coders/miff.c colormap potential memory-leak bug

[fisher2020]

Prerequisites

• I have written a descriptive issue title
• I have verified that I am using the latest version of ImageMagick
• I have searched open and closed issues to ensure it has not already been reported

Description

a potential memory leak bug locates in coders/miff.c

Steps to Reproduce

the bug locates in
https://github.com/ImageMagick/ImageMagick/blob/master/coders/miff.c#L2420
the code frament is as follows: the code locates in a if block,and we allocate colormap memory in the if block, we freed it in normal branch，but forgot free it in exception branch

        colormap_size=(size_t) (3*quantum_info->depth/8);
        colormap=(unsigned char *) AcquireQuantumMemory(image->colors,
          colormap_size*sizeof(*colormap));   // allocate memory of colormap
        if (colormap == (unsigned char *) NULL)
          ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
        /*
          Write colormap to file.
        */
        q=colormap;
        for (i=0; i < (ssize_t) image->colors; i++)
        {
          switch (quantum_info->depth)
          {
            default:
              ThrowWriterException(CorruptImageError,"ImageDepthNotSupported"); // we forget free colormap memory here
            case 32:

credit: www.vackbot.com(墨云科技)

System Configuration

[urban-warrior]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2018-14436.