X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;ds=sidebyside;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmod_imagemagick%2Fmptr_imagemagick.cpp;h=2481d066768719a3e506980a56d4d7560dd8b810;hb=83224f8cf1f9b7b15918a130759717a5a375be91;hp=390f611c3112f53443e3c7b7d652696de19eff01;hpb=c3ad95144d148602f672e95ddda1f18fc35502f8;p=synfig.git

diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
index 390f611..2481d06 100644
--- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
+++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp
@@ -159,6 +159,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog
 	return true;
 
 #else
+	
+#error This code contains tempfile and arbitrary shell command execution vulnerabilities
+	
 	if(file)
 		pclose(file);
 
@@ -173,7 +176,7 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog
 
 	command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str());
 
-	file=popen(command.c_str(),"r");
+	file=popen(command.c_str(),POPEN_BINARY_READ_TYPE);
 
 	if(!file)
 	{