Minor security fix: the unused mod_ffmpeg importer used popen to run convert, change...

[synfig.git] / synfig-core / trunk / src / modules / mod_imagemagick / mptr_imagemagick.cpp

diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
index bd577ac..2481d06 100644 (file)
--- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
+++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
@@ -72,7 +72,7 @@ imagemagick_mptr::~imagemagick_mptr()
 }
 
 bool
-imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::ProgressCallback *cb)
+imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::ProgressCallback *cb)
 {
 //#define HAS_LIBPNG 1
 
@@ -159,6 +159,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::Progress
        return true;
 
 #else
+       
+#error This code contains tempfile and arbitrary shell command execution vulnerabilities
+       
        if(file)
                pclose(file);
 
@@ -173,7 +176,7 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::Progress
 
        command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str());
 
-       file=popen(command.c_str(),"r");
+       file=popen(command.c_str(),POPEN_BINARY_READ_TYPE);
 
        if(!file)
        {