memory leak in WriteCALSImage

[jgj212]

Version: ImageMagick 7.0.6-2 Q16 x86_64

./magick convert $FILE  out.cals

==6072==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4deeb6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7fe2e0a3a186 in AcquireMagickMemory memory.c:464:10
    #2 0x7fe2e09ea7c3 in AcquireImageInfo image.c:347:28
    #3 0x7fe2e09f3933 in CloneImageInfo image.c:952:14
    #4 0x7fe2e0d4b357 in WriteCALSImage cals.c:554:14
    #5 0x7fe2e08196fe in WriteImage constitute.c:1114:14
    #6 0x7fe2e081a5fd in WriteImages constitute.c:1333:13
    #7 0x7fe2dfec5900 in ConvertImageCommand convert.c:3280:11
    #8 0x7fe2e00140cf in MagickCommandGenesis mogrify.c:183:14
    #9 0x514a37 in MagickMain magick.c:149:10
    #10 0x514491 in main magick.c:180:10
    #11 0x7fe2da851f44 in __libc_start_main libc-start.c:287

SUMMARY: AddressSanitizer: 13024 byte(s) leaked in 1 allocation(s).

POC: https://github.com/jgj212/poc/blob/master/leak-WriteCALSImage

Credit : ADLab of Venustech

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2017-12669.