From 53db7e046f76327b9ebd6bc4dbcb3e2c18fd76fe Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 24 Jun 2017 08:07:17 -0400
Subject: [PATCH] memory leak in ReadDIBImage in dib.c

The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak)
via a small crafted dib file.

bug: https://github.com/ImageMagick/ImageMagick/issues/522
bug-debian: https://bugs.debian.org/867811
origin: https://github.com/ImageMagick/ImageMagick/commit/e5b294754697d9e261224ad4f6e8eeee9e04275f
---
 coders/dib.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/coders/dib.c b/coders/dib.c
index 7fb021f91..e9d543da5 100644
--- a/coders/dib.c
+++ b/coders/dib.c
@@ -638,7 +638,10 @@ static Image *ReadDIBImage(const ImageInfo *image_info,ExceptionInfo *exception)
       packet_size=4;
       count=ReadBlob(image,packet_size*image->colors,dib_colormap);
       if (count != (ssize_t) (packet_size*image->colors))
-        ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+        {
+          dib_colormap=(unsigned char *) RelinquishMagickMemory(dib_colormap);
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+        }
       p=dib_colormap;
       for (i=0; i < (ssize_t) image->colors; i++)
       {