Dev news

Commit 6f431d445 for imagemagick.org

commit 6f431d445f3ddd609c004a1dde617b0a73e60beb
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sun Dec 21 12:43:08 2025 -0500

    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637

diff --git a/coders/msl.c b/coders/msl.c
index 2424e9883..8ede13b81 100644
--- a/coders/msl.c
+++ b/coders/msl.c
@@ -120,6 +120,7 @@ typedef struct _MSLInfo
     *exception;

   ssize_t
+    depth,
     n,
     number_groups;

@@ -328,6 +329,10 @@ static void MSLStartElement(void *context,const xmlChar *tag,
   RectangleInfo
     geometry;

+  size_t
+    height,
+    width;
+
   ssize_t
     i,
     j,
@@ -336,11 +341,6 @@ static void MSLStartElement(void *context,const xmlChar *tag,
     x,
     y;

-
-  size_t
-    height,
-    width;
-
   xmlParserCtxtPtr
     parser;

@@ -352,6 +352,13 @@ static void MSLStartElement(void *context,const xmlChar *tag,
   exception=AcquireExceptionInfo();
   parser=(xmlParserCtxtPtr) context;
   msl_info=(MSLInfo *) parser->_private;
+  if (msl_info->depth++ >= MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(msl_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",tag);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   n=msl_info->n;
   keyword=(const char *) NULL;
   value=(char *) NULL;
@@ -7057,15 +7064,15 @@ static void MSLStartElement(void *context,const xmlChar *tag,

 static void MSLEndElement(void *context,const xmlChar *tag)
 {
-  ssize_t
-    n;
-
   MSLInfo
     *msl_info;

   xmlParserCtxtPtr
     parser;

+  ssize_t
+    n;
+
   /*
     Called when the end of an element has been detected.
   */
@@ -7158,6 +7165,7 @@ static void MSLEndElement(void *context,const xmlChar *tag)
   }
   if (msl_info->content != (char *) NULL)
     msl_info->content=DestroyString(msl_info->content);
+  msl_info->depth--;
 }

 static void MSLCharacters(void *context,const xmlChar *c,int length)
diff --git a/coders/svg.c b/coders/svg.c
index ed662770d..5d042cce8 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -1250,7 +1250,13 @@ static void SVGStartElement(void *context,const xmlChar *name,
     name);
   parser=(xmlParserCtxtPtr) context;
   svg_info=(SVGInfo *) parser->_private;
-  svg_info->n++;
+  if (svg_info->n++ > MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(svg_info->exception,GetMagickModule(),
+        DrawError,"VectorGraphicsNestedTooDeeply","`%s'",name);
+      xmlStopParser((xmlParserCtxtPtr) context);
+      return;
+    }
   svg_info->scale=(double *) ResizeQuantumMemory(svg_info->scale,(size_t)
     svg_info->n+1,sizeof(*svg_info->scale));
   if (svg_info->scale == (double *) NULL)