formatIPTCfromBuffer memory leak

[schumilo]

Prerequisites

• I have written a descriptive issue title
• I have verified that I am using the latest version of ImageMagick
• I have searched open and closed issues to ensure it has not already been reported

Description

Memory leak in formatIPTCfromBuffer.
ASAN Report:

=================================================================
==14089==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 14249 byte(s) in 1 object(s) allocated from:
    #0 0x4b9228 in __interceptor_malloc (/home/sergej/ImageMagick/.libs/lt-magick+0x4b9228)
    #1 0x7fb99ce84cdd in formatIPTCfromBuffer /home/sergej/ImageMagick/coders/meta.c:2081
    #2 0x7fb99ce84cdd in format8BIM /home/sergej/ImageMagick/coders/meta.c:2242

SUMMARY: AddressSanitizer: 14249 byte(s) leaked in 1 allocation(s).

Found with a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL).

Credits: Sergej Schumilo, Cornelius Aschermann (Ruhr-Universität Bochum)

Steps to Reproduce

memleak_2.zip

# Using an ASAN build of ImageMagick
ASAN_OPTIONS=allow_addr2line=true ./magick_asan memleak_2 /dev/null 

System Configuration

• ImageMagick version: ImageMagick 7.0.7-29 Q16 x86_64 2018-04-30
• Environment (Operating system, version and so on): Ubuntu 16.04.4 LTS
• Additional information:

[urban-warrior]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2018-16750.