SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by JodieC »

Tested 12/15/2014 with http://www.imagemagick.org/download/bet ... 215.tar.gz Result: Fail
User avatar
dlemstra
Posts: 1570
Joined: 2013-05-04T15:28:54-07:00
Authentication code: 6789
Contact:

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by dlemstra »

Can you try with a newer beta or a svn checkout? I am getting the following output:

Code: Select all

D:\Images\Fuzz>convert 36b70be2 36b70be2.png
convert.exe: Negative or zero image size `36b70be2' @ error/pnm.c/ReadPNMImage/417.
convert.exe: no images defined `36b70be2.png' @ error/convert.c/ConvertImageCommand/3210.
.NET + ImageMagick = Magick.NET https://github.com/dlemstra/Magick.NET, @MagickNET, Donate
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by JodieC »

User avatar
dlemstra
Posts: 1570
Joined: 2013-05-04T15:28:54-07:00
Authentication code: 6789
Contact:

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by dlemstra »

Would you mind adding a stacktrace, I cannot seem to make it crash and we are using the same version of pnm.c
.NET + ImageMagick = Magick.NET https://github.com/dlemstra/Magick.NET, @MagickNET, Donate
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by JodieC »

Here you go sir.

Code: Select all

Core was generated by `../../ImageMagick-6.9.0-1/utilities/.libs/convert ./36b70be2?dl=0 png:/dev/null'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6051fc8 in __GI_abort () at abort.c:89
#2  0x00007ffff73a17a5 in MagickSignalHandler (signal_number=6) at magick/magick.c:1171
#3  <signal handler called>
#4  0x00007ffff604ebb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007ffff6051fc8 in __GI_abort () at abort.c:89
#6  0x00007ffff6047a76 in __assert_fail_base (fmt=0x7ffff61992b0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x7ffff7ac0fa0 "quantum_info->pixels[i][extent] == 0xab", file=file@entry=0x7ffff7ac0ea0 "magick/quantum.c", 
    line=line@entry=259, function=function@entry=0x7ffff7ac1370 <__PRETTY_FUNCTION__.12359> "DestroyQuantumPixels") at assert.c:92
#7  0x00007ffff6047b22 in __GI___assert_fail (assertion=assertion@entry=0x7ffff7ac0fa0 "quantum_info->pixels[i][extent] == 0xab", 
    file=file@entry=0x7ffff7ac0ea0 "magick/quantum.c", line=line@entry=259, 
    function=function@entry=0x7ffff7ac1370 <__PRETTY_FUNCTION__.12359> "DestroyQuantumPixels") at assert.c:101
#8  0x00007ffff74c1ab7 in DestroyQuantumPixels (quantum_info=quantum_info@entry=0x647470) at magick/quantum.c:259
#9  0x00007ffff74c1cd5 in DestroyQuantumInfo (quantum_info=0x647470) at magick/quantum.c:211
#10 0x00007ffff795eaaa in ReadPNMImage (image_info=0x60e050, exception=0x604990) at coders/pnm.c:744
#11 0x00007ffff6ebf78a in ReadImage (image_info=image_info@entry=0x608ea0, exception=exception@entry=0x604990) at magick/constitute.c:547
#12 0x00007ffff6ec311b in ReadImages (image_info=0x608ea0, exception=0x604990) at magick/constitute.c:853
#13 0x00007ffff66dc8d2 in ConvertImageCommand (image_info=0x608ea0, argc=3, argv=0x604010, metadata=0x0, exception=0x604990) at wand/convert.c:622
#14 0x00007ffff68d3a7e in MagickCommandGenesis (image_info=0x604b10, command=0x4007c0 <ConvertImageCommand@plt>, argc=3, argv=0x7fffffffe388, 
    metadata=<optimized out>, exception=0x604990) at wand/mogrify.c:168
#15 0x0000000000400887 in ConvertMain (argv=0x7fffffffe388, argc=3) at utilities/convert.c:81
#16 main (argc=3, argv=0x7fffffffe388) at utilities/convert.c:92

FWIW this also ABRTs on 6.7.7.10-6ubuntu3.
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by magick »

Notice the stack trace shows an assertion @ magick/quantum.c:259. ImageMagick-6.9.0-1 Beta has this assertion @ line # 265 suggesting you are not running the latest ImageMagick 6.9.0-1 Beta.
User avatar
dlemstra
Posts: 1570
Joined: 2013-05-04T15:28:54-07:00
Authentication code: 6789
Contact:

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by dlemstra »

Maybe I am not reading your stack-trace properly but it looks like there is a call to DestroyQuantumInfo from line 744 of pnm.c. But with in the file you linked there is no such call on line 744. Are you using a different library by accident?
.NET + ImageMagick = Magick.NET https://github.com/dlemstra/Magick.NET, @MagickNET, Donate
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by JodieC »

Aha! Local environment was exporting variables with older libs (Fuzzer is still running on the vulnerable libs).

I will do another round on the outstanding bugs with library path.
JodieC
Posts: 82
Joined: 2014-10-03T21:38:50-07:00
Authentication code: 6789

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by JodieC »

It's good on this round.
broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by broucaries »

Where is the patch for this one ?
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: SIGABRT convert - IM 6.9.0-1 - 36b70be2

Post by magick »

Look for diffs from ImageMagick 6.9.0-0 and 6.9.0-1 in source modules magick/quantum.c and coders/pnm.c. We made numerous patches to pnm.c to address a number of flaws based on image fuzzing.
Post Reply