--- ImageMagick-6.2.5/magick/image.c.format-string-again 2005-10-22 12:17:39.000000000 -0400 +++ ImageMagick-6.2.5/magick/image.c 2006-01-23 09:15:40.000000000 -0500 @@ -2847,25 +2847,8 @@ /* Rectify multi-image file support. */ - (void) CopyMagickString(filename,image_info->filename,MaxTextExtent); - for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%')) - { - char - *q; - - q=(char *) p+1; - if (*q == '0') - (void) strtol(q,&q,10); - if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x')) - { - char - format[MaxTextExtent]; - - (void) CopyMagickString(format,p,MaxTextExtent); - (void) FormatMagickString(p,MaxTextExtent,format,image_info->scene); - break; - } - } + (void) FormatMagickStringNumeric(filename,MaxTextExtent, + image_info->filename,image_info->scene); if ((LocaleCompare(filename,image_info->filename) != 0) && (strchr(filename,'%') == (char *) NULL)) image_info->adjoin=MagickFalse; --- ImageMagick-6.2.5/magick/blob.c.format-string-again 2005-09-28 15:00:17.000000000 -0400 +++ ImageMagick-6.2.5/magick/blob.c 2006-01-23 09:15:40.000000000 -0500 @@ -2121,25 +2121,8 @@ /* Form filename for multi-part images. */ - (void) CopyMagickString(filename,image->filename,MaxTextExtent); - for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%')) - { - char - *q; - - q=p+1; - if (*q == '0') - (void) strtol(q,&q,10); - if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x')) - { - char - format[MaxTextExtent]; - - (void) CopyMagickString(format,p,MaxTextExtent); - (void) FormatMagickString(p,MaxTextExtent,format,image->scene); - break; - } - } + (void) FormatMagickStringNumeric(filename,MaxTextExtent,image->filename, + image->scene); if (image_info->adjoin == MagickFalse) if ((image->previous != (Image *) NULL) || (GetNextImageInList(image) != (Image *) NULL)) --- ImageMagick-6.2.5/magick/montage.c.format-string-again 2005-10-22 12:17:39.000000000 -0400 +++ ImageMagick-6.2.5/magick/montage.c 2006-01-23 09:15:40.000000000 -0500 @@ -531,7 +531,7 @@ /* Form filename for multi-part images. */ - (void) FormatMagickString(filename,MaxTextExtent, + (void) FormatMagickStringNumeric(filename,MaxTextExtent, image_info->filename,scene); if (LocaleCompare(filename,image_info->filename) == 0) (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu", --- ImageMagick-6.2.5/magick/animate.c.format-string-again 2005-10-23 22:15:16.000000000 -0400 +++ ImageMagick-6.2.5/magick/animate.c 2006-01-23 09:15:40.000000000 -0500 @@ -606,7 +606,7 @@ /* Form filename for multi-part images. */ - (void) FormatMagickString(filename,MaxTextExtent, + (void) FormatMagickStringNumeric(filename,MaxTextExtent, image_info->filename,scene); if (LocaleCompare(filename,image_info->filename) == 0) (void) FormatMagickString(filename,MaxTextExtent,"%s[%lu]", --- ImageMagick-6.2.5/magick/string_.h.format-string-again 2005-10-12 21:59:20.000000000 -0400 +++ ImageMagick-6.2.5/magick/string_.h 2006-01-23 09:20:47.000000000 -0500 @@ -62,6 +62,7 @@ FormatMagickStringList(char *,const size_t,const char *,va_list) magick_attribute((format (printf,3,0))), FormatMagickTime(const time_t,const size_t,char *), + FormatMagickStringNumeric(char *,const size_t,const char *,int), LocaleCompare(const char *,const char *), LocaleNCompare(const char *,const char *,const size_t); --- ImageMagick-6.2.5/magick/string.c.format-string-again 2005-10-13 21:03:09.000000000 -0400 +++ ImageMagick-6.2.5/magick/string.c 2006-01-23 09:15:40.000000000 -0500 @@ -960,6 +960,75 @@ % % % % % % +% F o r m a t M a g i c k S t r i n g N u m e r i c % +% % +% % +% % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +% Method FormatMagickStringNumeric formats output for a single numeric +% argument. It takes into account that the format string given might be +% untrusted user input, and returns the length of the formatted string. +% +% The format of the FormatMagickStringNumeric method is: +% +% long FormatMagickStringNumeric(char *string,const size_t length, +% const char *format,int value) +% +% A description of each parameter follows. +% +% o string: FormatMagickStringNumeric() returns the formatted string in this +% character buffer. +% +% o length: The maximum length of the string. +% +% o format: A string describing the format to use to write the numeric +% argument. Only the first numeric format identifier is replaced. +% +% o value: Numeric value to substitute into format string. +% +% +*/ +MagickExport long FormatMagickStringNumeric(char *string,const size_t length,const char *format,int value) +{ + char + *p; + + (void) CopyMagickString(string, format, length); + + for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%')) + { + char + *q; + + q=(char *) p+1; + if (*q == '0') + (void) strtol(q,&q,10); + if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x')) + { + char + c; + + q++; + c=*q; + *q='\0'; + (void) snprintf(string+(p-format),length-(p-format),p,value); + *q=c; + (void) ConcatenateMagickString(string,q,length); + if (*(q-1) == '%') + p++; + else + break; + } + } + return (long)strlen(string); +} + +/* +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% % +% % % F o r m a t M a g i c k S t r i n g % % % % % --- ImageMagick-6.2.5/magick/display.c.format-string-again 2005-10-24 20:23:14.000000000 -0400 +++ ImageMagick-6.2.5/magick/display.c 2006-01-23 09:15:40.000000000 -0500 @@ -1989,7 +1989,7 @@ /* Form filename for multi-part images. */ - (void) FormatMagickString(filename,MaxTextExtent, + (void) FormatMagickStringNumeric(filename,MaxTextExtent, image_info->filename,scene); if (LocaleCompare(filename,image_info->filename) == 0) (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu",