Commit ff2f155f2 for imagemagick.org
commit ff2f155f2874737380a80195c5849a2f06cb6ff7
Author: Cristy <urban-warrior@imagemagick.org>
Date: Wed May 13 16:45:31 2026 -0400
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
diff --git a/coders/jp2.c b/coders/jp2.c
index 3703d10ff..72160cb74 100644
--- a/coders/jp2.c
+++ b/coders/jp2.c
@@ -1038,14 +1038,17 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image,
const char
*p;
+ size_t
+ extent = sizeof(parameters->tcp_distoratio)/
+ sizeof(*parameters->tcp_distoratio);
+
/*
Set quality PSNR.
*/
p=option;
- for (i=0; MagickSscanf(p,"%f",¶meters->tcp_distoratio[i]) == 1; i++)
+ for (i=0; (i < (ssize_t) (extent-1)) &&
+ (MagickSscanf(p,"%f",¶meters->tcp_distoratio[i]) == 1); i++)
{
- if (i > 100)
- break;
while ((*p != '\0') && (*p != ','))
p++;
if (*p == '\0')
@@ -1076,14 +1079,16 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image,
const char
*p;
+ size_t
+ extent = sizeof(parameters->tcp_rates)/sizeof(*parameters->tcp_rates);
+
/*
Set compression rate.
*/
p=option;
- for (i=0; MagickSscanf(p,"%f",¶meters->tcp_rates[i]) == 1; i++)
+ for (i=0; (i < (ssize_t) (extent-1)) &&
+ (MagickSscanf(p,"%f",¶meters->tcp_rates[i]) == 1); i++)
{
- if (i >= 100)
- break;
while ((*p != '\0') && (*p != ','))
p++;
if (*p == '\0')