From bb985c48e22219bcc62434cdd54b8894b0a1c7c1 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@git.imagemagick.org>
Date: Tue, 2 May 2017 08:34:29 +0200
Subject: [PATCH] CVE-2017-9405: the ReadICONImage function in icon.c:452
 allows attackers to cause a denial of service (memory leak) via a crafted
 file.

Fixed memory leak reported in #457.

bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864087
bug: https://github.com/ImageMagick/ImageMagick/issues/457
origin: https://github.com/ImageMagick/ImageMagick/commit/29b52a2856c00bae0f11492a124b8d6c1dd9b830

(cherry picked from commit 29b52a2856c00bae0f11492a124b8d6c1dd9b830)
---
 coders/icon.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/coders/icon.c b/coders/icon.c
index 6bcec54b8..adb4f7965 100644
--- a/coders/icon.c
+++ b/coders/icon.c
@@ -445,8 +445,12 @@ static Image *ReadICONImage(const ImageInfo *image_info,
             ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
           count=ReadBlob(image,(size_t) (4*image->colors),icon_colormap);
           if (count != (ssize_t) (4*image->colors))
-            ThrowReaderException(CorruptImageError,
-              "InsufficientImageDataInFile");
+            {
+              icon_colormap=(unsigned char *) RelinquishMagickMemory(
+                icon_colormap);
+              ThrowReaderException(CorruptImageError,
+                "InsufficientImageDataInFile");
+            }
           p=icon_colormap;
           for (i=0; i < (ssize_t) image->colors; i++)
           {