Null Pointer Dereference at ExpandRotateKernelInfo of MagickCore/morphology.c

Hi all,

ImageMagick-7.0.6-5

`CloneKernelInfo`  uses `AcquireMagickMemory` and it might return NULL, and causing Null Pointer Dereference and Denial of Service.

the following function `ExpandRotateKernelInfo` use `CloneKernelInfo` with out Null checking:
https://github.com/ImageMagick/ImageMagick/blob/0db4d8a1685ad2e60e31b322086332432fd878df/MagickCore/morphology.c#L2414
```cpp
static void ExpandRotateKernelInfo(KernelInfo *kernel, const double angle)
{
  KernelInfo
    *clone,
    *last;

  last = kernel;
DisableMSCWarning(4127)
  while(1) {
RestoreMSCWarning
    clone = CloneKernelInfo(last);      // returns NULL if it AcquireMagickMemory fails
    RotateKernelInfo(clone, angle);        // dereference variable clone
    if ( SameKernelInfo(kernel, clone) != MagickFalse )
      break;
    LastKernelInfo(last)->next = clone;
    last = clone;
  }
  clone = DestroyKernelInfo(clone); /* kernel has repeated - junk the clone */
  return;
}
```

Similar usage of CloneKernelInfo might share the same issue:
https://github.com/ImageMagick/ImageMagick/blob/0db4d8a1685ad2e60e31b322086332432fd878df/MagickCore/morphology.c#L2336

Regards,
Alex, SourceBrella Inc.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Null Pointer Dereference at ExpandRotateKernelInfo of MagickCore/morphology.c #774

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Null Pointer Dereference at ExpandRotateKernelInfo of MagickCore/morphology.c #774

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions