Commit 248c1d2e5 for imagemagick.org
commit 248c1d2e5423c6ff1a9e50651f080c328c214636
Author: Cristy <urban-warrior@imagemagick.org>
Date: Thu Mar 12 19:05:24 2026 -0400
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-354p-2qx7-jg9g
diff --git a/MagickCore/distort.c b/MagickCore/distort.c
index ea61849dc..e282285b8 100644
--- a/MagickCore/distort.c
+++ b/MagickCore/distort.c
@@ -147,7 +147,7 @@ static size_t poly_number_terms(double order)
if ( order < 1 || order > 5 ||
( order != floor(order) && (order-1.5) > MagickEpsilon) )
return 0; /* invalid polynomial order */
- return((size_t) floor((order+1)*(order+2)/2));
+ return(CastDoubleToSizeT(floor((order+1.0)*(order+2.0)/2.0)));
}
static double poly_basis_fn(ssize_t n, double x, double y)
@@ -1131,7 +1131,7 @@ static double *GenerateCoefficients(const Image *image,
/* first two coefficients hold polynomial order information */
coeff[0] = arguments[0];
coeff[1] = (double) poly_number_terms(arguments[0]);
- nterms = (size_t) coeff[1];
+ nterms = CastDoubleToSizeT(coeff[1]);
/* create matrix, a fake vectors matrix, and least sqs terms */
matrix=AcquireMagickMatrix(nterms,nterms);
@@ -1791,8 +1791,8 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
"Invalid number of args: 2 only");
return((Image *) NULL);
}
- distort_image=DistortResizeImage(image,(size_t)arguments[0],
- (size_t)arguments[1], exception);
+ distort_image=DistortResizeImage(image,CastDoubleToSizeT(arguments[0]),
+ CastDoubleToSizeT(arguments[1]),exception);
return(distort_image);
}
@@ -1962,9 +1962,9 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
* for reversibility in a DePolar-Polar cycle */
fix_bounds = MagickFalse;
geometry.x = geometry.y = 0;
- geometry.height = (size_t) ceil(coeff[0]-coeff[1]);
- geometry.width = (size_t) ceil((coeff[0]-coeff[1])*
- (coeff[5]-coeff[4])*0.5);
+ geometry.height = CastDoubleToSizeT(ceil(coeff[0]-coeff[1]));
+ geometry.width = CastDoubleToSizeT(ceil((coeff[0]-coeff[1])*
+ (coeff[5]-coeff[4])*0.5));
/* correct scaling factors relative to new size */
coeff[6]=(coeff[5]-coeff[4]) * MagickSafeReciprocal(
(double) geometry.width); /* changed width */
@@ -1978,8 +1978,8 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
* center, or pixel edge. This allows for reversibility of the
* distortion */
geometry.x = geometry.y = 0;
- geometry.width = (size_t) ceil( 2.0*coeff[1]*tan(coeff[0]/2.0) );
- geometry.height = (size_t) ceil( 2.0*coeff[3]/cos(coeff[0]/2.0) );
+ geometry.width = CastDoubleToSizeT(ceil( 2.0*coeff[1]*tan(coeff[0]/2.0) ));
+ geometry.height = CastDoubleToSizeT(ceil( 2.0*coeff[3]/cos(coeff[0]/2.0) ));
/* correct center of distortion relative to new size */
coeff[4] = (double) geometry.width/2.0;
coeff[5] = (double) geometry.height/2.0;
@@ -1991,8 +1991,8 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
/* direct calculation center is either pixel center, or pixel edge
* so as to allow reversibility of the image distortion */
geometry.x = geometry.y = 0;
- geometry.width = (size_t) ceil(coeff[0]*coeff[1]); /* FOV * radius */
- geometry.height = (size_t) (2*coeff[3]); /* input image height */
+ geometry.width = CastDoubleToSizeT(ceil(coeff[0]*coeff[1])); /* FOV * radius */
+ geometry.height = CastDoubleToSizeT(2.0*coeff[3]); /* input image height */
/* correct center of distortion relative to new size */
coeff[4] = (double) geometry.width/2.0;
coeff[5] = (double) geometry.height/2.0;
@@ -2020,10 +2020,10 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
Do not do this for DePolar which needs to be exact for virtual tiling.
