[Pkg-gmagick-im-team] Bug#847058: imagemagick: Regression in wheezy-lts security update
Antti Salmela
asalmela at iki.fi
Mon Dec 5 09:27:15 UTC 2016
Package: imagemagick
Version: 8:6.7.7.10-5+deb7u8
Severity: important
Dear Maintainer,
after upgrading to 6.7.7.10-5+deb7u8, retrieving image properties of some images
with php5-imagick library started to segfault.
Following image from Wikipedia can be used to reproduce:
https://upload.wikimedia.org/wikipedia/commons/d/de/Bananavarieties.jpg
as at wheezy:~$ php -r '$tmp = new Imagick("Bananavarieties.jpg");
var_dump($tmp->identifyImage());'
Segmentation fault
as at wheezy:~$ gdb /usr/bin/php5
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/php5...Reading symbols from
/usr/lib/debug/usr/bin/php5...done.
done.
(gdb) run -r '$tmp = new Imagick("Bananavarieties.jpg");var_dump($tmp->identifyImage());'
Starting program: /usr/bin/php5 -r '$tmp = new Imagick("Bananavarieties.jpg"); var_dump($tmp->identifyImage());'
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe9c59700 (LWP 366)]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4ef2704 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff4ef2704 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fffebdba35a in SubstituteString () from
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#2 0x00007fffebd5fcee in GetImageProperty () from
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#3 0x00007fffebd20aff in IdentifyImage () from
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5
#4 0x00007fffec157cef in MagickIdentifyImage () from
/usr/lib/x86_64-linux-gnu/libMagickWand.so.5
#5 0x00007fffec40a1db in zim_imagick_identifyimage () from
/usr/lib/php5/20100525/imagick.so
#6 0x00000000007512a1 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f9f060)
at /build/php5-Dim6aK/php5-5.4.45/Zend/zend_vm_execute.h:643
#7 0x000000000070ac57 in execute (op_array=0x7ffff7fd2198)
at /build/php5-Dim6aK/php5-5.4.45/Zend/zend_vm_execute.h:410
#8 0x000000000069c876 in zend_eval_stringl (
str=0x7fffffffe89c "$tmp = new Imagick(\"Bananavarieties.jpg\");
var_dump($tmp->identifyImage());", str_len=2,
retval_ptr=0x0, string_name=0xaed380 "Command line code")
at /build/php5-Dim6aK/php5-5.4.45/Zend/zend_execute_API.c:1205
#9 0x000000000069c949 in zend_eval_stringl_ex (str=0x6d6f433a66697865
<Address 0x6d6f433a66697865 out of bounds>,
str_len=101, retval_ptr=0x7fffebe1f398, string_name=0x5 <Address 0x5
out of bounds>, handle_exceptions=1)
at /build/php5-Dim6aK/php5-5.4.45/Zend/zend_execute_API.c:1252
#10 0x0000000000753924 in do_cli (argc=-5988, argv=0x7fffffffe89c)
at /build/php5-Dim6aK/php5-5.4.45/sapi/cli/php_cli.c:1029
#11 0x0000000000431aaf in main (argc=32767, argv=0xe181f0)
at /build/php5-Dim6aK/php5-5.4.45/sapi/cli/php_cli.c:1365
With imagemagick downgraded to 6.7.7.10-5+deb7u7 :
as at wheezy:~$ php -r '$tmp = new Imagick("Bananavarieties.jpg"); var_dump($tmp->identifyImage());'
array(9) {
["imageName"]=>
string(20) "/Bananavarieties.jpg"
["format"]=>
string(51) "JPEG (Joint Photographic Experts Group JFIF format)"
["geometry"]=>
array(2) {
["width"]=>
int(387)
["height"]=>
int(221)
}
["resolution"]=>
array(2) {
["x"]=>
float(72)
["y"]=>
float(72)
}
["units"]=>
string(13) "PixelsPerInch"
["type"]=>
string(9) "TrueColor"
["colorSpace"]=>
string(4) "sRGB"
["compression"]=>
string(4) "JPEG"
["fileSize"]=>
string(6) "60.2KB"
}
-- System Information:
Debian Release: 7.11
APT prefers oldstable
APT policy: (900, 'oldstable'), (899, 'oldstable-updates'), (890, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages imagemagick depends on:
ii hicolor-icon-theme 0.12-1
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-38+deb7u11
ii libfontconfig1 2.9.0-7.1+deb7u1
ii libfreetype6 2.4.9-1.1+deb7u3
ii libglib2.0-0 2.33.12+really2.32.4-5
ii libgomp1 4.7.2-5
ii libice6 2:1.0.8-2
ii libjpeg8 8d-1+deb7u1
ii liblcms2-2 2.2+git20110628-2.2+deb7u1
ii liblqr-1-0 0.4.1-2
ii libltdl7 2.4.2-1.1
ii liblzma5 5.1.1alpha+20120614-2
ii libmagickcore5 8:6.7.7.10-5+deb7u8
ii libmagickwand5 8:6.7.7.10-5+deb7u8
ii libsm6 2:1.2.1-2
ii libtiff4 3.9.6-11+deb7u2
ii libx11-6 2:1.5.0-1+deb7u3
ii libxext6 2:1.3.1-2+deb7u1
ii libxt6 1:1.1.3-1+deb7u1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages imagemagick recommends:
pn ghostscript <none>
ii libmagickcore5-extra 8:6.7.7.10-5+deb7u8
pn netpbm <none>
pn ufraw-batch <none>
Versions of packages imagemagick suggests:
pn autotrace <none>
pn cups-bsd | lpr | lprng <none>
ii curl 7.26.0-1+wheezy17
pn enscript <none>
pn ffmpeg <none>
pn gimp <none>
pn gnuplot <none>
pn grads <none>
ii groff-base 1.21-9
pn hp2xx <none>
pn html2ps <none>
pn imagemagick-doc <none>
pn libwmf-bin <none>
pn mplayer <none>
pn povray <none>
pn radiance <none>
pn sane-utils <none>
pn texlive-base-bin <none>
pn transfig <none>
pn xdg-utils <none>
-- no debconf information
More information about the Pkg-gmagick-im-team
mailing list