checkout 20141227.

Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )

Re: SIGABRT - lt-convert - IM6 SVN - 2dad54b8 - magick/locale.c:460

Posted: 2014-12-29T07:39:16-07:00
by magick
Use resource limits:
  • convert -limit memory 50MB -limit map 50MB -limit disk 50MB 2dad54b8 null:
    convert: cache resources exhausted `2dad54b8' @ error/cache.c/OpenPixelCache/3642.
    convert: no images defined `null:' @ error/convert.c/ConvertImageCommand/3210.

Re: SIGABRT - lt-convert - IM6 SVN - 2dad54b8 - magick/locale.c:460

Posted: 2014-12-29T15:23:45-07:00
by dlemstra
I added a patch for this and the processing of the image will stop a bit earlier:

Code: Select all

D:\Images\Fuzz>convert 2dad54b8 null:
convert.exe: Unexpected end-of-file `2dad54b8': No such file or directory @ error/dds.c/SkipRGBMipmaps/2422.

Re: SIGABRT - lt-convert - IM6 SVN - 2dad54b8 - magick/locale.c:460

Posted: 2015-01-01T06:27:33-07:00
by JodieC
Dies better after the patch, thanks!