1320643 – imagemagick segfaults when trying to convert large PSD files

Bug 1320643 - imagemagick segfaults when trying to convert large PSD files

Summary: imagemagick segfaults when trying to convert large PSD files

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ImageMagick
Sub Component:
Version:	6.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Horak
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1269194
TreeView+	depends on / blocked

Reported:	2016-03-23 16:49 UTC by Joe Wright
Modified:	2019-12-16 05:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-19 14:13:17 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Joe Wright 2016-03-23 16:49:18 UTC

Description of problem:
- ImageMagick segfaults in PHP when trying to convert a PSD graphic greater than 30MB in size.

Version-Release number of selected component (if applicable):
ImageMagick-6.7.2.7-2.el6.x86_64

How reproducible:


Steps to Reproduce:
1. attempt to convert a PSD graphic 30MB or larger
2.
3.

Actual results:
- Coredump

(gdb) bt 5
#0  0x000000345ef11910 in IsEventLogging () from /usr/lib64/libMagickCore.so.5
#1  0x000000345ef11a6e in LogMagickEventList () from /usr/lib64/libMagickCore.so.5
#2  0x000000345ef126da in LogMagickEvent () from /usr/lib64/libMagickCore.so.5
#3  0x000000345efa3f58 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#4  0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
(More stack frames follow...)
(gdb) bt -15
#156250 0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156251 0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156252 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156253 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156254 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156255 0x000000345ef37a80 in GetImageProperty () from /usr/lib64/libMagickCore.so.5
#156256 0x000000345ef3a329 in SetImageProfile () from /usr/lib64/libMagickCore.so.5
#156257 0x000000345ef3a568 in SetImageProfile () from /usr/lib64/libMagickCore.so.5
#156258 0x00007f027bb9bffa in ?? () from /usr/lib64/ImageMagick-6.7.2/modules-Q16/coders/psd.so
#156259 0x000000345ee7e61c in ReadImage () from /usr/lib64/libMagickCore.so.5
#156260 0x000000345daab090 in MagickReadImage () from /usr/lib64/libMagickWand.so.5
#156261 0x00007f02818dc9ee in ?? ()
#156262 0x0000000003608690 in ?? ()
#156263 0x000000000058cc78 in ?? ()
#156264 0x0000000000000000 in ?? ()

Expected results:
- ImageMatick doesnt crash

Additional info:
 Backporting upstream imagemagick 6.8.9-1 should fix this

Note You need to log in before you can comment on or make changes to this bug.