X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmod_imagemagick%2Fmptr_imagemagick.cpp;h=c945ee538f9809483995ba999477f11e6a7760ca;hb=13e2aef98f3ce24c04c0362c4ec443efe8970a80;hp=4d8a08cb3fd7f26549bfbef2f26d5297121891b2;hpb=aaa0275b0e9c8a981a01dad6d841c40e7d8d77c2;p=synfig.git diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp index 4d8a08c..c945ee5 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp @@ -34,6 +34,20 @@ #include #include "mptr_imagemagick.h" #include +#include +#if HAVE_SYS_WAIT_H + #include +#endif +#if HAVE_IO_H + #include +#endif +#if HAVE_PROCESS_H + #include +#endif +#if HAVE_FCNTL_H + #include +#endif +#include #include #include #include @@ -47,6 +61,12 @@ using namespace synfig; using namespace std; using namespace etl; +#if defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID) + #define UNIX_PIPE_TO_PROCESSES +#elif defined(HAVE__SPAWNLP) && defined(HAVE__PIPE) && defined(HAVE_CWAIT) + #define WIN32_PIPE_TO_PROCESSES +#endif + /* === G L O B A L S ======================================================= */ SYNFIG_IMPORTER_INIT(imagemagick_mptr); @@ -77,11 +97,6 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog //#define HAS_LIBPNG 1 #if 1 - if(file) - pclose(file); - - string command; - if(filename.empty()) { if(cb)cb->error(_("No file to load")); @@ -89,17 +104,42 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog return false; } string temp_file="/tmp/deleteme.png"; + string output="png32:"+temp_file; + +#if defined(WIN32_PIPE_TO_PROCESSES) if(filename.find("psd")!=String::npos) - command=strprintf("convert \"%s\" -flatten \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); + _spawnlp(_P_WAIT, "convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL); else - command=strprintf("convert \"%s\" \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); + _spawnlp(_P_WAIT, "convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL); + +#elif defined(UNIX_PIPE_TO_PROCESSES) - synfig::info("command=%s",command.c_str()); + pid_t pid = fork(); + + if (pid == -1) { + return false; + } + + if (pid == 0){ + // Child process + if(filename.find("psd")!=String::npos) + execlp("convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL); + else + execlp("convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL); + // We should never reach here unless the exec failed + return false; + } - if(system(command.c_str())!=0) + int status; + waitpid(pid, &status, 0); + if( (WIFEXITED(status) && WEXITSTATUS(status) != 0) || !WIFEXITED(status) ) return false; +#else + #error There are no known APIs for creating child processes +#endif + Importer::Handle importer(Importer::open(temp_file)); DEBUGPOINT(); @@ -159,6 +199,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog return true; #else + +#error This code contains tempfile and arbitrary shell command execution vulnerabilities + if(file) pclose(file); @@ -173,7 +216,7 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str()); - file=popen(command.c_str(),"rb"); + file=popen(command.c_str(),POPEN_BINARY_READ_TYPE); if(!file) {