Dev news

Commit f86452a8a for imagemagick.org

commit f86452a8aea37bf2b4bd36127f836dcc5f138b38
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Wed Apr 8 22:08:36 2026 -0400

    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh

diff --git a/coders/json.c b/coders/json.c
index b6bf9f424..1621b2a1c 100644
--- a/coders/json.c
+++ b/coders/json.c
@@ -1541,15 +1541,16 @@ static MagickBooleanType EncodeImageAttributes(Image *image,FILE *file,
       image_info=AcquireImageInfo();
       (void) CloneString(&image_info->size,"64x64");
       (void) FormatLocaleFile(file,"    \"montageDirectory\": [");
-      p=image->directory;
-      while (*p != '\0')
+      for (p=image->directory; *p != '\0'; p++)
       {
         q=p;
-        while ((*q != '\xff') && (*q != '\0'))
+        while ((*q != '\xff') && (*q != '\0') &&
+               ((size_t) (q-p) < sizeof(image_info->filename)))
           q++;
         (void) CopyMagickString(image_info->filename,p,(size_t) (q-p+1));
-        p=q+1;
-        JSONFormatLocaleFile(file,"{\n       \"name\": %s",image_info->filename);
+        p=q;
+        JSONFormatLocaleFile(file,"{\n       \"name\": %s",
+          image_info->filename);
         handler=SetWarningHandler((WarningHandler) NULL);
         tile=ReadImage(image_info,exception);
         (void) SetWarningHandler(handler);
@@ -1559,7 +1560,8 @@ static MagickBooleanType EncodeImageAttributes(Image *image,FILE *file,
             continue;
           }
         (void) FormatLocaleFile(file,",\n       \"info\": \"%.20gx%.20g %s\"",
-          (double) tile->magick_columns,(double) tile->magick_rows,tile->magick);
+          (double) tile->magick_columns,(double) tile->magick_rows,
+          tile->magick);
         (void) SignatureImage(tile,exception);
         ResetImagePropertyIterator(tile);
         property=GetNextImageProperty(tile);
diff --git a/coders/yaml.c b/coders/yaml.c
index 99e9c72f8..3ef50a717 100644
--- a/coders/yaml.c
+++ b/coders/yaml.c
@@ -1510,14 +1510,14 @@ static MagickBooleanType EncodeImageAttributes(Image *image,FILE *file,
       image_info=AcquireImageInfo();
       (void) CloneString(&image_info->size,"64x64");
       (void) FormatLocaleFile(file,"    montageDirectory: ");
-      p=image->directory;
-      while (*p != '\0')
+      for (p=image->directory; *p != '\0'; p++)
       {
         q=p;
-        while ((*q != '\xff') && (*q != '\0'))
+        while ((*q != '\xff') && (*q != '\0') &&
+               ((size_t) (q-p) < sizeof(image_info->filename)))
           q++;
         (void) CopyMagickString(image_info->filename,p,(size_t) (q-p+1));
-        p=q+1;
+        p=q;
         YAMLFormatLocaleFile(file,"\n       - name: %s",
           image_info->filename);
         handler=SetWarningHandler((WarningHandler) NULL);