uploadcare · vrunoa · Aug 8, 2025 · Aug 8, 2025 · coderabbitai · Aug 8, 2025
diff --git a/Tests/test_imagecms.py b/Tests/test_imagecms.py
@@ -626,6 +626,9 @@ def test_constants_deprecation():
             with pytest.warns(DeprecationWarning):
                 assert getattr(ImageCms, prefix + name) == enum[name]
 
+def test_long_modes() -> None:
+    p = ImageCms.getOpenProfile("Tests/icc/sGrey-v2-nano.icc")
+    ImageCms.buildTransform(p, p, "ABCDEFGHI", "ABCDEFGHI")
 
 @pytest.mark.parametrize("mode", ("RGB", "RGBA", "RGBX"))
 def test_rgb_lab(mode):

diff --git a/src/_imagingcms.c b/src/_imagingcms.c
@@ -201,8 +201,8 @@ cms_transform_new(cmsHTRANSFORM transform, char *mode_in, char *mode_out) {
 
     self->transform = transform;
 
-    strcpy(self->mode_in, mode_in);
-    strcpy(self->mode_out, mode_out);
+    strncpy(self->mode_in, mode_in, 8);
+    strncpy(self->mode_out, mode_out, 8);
-    strncpy(self->mode_in, mode_in, 8);
-    strncpy(self->mode_out, mode_out, 8);
+    /* ensure mode_in/mode_out are always NUL-terminated */
+    strncpy(self->mode_in, mode_in, sizeof(self->mode_in) - 1);
+    self->mode_in[sizeof(self->mode_in) - 1] = '\0';
+    strncpy(self->mode_out, mode_out, sizeof(self->mode_out) - 1);
+    self->mode_out[sizeof(self->mode_out) - 1] = '\0';
-    strncpy(self->mode_in, mode_in, 8);
-    strncpy(self->mode_out, mode_out, 8);
+    /* ensure mode_in/mode_out are always NUL-terminated */
+    strncpy(self->mode_in, mode_in, sizeof(self->mode_in) - 1);
+    self->mode_in[sizeof(self->mode_in) - 1] = '\0';
+    strncpy(self->mode_out, mode_out, sizeof(self->mode_out) - 1);
+    self->mode_out[sizeof(self->mode_out) - 1] = '\0';
 
     return (PyObject *)self;
 }