out-of-bounds write in ./MagickCore/quantum-private.h:178

This bug was found while fuzzing ImageMagick with afl-fuzz

Tested on ImageMagick version Tested on git commit 8bc3ab67d818204fe5f0fe1dc29b873d37360461

Command: magick id:000081,sig:06,src:000075,op:havoc,rep:16 /dev/null

=================================================================
==12988==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4e029e1 at pc 0x8ecb2cb bp 0xbfa600b8 sp 0xbfa600b0
WRITE of size 1 at 0xb4e029e1 thread T0
    #0 0x8ecb2ca in PopCharPixel /home/user/Desktop/ImageMagick/./MagickCore/quantum-private.h:178
    #1 0x8ecb2ca in ExportRedQuantum /home/user/Desktop/ImageMagick/MagickCore/quantum-export.c:2996
    #2 0x8ecb2ca in ExportQuantumPixels /home/user/Desktop/ImageMagick/MagickCore/quantum-export.c:4045
    #3 0x859fec0 in WriteMATImage /home/user/Desktop/ImageMagick/coders/mat.c:1278
    #4 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091
    #5 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309
    #6 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697
    #7 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157
    #8 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526
    #9 0x910a545 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786
    #10 0x910ea29 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172
    #11 0x80de12d in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74
    #12 0x80de12d in main /home/user/Desktop/ImageMagick/utilities/magick.c:85
    #13 0xb7512a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #14 0x80ddf54 in _start (/usr/local/bin/magick+0x80ddf54)

0xb4e029e1 is located 0 bytes to the right of 353-byte region [0xb4e02880,0xb4e029e1)
allocated by thread T0 here:
    #0 0x80c6b81 in malloc (/usr/local/bin/magick+0x80c6b81)
    #1 0x8193319 in AcquireMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:475
    #2 0x8193319 in AcquireQuantumMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:548

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/ImageMagick/./MagickCore/quantum-private.h:178 PopCharPixel
Shadow bytes around the buggy address:
  0x369c04e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369c04f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369c0500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x369c0510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x369c0520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x369c0530: 00 00 00 00 00 00 00 00 00 00 00 00[01]fa fa fa
  0x369c0540: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x369c0550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x369c0560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x369c0570: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
  0x369c0580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  ASan internal: fe
==12988==ABORTING