X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmptr_mplayer%2Fmptr_mplayer.cpp;h=9e3d547f54ab2b34e73741e3bb8cfbc8fad76bbf;hb=63e709f66d50c124cc0ece2325f4773ac4ae7b20;hp=4f796a435c757cb50e1c6263519006df32130ab3;hpb=28f28705612902c15cd0702cc891fba35bf2d2df;p=synfig.git

diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
index 4f796a4..9e3d547 100644
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -1,18 +1,22 @@
-/*! ========================================================================
-** Synfig
-** ppm Target Module
-** $Id: mptr_mplayer.cpp,v 1.1.1.1 2005/01/04 01:23:14 darco Exp $
+/* === S Y N F I G ========================================================= */
+/*!	\file mptr_mplayer.cpp
+**	\brief ppm Target Module
 **
-** Copyright (c) 2002 Robert B. Quattlebaum Jr.
+**	$Id$
 **
-** This software and associated documentation
-** are CONFIDENTIAL and PROPRIETARY property of
-** the above-mentioned copyright holder.
+**	\legal
+**	Copyright (c) 2002-2005 Robert B. Quattlebaum Jr., Adrian Bentley
 **
-** You may not copy, print, publish, or in any
-** other way distribute this software without
-** a prior written agreement with
-** the copyright holder.
+**	This package is free software; you can redistribute it and/or
+**	modify it under the terms of the GNU General Public License as
+**	published by the Free Software Foundation; either version 2 of
+**	the License, or (at your option) any later version.
+**
+**	This package is distributed in the hope that it will be useful,
+**	but WITHOUT ANY WARRANTY; without even the implied warranty of
+**	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+**	General Public License for more details.
+**	\endlegal
 **
 ** === N O T E S ===========================================================
 **
@@ -68,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",
@@ -94,12 +101,12 @@ mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCall
 		cerr<<"unable to open /tmp/tmp.synfig.size"<<endl;
 		return false;
 	}
-	
+
 	int w=4,h=4,x,y;
 	char bleh[500];
-	
+
 	fscanf(sizefile,"%s %s %dx%d",bleh,bleh,&w,&h);
-	
+
 	cerr<<strprintf("w:%d, h:%d, time:%f",w,h,time)<<endl;
 	fseek(rgbfile,2047+3*8,SEEK_CUR);
 	surface.set_wh(w,h);
@@ -110,7 +117,7 @@ mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCall
 				b=(unsigned char)fgetc(rgbfile),
 				g=(unsigned char)fgetc(rgbfile),
 				r=(unsigned char)fgetc(rgbfile);
-				
+
 			surface[h-y-1][x]=Color(
 				(float)r/255.0,
 				(float)g/255.0,
@@ -118,9 +125,9 @@ mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCall
 				1.0
 			);
 		}
-	
+
 	fclose(rgbfile);
 	fclose(sizefile);
-	
+
 	return true;
 }