*/
if ( fix_bounds ) {
- geometry.x = (ssize_t) floor(min.x-0.5);
- geometry.y = (ssize_t) floor(min.y-0.5);
- geometry.width=(size_t) ceil(max.x-geometry.x+0.5);
- geometry.height=(size_t) ceil(max.y-geometry.y+0.5);
+ geometry.x = CastDoubleToSsizeT(floor(min.x-0.5));
+ geometry.y = CastDoubleToSsizeT(floor(min.y-0.5));
+ geometry.width=CastDoubleToSizeT(ceil(max.x-geometry.x+0.5));
+ geometry.height=CastDoubleToSizeT(ceil(max.y-geometry.y+0.5));
}
} /* end bestfit destination image calculations */
@@ -2227,7 +2227,7 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
}
case PolynomialDistortion:
{
- size_t nterms = (size_t) coeff[1];
+ size_t nterms = CastDoubleToSizeT(coeff[1]);
(void) FormatLocaleFile(stderr,
"Polynomial (order %lg, terms %lu), FX Equivalent\n",coeff[0],
(unsigned long) nterms);
@@ -2397,8 +2397,8 @@ MagickExport Image *DistortImage(const Image *image, DistortMethod method,
output_scaling = 1.0;
if (artifact != (const char *) NULL) {
output_scaling = fabs(StringToDouble(artifact,(char **) NULL));
- geometry.width=(size_t) (output_scaling*geometry.width+0.5);
- geometry.height=(size_t) (output_scaling*geometry.height+0.5);
+ geometry.width=CastDoubleToSizeT(output_scaling*geometry.width+0.5);
+ geometry.height=CastDoubleToSizeT(output_scaling*geometry.height+0.5);
geometry.x=(ssize_t) (output_scaling*geometry.x+0.5);
geometry.y=(ssize_t) (output_scaling*geometry.y+0.5);
if ( output_scaling < 0.1 ) {
diff --git a/MagickCore/fx.c b/MagickCore/fx.c
index 6b326be1e..7cd378485 100644
--- a/MagickCore/fx.c
+++ b/MagickCore/fx.c
@@ -3400,7 +3400,7 @@ static MagickBooleanType ExecuteRPN (FxInfo * pfx, fxRtT * pfxrt, fxFltType *res
regA = (fxFltType) 0.0;
break;
}
- regA = (fxFltType) ((size_t)(regA+0.5) << (size_t)(regB+0.5));
+ regA = (fxFltType) (CastDoubleToSizeT((double) regA+0.5) << CastDoubleToSizeT((double) regB+0.5));
break;
case oRshift:
if ((size_t) (regB+0.5) >= (8*sizeof(size_t)))
@@ -3410,7 +3410,7 @@ static MagickBooleanType ExecuteRPN (FxInfo * pfx, fxRtT * pfxrt, fxFltType *res
regA = (fxFltType) 0.0;
break;
}
- regA = (fxFltType) ((size_t)(regA+0.5) >> (size_t)(regB+0.5));
+ regA = (fxFltType) (CastDoubleToSizeT((double) regA+0.5) >> CastDoubleToSizeT((double) regB+0.5));
break;
case oEq:
regA = fabs((double) (regA-regB)) < MagickEpsilon ? 1.0 : 0.0;
@@ -3440,10 +3440,10 @@ static MagickBooleanType ExecuteRPN (FxInfo * pfx, fxRtT * pfxrt, fxFltType *res
regA = (regA==0) ? 1.0 : 0.0;
break;
case oBitAnd:
- regA = (fxFltType) ((size_t)(regA+0.5) & (size_t)(regB+0.5));
+ regA = (fxFltType) (CastDoubleToSizeT((double) regA+0.5) & CastDoubleToSizeT((double) regB+0.5));
break;
case oBitOr:
- regA = (fxFltType) ((size_t)(regA+0.5) | (size_t)(regB+0.5));
+ regA = (fxFltType) (CastDoubleToSizeT((double) regA+0.5) | CastDoubleToSizeT((double) regB+0.5));
break;
case oBitNot:
{
@@ -3451,7 +3451,7 @@ static MagickBooleanType ExecuteRPN (FxInfo * pfx, fxRtT * pfxrt, fxFltType *res
new_value;
/* Old fx doesn't add 0.5. */
- new_value=~(size_t)(regA+0.5);
+ new_value=~CastDoubleToSizeT((double) regA+0.5);
regA=(fxFltType) new_value;
break;
}
diff --git a/MagickCore/morphology.c b/MagickCore/morphology.c
index 727ac1001..29cfca7ac 100644
--- a/MagickCore/morphology.c
+++ b/MagickCore/morphology.c
@@ -100,9 +100,9 @@ static inline size_t fact(size_t n)
return(f);
}
#elif 1 /* glibc floating point alternatives */
