memory leak in WritePICTImage

[jgj212]

Version: ImageMagick 7.0.6-2 Q16 x86_64

./magick convert $FILE  out.pict

==12532==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 512 byte(s) in 1 object(s) allocated from:
    #0 0x4deeb6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7f8f684be186 in AcquireMagickMemory memory.c:464:10
    #2 0x7f8f684be1e8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7f8f6898c643 in WritePICTImage pict.c:1740:28
    #4 0x7f8f6829d6fe in WriteImage constitute.c:1114:14
    #5 0x7f8f6829e5fd in WriteImages constitute.c:1333:13
    #6 0x7f8f67949900 in ConvertImageCommand convert.c:3280:11
    #7 0x7f8f67a980cf in MagickCommandGenesis mogrify.c:183:14
    #8 0x514a37 in MagickMain magick.c:149:10
    #9 0x514491 in main magick.c:180:10
    #10 0x7f8f622d5f44 in __libc_start_main libc-start.c:287

Direct leak of 128 byte(s) in 1 object(s) allocated from:
    #0 0x4deeb6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7f8f684be186 in AcquireMagickMemory memory.c:464:10
    #2 0x7f8f684be1e8 in AcquireQuantumMemory memory.c:537:10
    #3 0x7f8f6898c666 in WritePICTImage pict.c:1741:37
    #4 0x7f8f6829d6fe in WriteImage constitute.c:1114:14
    #5 0x7f8f6829e5fd in WriteImages constitute.c:1333:13
    #6 0x7f8f67949900 in ConvertImageCommand convert.c:3280:11
    #7 0x7f8f67a980cf in MagickCommandGenesis mogrify.c:183:14
    #8 0x514a37 in MagickMain magick.c:149:10
    #9 0x514491 in main magick.c:180:10
    #10 0x7f8f622d5f44 in __libc_start_main libc-start.c:287

POC: https://github.com/jgj212/poc/blob/master/leak-WritePICTImage

Credit : ADLab of Venustech

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2017-12665.