From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Thu, 22 Feb 2024 18:56:26 +1100
X-Dgit-Generated: 8.1.2+dfsg-0.3+deb11u2 b730debad37e7bd0121bce99d5316decdda0cdb3
Subject: Use strncpy to avoid buffer overflow

(cherry picked from commit 2a93aba5cfcf6e241ab4f9392c13e3b74032c061)

---

diff --git a/src/_imagingcms.c b/src/_imagingcms.c
index 491866f74..fb0aa97b1 100644
--- a/src/_imagingcms.c
+++ b/src/_imagingcms.c
@@ -207,8 +207,8 @@ cms_transform_new(cmsHTRANSFORM transform, char* mode_in, char* mode_out)
 
     self->transform = transform;
 
-    strcpy(self->mode_in, mode_in);
-    strcpy(self->mode_out, mode_out);
+    strncpy(self->mode_in, mode_in, 8);
+    strncpy(self->mode_out, mode_out, 8);
 
     return (PyObject*) self;
 }
@@ -260,10 +260,9 @@ findLCMStype(char* PILmode)
         // LabX equivalent like ALab, but not reversed -- no #define in lcms2
         return (COLORSPACE_SH(PT_LabV2)|CHANNELS_SH(3)|BYTES_SH(1)|EXTRA_SH(1));
     }
-
     else {
-        /* take a wild guess... but you probably should fail instead. */
-        return TYPE_GRAY_8; /* so there's no buffer overrun... */
+        /* take a wild guess... */
+        return TYPE_GRAY_8;
     }
 }