Minor security fix: the unused mod_ffmpeg importer used popen to run convert, change...

[synfig.git] / synfig-core / trunk / src / modules / mod_imagemagick / mptr_imagemagick.cpp

diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
index 390f611..2481d06 100644 (file)
--- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
+++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
@@ -159,6 +159,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog
        return true;
 
 #else
+       
+#error This code contains tempfile and arbitrary shell command execution vulnerabilities
+       
        if(file)
                pclose(file);
 
@@ -173,7 +176,7 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog
 
        command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str());
 
-       file=popen(command.c_str(),"r");
+       file=popen(command.c_str(),POPEN_BINARY_READ_TYPE);
 
        if(!file)
        {