-#define fact(n) ((size_t)tgamma((double)n+1))
+#define fact(n) (CastDoubleToSizeT(tgamma((double)n+1.0))
#else
-#define fact(n) ((size_t)lgamma((double)n+1))
+#define fact(n) (CastDoubleToSizeTlgamma((double)n+1.0))
#endif
@@ -277,8 +277,8 @@ static KernelInfo *ParseKernelArray(const char *kernel_string)
args.rho = 1.0; /* then width = 1 */
if ( args.sigma < 1.0 ) /* if height too small */
args.sigma = args.rho; /* then height = width */
- kernel->width = (size_t)args.rho;
- kernel->height = (size_t)args.sigma;
+ kernel->width = CastDoubleToSizeT(args.rho);
+ kernel->height = CastDoubleToSizeT(args.sigma);
/* Offset Handling and Checks */
if ( args.xi < 0.0 || args.psi < 0.0 )
@@ -306,7 +306,7 @@ static KernelInfo *ParseKernelArray(const char *kernel_string)
(void) GetNextToken(p,&p,MagickPathExtent,token);
}
/* set the size of the kernel - old sized square */
- kernel->width = kernel->height= (size_t) sqrt((double) i+1.0);
+ kernel->width = kernel->height= CastDoubleToSizeT(sqrt((double) i+1.0));
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
p=(const char *) kernel_string;
while ((isspace((int) ((unsigned char) *p)) != 0) || (*p == '\''))
@@ -1059,7 +1059,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
A, B, R;
if ( args->rho >= 1.0 )
- kernel->width = (size_t)args->rho*2+1;
+ kernel->width = CastDoubleToSizeT(args->rho*2.0+1.0);
else if ( (type != DoGKernel) || (sigma >= sigma2) )
kernel->width = GetOptimalKernelWidth2D(args->rho,sigma);
else
@@ -1151,7 +1151,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
alpha, beta;
if ( args->rho >= 1.0 )
- kernel->width = (size_t)args->rho*2+1;
+ kernel->width = CastDoubleToSizeT(args->rho*2.0+1.0);
else
kernel->width = GetOptimalKernelWidth1D(args->rho,sigma);
kernel->height = 1;
@@ -1241,7 +1241,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if ( args->rho < 1.0 )
kernel->width = (GetOptimalKernelWidth1D(args->rho,sigma)-1)/2+1;
else
- kernel->width = (size_t)args->rho;
+ kernel->width = CastDoubleToSizeT(args->rho);
kernel->x = kernel->y = 0;
kernel->height = 1;
kernel->negative_range = kernel->positive_range = 0.0;
@@ -1310,7 +1310,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
order_f = fact(kernel->width-1);
@@ -1547,7 +1547,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -1575,7 +1575,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = (size_t) (2*args->rho+1);
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
scale = args->sigma;
}
@@ -1583,8 +1583,8 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
/* NOTE: user defaults set in "AcquireKernelInfo()" */
if ( args->rho < 1.0 || args->sigma < 1.0 )
return(DestroyKernelInfo(kernel)); /* invalid args given */
- kernel->width = (size_t)args->rho;
- kernel->height = (size_t)args->sigma;
+ kernel->width = CastDoubleToSizeT(args->rho);
+ kernel->height = CastDoubleToSizeT(args->sigma);
if ( args->xi < 0.0 || args->xi > (double)kernel->width ||
args->psi < 0.0 || args->psi > (double)kernel->height )
return(DestroyKernelInfo(kernel)); /* invalid args given */
@@ -1611,7 +1611,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 5; /* default radius = 2 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -1638,7 +1638,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 0.4) /* default radius approx 4.3 */
kernel->width = kernel->height = 9L, limit = 18L;
else
