Package: src:imagemagick Version: 8:6.7.7.10-5 Severity: serious Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org control: found -1 8:6.6.0.4-3
Does not affect sid/jessie ---------- Forwarded message ---------- From: Stefan Pöschel <1671...@bugs.launchpad.net> Date: Thu, Mar 9, 2017 at 10:21 PM Subject: [Bug 1671630] [NEW] Memleak in IsOptionMember To: roucaries.bastien+b...@gmail.com Public bug reported: The ImageMagick version shipped with Ubuntu 16.04 (version 8:6.8.9.9-7ubuntu5.5) is affected by a memory leak. This has been fixed in the following commit: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b So I request this fix to be backported to 16.04 (and other affect version, if applicable; 14.04 is not affected). The tool ODR-PadEnc which I maintain is affected by the bug: https://github.com/Opendigitalradio/ODR-PadEnc/issues/2 Here one of the outputs that Valgrind procudes for each invokation - in this case, I used 14.04 with http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9.orig.tar.xz as I have 16.04 only running in a VM. The patches within http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9-7ubuntu5.5.debian.tar.xz do NOT address this bug. ==1961== 455,322 bytes in 111 blocks are definitely lost in loss record 1,761 of 1,762 ==1961== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1961== by 0x5E2DB3E: AcquireString (string.c:132) ==1961== by 0x5E2FC10: StringToArgv (string.c:2196) ==1961== by 0x5DC46F7: IsOptionMember (option.c:2278) ==1961== by 0x5F3F789: WritePNGImage (png.c:11996) ==1961== by 0x5D12B11: WriteImage (constitute.c:1184) ==1961== by 0x5CDE340: ImageToBlob (blob.c:1607) ==1961== by 0x40D7A5: SLSManager::encodeFile(std::string const&, int, bool) (sls.cpp:392) ==1961== by 0x4038B1: main (odr-padenc.cpp:324) ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are subscribed to imagemagick in Ubuntu. https://bugs.launchpad.net/bugs/1671630 Title: Memleak in IsOptionMember Status in imagemagick package in Ubuntu: New Bug description: The ImageMagick version shipped with Ubuntu 16.04 (version 8:6.8.9.9-7ubuntu5.5) is affected by a memory leak. This has been fixed in the following commit: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b So I request this fix to be backported to 16.04 (and other affect version, if applicable; 14.04 is not affected). The tool ODR-PadEnc which I maintain is affected by the bug: https://github.com/Opendigitalradio/ODR-PadEnc/issues/2 Here one of the outputs that Valgrind procudes for each invokation - in this case, I used 14.04 with http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9.orig.tar.xz as I have 16.04 only running in a VM. The patches within http://archive.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.8.9.9-7ubuntu5.5.debian.tar.xz do NOT address this bug. ==1961== 455,322 bytes in 111 blocks are definitely lost in loss record 1,761 of 1,762 ==1961== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1961== by 0x5E2DB3E: AcquireString (string.c:132) ==1961== by 0x5E2FC10: StringToArgv (string.c:2196) ==1961== by 0x5DC46F7: IsOptionMember (option.c:2278) ==1961== by 0x5F3F789: WritePNGImage (png.c:11996) ==1961== by 0x5D12B11: WriteImage (constitute.c:1184) ==1961== by 0x5CDE340: ImageToBlob (blob.c:1607) ==1961== by 0x40D7A5: SLSManager::encodeFile(std::string const&, int, bool) (sls.cpp:392) ==1961== by 0x4038B1: main (odr-padenc.cpp:324) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1671630/+subscriptions