X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmptr_mplayer%2Fmptr_mplayer.cpp;h=9e3d547f54ab2b34e73741e3bb8cfbc8fad76bbf;hb=4721e3656b5d0e3635e71f1f3f7bb9c625d59cab;hp=f6a621aa21fa86199073780d36eb5e3977490e99;hpb=cc54c38609ee9745ad678e5e9b9d7d2912be9c95;p=synfig.git

diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
index f6a621a..9e3d547 100644
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -72,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",