Bug#345876: a more complete fix

2006-01-04 Thread Matthias Clasen 
The same code is repeated in blob.c. Here is a more complete fix.

--- ImageMagick-6.2.5/magick/image.c.format-string-again	2005-10-22 12:17:39.0 -0400
+++ ImageMagick-6.2.5/magick/image.c	2006-01-04 11:37:30.0 -0500
@@ -2861,8 +2861,16 @@
 char
   format[MaxTextExtent];
 
+	/* Extract first numeric format specifier */
 (void) CopyMagickString(format,p,MaxTextExtent);
+	if (q-p+1  MaxTextExtent)
+		format[q-p+1]='\0';
+	/* Expand format */
 (void) FormatMagickString(p,MaxTextExtent,format,image_info-scene);
+	/* Copy rest of string verbatim without further expansion */
+	(void) ConcatenateMagickString(filename,
+	   image_info-filename+(q-filename)+1,
+	   MaxTextExtent);
 break;
   }
   }
--- ImageMagick-6.2.5/magick/blob.c.format-string-again	2006-01-04 11:36:02.0 -0500
+++ ImageMagick-6.2.5/magick/blob.c	2006-01-04 11:37:32.0 -0500
@@ -2135,8 +2135,17 @@
 char
   format[MaxTextExtent];
 
+	/* Extract first numeric format specifier */
 (void) CopyMagickString(format,p,MaxTextExtent);
+	if (q-p+1  MaxTextExtent)
+		format[q-p+1]='\0';
+	/* Expand format */
 (void) FormatMagickString(p,MaxTextExtent,format,image-scene);
+	/* Copy rest of string verbatim without further expansion */
+	(void) ConcatenateMagickString(filename,
+	   image_info-filename+(q-filename)+1,
+	   MaxTextExtent);
+
 break;
   }
   }

Bug#345876: a more complete fix

2006-01-04 Thread Daniel Kobras 
On Wed, Jan 04, 2006 at 12:04:46PM -0500, Matthias Clasen wrote:
 The same code is repeated in blob.c. Here is a more complete fix.

Thanks a lot! Still not complete, though. I just noticed that animate.c
(or command.c in graphicsmagick) is affected in a similar way. There
might be even more of those lurking...

Regards,

Daniel.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]