OSS-fuzz bug #67932

This turns out to be another case like Bug #705722 and I've opted to fix
it in exactly the same way. I've also scanned the other cases where
tile_fill_init() is used, and fixed those too.

Quoting the text from commit a003e870a11d13659666311e8b3059ba9fda3651

-----------------------------------------------------------------------
If initialisation for tile filling fails, make sure to cleanup the tile
clipper device if it was setup. The reason being that clipper device forwards
drawing operations to a memory device, embedded in itself (i.e. not a separate
memory allocation just for the memory device).

This means if the clipper device (with its target set to that internal memory
device) persists until a gc run occurs, when the garbager attempts to reloc the
clipper's target pointer, it will access adjacent values in device structure,
not the memory manager header it expects. Thus it will reloc to a nonsensical
location, and ultimately, will crash.