oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

imagemagick: null pointer must never be null (tiff.c)

From: Agostino Sarubbo <ago () gentoo org>
Date: Sat, 19 Nov 2016 17:18:26 +0100
If suitable for a CVE please assign one. Thanks.

Description:
imagemagick is a software suite to create, edit, compose, or convert bitmap 
images.

A fuzz on an updated version with the undefined behavior sanitizer enabled, 
revealed a null pointer which is declared to never be null.

The complete UBSan output:

# identify $FILE
coders/tiff.c:655:39: runtime error: null pointer passed as argument 2, which 
is declared to never be null
MagickCore/string_.h:76:23: note: nonnull attribute specified here

Affected version:
7.0.3.6

Fixed version:
7.0.3.7

Commit fix:
https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00049-imagemagick-pointernerverbenull

Timeline:
2016-11-09: bug discovered and reported to upstream
2016-11-09: upstream released a patch
2016-11-15: upstream released 7.0.3.7
2016-11-19: blog post about the issue

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c

-- 
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: