File ImageMagick-CVE-2025-53101.patch of Package ImageMagick.39703

From 66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 27 Jun 2025 20:02:12 -0400
Subject: [PATCH] 
 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9

---
 MagickCore/image.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

Index: ImageMagick-7.1.0-9/MagickCore/image.c
===================================================================
--- ImageMagick-7.1.0-9.orig/MagickCore/image.c
+++ ImageMagick-7.1.0-9/MagickCore/image.c
@@ -1659,7 +1659,6 @@ MagickExport size_t InterpretImageFilena
     canonical;
 
   ssize_t
-    field_width,
     offset;
 
   canonical=MagickFalse;
@@ -1675,21 +1674,23 @@ MagickExport size_t InterpretImageFilena
         p=q+1;
         continue;
       }
-    field_width=0;
-    if (*q == '0')
-      field_width=(ssize_t) strtol(q,&q,10);
     switch (*q)
     {
       case 'd':
       case 'o':
       case 'x':
       {
+        ssize_t
+          count;
+
         q++;
         c=(*q);
         *q='\0';
-        (void) FormatLocaleString(filename+(p-format-offset),(size_t)
+        count=FormatLocaleString(filename+(p-format-offset),(size_t)
           (MagickPathExtent-(p-format-offset)),p,value);
-        offset+=(4-field_width);
+        if ((count <= 0) || (count > (MagickPathExtent-(p-format-offset))))
+          return(0);
+        offset+=(ssize_t) ((q-p)-count);
         *q=c;
         (void) ConcatenateMagickString(filename,q,MagickPathExtent);
         canonical=MagickTrue;
openSUSE Build Service is sponsored by