X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmod_imagemagick%2Fmptr_imagemagick.cpp;h=4d7ca2063f8ad7c795520f7060e79279afdacd03;hb=9bb17dbd43d0988caab3a1fa420aa52a32e4fdc5;hp=8e35ac9d2faa0e9999a7f568a2f3dc5e460a01dd;hpb=5ddcf36f04cfbd10fabda4e3c5633cb27cdd4c0a;p=synfig.git diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp index 8e35ac9..4d7ca20 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp @@ -1,8 +1,10 @@ -/*! ======================================================================== -** Synfig -** ppm Target Module -** $Id: mptr_imagemagick.cpp,v 1.1.1.1 2005/01/04 01:23:11 darco Exp $ +/* === S Y N F I G ========================================================= */ +/*! \file mptr_imagemagick.cpp +** \brief ppm Target Module ** +** $Id$ +** +** \legal ** Copyright (c) 2002-2005 Robert B. Quattlebaum Jr., Adrian Bentley ** ** This package is free software; you can redistribute it and/or @@ -14,6 +16,7 @@ ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ** General Public License for more details. +** \endlegal ** ** === N O T E S =========================================================== ** @@ -31,6 +34,9 @@ #include #include "mptr_imagemagick.h" #include +#include +#include +#include #include #include #include @@ -50,7 +56,7 @@ SYNFIG_IMPORTER_INIT(imagemagick_mptr); SYNFIG_IMPORTER_SET_NAME(imagemagick_mptr,"imagemagick"); SYNFIG_IMPORTER_SET_EXT(imagemagick_mptr,"miff"); SYNFIG_IMPORTER_SET_VERSION(imagemagick_mptr,"0.1"); -SYNFIG_IMPORTER_SET_CVS_ID(imagemagick_mptr,"$Id: mptr_imagemagick.cpp,v 1.1.1.1 2005/01/04 01:23:11 darco Exp $"); +SYNFIG_IMPORTER_SET_CVS_ID(imagemagick_mptr,"$Id$"); /* === M E T H O D S ======================================================= */ @@ -69,16 +75,11 @@ imagemagick_mptr::~imagemagick_mptr() } bool -imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::ProgressCallback *cb) +imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::ProgressCallback *cb) { //#define HAS_LIBPNG 1 #if 1 - if(file) - pclose(file); - - string command; - if(filename.empty()) { if(cb)cb->error(_("No file to load")); @@ -86,15 +87,27 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::Progress return false; } string temp_file="/tmp/deleteme.png"; + string output="png32:"+temp_file; - if(filename.find("psd")!=String::npos) - command=strprintf("convert \"%s\" -flatten \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); - else - command=strprintf("convert \"%s\" \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); - - synfig::info("command=%s",command.c_str()); + pid_t pid = fork(); + + if (pid == -1) { + return false; + } + + if (pid == 0){ + // Child process + if(filename.find("psd")!=String::npos) + execlp("convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL); + else + execlp("convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL); + // We should never reach here unless the exec failed + return false; + } - if(system(command.c_str())!=0) + int status; + waitpid(pid, &status, 0); + if( (WIFEXITED(status) && WEXITSTATUS(status) != 0) || !WIFEXITED(status) ) return false; Importer::Handle importer(Importer::open(temp_file)); @@ -156,6 +169,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::Progress return true; #else + +#error This code contains tempfile and arbitrary shell command execution vulnerabilities + if(file) pclose(file); @@ -170,7 +186,7 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time time, synfig::Progress command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str()); - file=popen(command.c_str(),"r"); + file=popen(command.c_str(),POPEN_BINARY_READ_TYPE); if(!file) {