From d31c80d15a2c82fc1dd8e889e0f97b0219079a57 Mon Sep 17 00:00:00 2001 From: Dirk Lemstra Date: Wed, 17 May 2023 23:33:30 +0200 Subject: [PATCH] Make sure options are properly quoted to resolve the issue reported in #6338. Link: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 --- MagickCore/delegate-private.h | 19 +++++++++++++++++++ coders/pdf.c | 14 +++----------- coders/video.c | 24 ++++++++---------------- 3 files changed, 30 insertions(+), 27 deletions(-) diff --git a/MagickCore/delegate-private.h b/MagickCore/delegate-private.h index 2851316dd6..2d9a8d42ac 100644 --- a/MagickCore/delegate-private.h +++ b/MagickCore/delegate-private.h @@ -18,6 +18,7 @@ #ifndef MAGICKCORE_DELEGATE_PRIVATE_H #define MAGICKCORE_DELEGATE_PRIVATE_H +#include "MagickCore/locale_.h" #include "MagickCore/string_.h" #if defined(MAGICKCORE_GS_DELEGATE) @@ -110,6 +111,24 @@ static inline char *SanitizeDelegateString(const char *source) return(sanitize_source); } +static inline void FormatSanitizedDelegateOption(char *string, + const size_t length,const char *windows_format, + const char *non_windows_format,const char *option) +{ + char + *sanitized_option; + + sanitized_option=SanitizeDelegateString(option); +#if defined(MAGICKCORE_WINDOWS_SUPPORT) + magick_unreferenced(non_windows_format); + (void) FormatLocaleString(string,length,windows_format,sanitized_option); +#else + magick_unreferenced(windows_format); + (void) FormatLocaleString(string,length,non_windows_format,sanitized_option); +#endif + sanitized_option=DestroyString(sanitized_option); +} + extern MagickPrivate MagickBooleanType DelegateComponentGenesis(void); diff --git a/coders/pdf.c b/coders/pdf.c index 926661e023..2cf36bf1e9 100644 --- a/coders/pdf.c +++ b/coders/pdf.c @@ -625,18 +625,10 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception) if (option != (char *) NULL) { char - passphrase[MagickPathExtent], - *sanitize_passphrase; + passphrase[MagickPathExtent]; - sanitize_passphrase=SanitizeDelegateString(option); -#if defined(MAGICKCORE_WINDOWS_SUPPORT) - (void) FormatLocaleString(passphrase,MagickPathExtent, - "\"-sPDFPassword=%s\" ",sanitize_passphrase); -#else - (void) FormatLocaleString(passphrase,MagickPathExtent, - "-sPDFPassword='%s' ",sanitize_passphrase); -#endif - sanitize_passphrase=DestroyString(sanitize_passphrase); + FormatSanitizedDelegateOption(passphrase,MagickPathExtent, + "\"-sPDFPassword=%s\" ","-sPDFPassword='%s' ",option); (void) ConcatenateMagickString(options,passphrase,MagickPathExtent); } read_info=CloneImageInfo(image_info); diff --git a/coders/video.c b/coders/video.c index e7cfcc0d72..ab546448b2 100644 --- a/coders/video.c +++ b/coders/video.c @@ -217,8 +217,7 @@ static Image *ReadVIDEOImage(const ImageInfo *image_info, message[MagickPathExtent]; char - *options, - *sanitized_option; + *options; const char *intermediate_format, @@ -234,19 +233,15 @@ static Image *ReadVIDEOImage(const ImageInfo *image_info, option=GetImageOption(image_info,"video:vsync"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -vsync %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -vsync \"%s\""," -vsync '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } option=GetImageOption(image_info,"video:pixel-format"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -pix_fmt \"%s\""," -pix_fmt '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } else @@ -685,8 +680,7 @@ static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info, message[MagickPathExtent]; char - *options, - *sanitized_option; + *options; const char *option; @@ -700,10 +694,8 @@ static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info, option=GetImageOption(image_info,"video:pixel-format"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -pix_fmt \"%s\""," -pix_fmt '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } AcquireUniqueFilename(write_info->unique);