- kernel->width = kernel->height = (size_t)fabs(args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(fabs(args->rho)*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -1661,7 +1661,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 5; /* default radius 2 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -1683,7 +1683,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 5; /* default radius 2 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -1713,13 +1713,13 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < args->sigma)
{
- kernel->width = ((size_t)args->sigma)*2+1;
+ kernel->width = CastDoubleToSizeT(args->sigma*2.0+1.0);
limit1 = (ssize_t)(args->rho*args->rho);
limit2 = (ssize_t)(args->sigma*args->sigma);
}
else
{
- kernel->width = ((size_t)args->rho)*2+1;
+ kernel->width = CastDoubleToSizeT(args->rho*2.0+1.0);
limit1 = (ssize_t)(args->sigma*args->sigma);
limit2 = (ssize_t)(args->rho*args->rho);
}
@@ -2100,7 +2100,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -2121,7 +2121,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -2142,7 +2142,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 2.0)
kernel->width = kernel->height = 5; /* default/minimum radius = 2 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
@@ -2168,7 +2168,7 @@ MagickExport KernelInfo *AcquireKernelBuiltIn(const KernelInfoType type,
if (args->rho < 1.0)
kernel->width = kernel->height = 3; /* default radius = 1 */
else
- kernel->width = kernel->height = ((size_t)args->rho)*2+1;
+ kernel->width = kernel->height = CastDoubleToSizeT(args->rho*2.0+1.0);
kernel->x = kernel->y = (ssize_t) (kernel->width-1)/2;
kernel->values=(MagickRealType *) MagickAssumeAligned(
diff --git a/MagickCore/resample.c b/MagickCore/resample.c
index 24111ace2..eaf9a4c1c 100644
--- a/MagickCore/resample.c
+++ b/MagickCore/resample.c
@@ -551,8 +551,8 @@ MagickExport MagickBooleanType ResamplePixelColor(
Determine the parallelogram bounding box fitted to the ellipse
centered at u0,v0. This area is bounding by the lines...
*/
- v1 = (ssize_t)ceil(v0 - resample_filter->Vlimit); /* range of scan lines */
- v2 = (ssize_t)floor(v0 + resample_filter->Vlimit);
+ v1 = CastDoubleToSsizeT(ceil(v0-resample_filter->Vlimit)); /* range of scan lines */
+ v2 = CastDoubleToSsizeT(floor(v0+resample_filter->Vlimit));
/* scan line start and width across the parallelogram */
u1 = u0 + (v1-v0)*resample_filter->slope - resample_filter->Uwidth;
diff --git a/MagickCore/resource.c b/MagickCore/resource.c
index 3c4784068..5cc977e17 100644
--- a/MagickCore/resource.c
+++ b/MagickCore/resource.c
@@ -811,6 +811,8 @@ MagickExport MagickSizeType GetMagickResourceLimit(const ResourceType type)
default: ;
}
resource=0;
+ if (type >= NumberOfResourceTypes)
+ return(resource);
if (resource_semaphore[type] == (SemaphoreInfo *) NULL)
ActivateSemaphoreInfo(&resource_semaphore[type]);
LockSemaphoreInfo(resource_semaphore[type]);
diff --git a/MagickCore/xml-tree.c b/MagickCore/xml-tree.c
index ba76e376d..a42626ff8 100644
--- a/MagickCore/xml-tree.c
+++ b/MagickCore/xml-tree.c
@@ -1276,7 +1276,7 @@ static char *ConvertUTF16ToUTF8(const char *content,size_t *length)
}
}
*length=(size_t) j;
- utf8=(char *) ResizeQuantumMemory(utf8,*length,sizeof(*utf8));
+ utf8=(char *) ResizeQuantumMemory(utf8,(*length+1),sizeof(*utf8));
if (utf8 != (char *) NULL)
utf8[*length]='\0';
return(utf8);