X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmptr_mplayer%2Fmptr_mplayer.cpp;h=9e3d547f54ab2b34e73741e3bb8cfbc8fad76bbf;hb=9459638ad6797b8139f1e9f0715c96076dbf0890;hp=e143a85f4e2228962e57a8dd75f598cd44b6dd00;hpb=21bfc670b83d4c45da9ed1b95063b7e6a007168c;p=synfig.git diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp index e143a85..9e3d547 100644 --- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp +++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp @@ -1,8 +1,10 @@ -/*! ======================================================================== -** Synfig -** ppm Target Module -** $Id: mptr_mplayer.cpp,v 1.1.1.1 2005/01/04 01:23:14 darco Exp $ +/* === S Y N F I G ========================================================= */ +/*! \file mptr_mplayer.cpp +** \brief ppm Target Module ** +** $Id$ +** +** \legal ** Copyright (c) 2002-2005 Robert B. Quattlebaum Jr., Adrian Bentley ** ** This package is free software; you can redistribute it and/or @@ -14,6 +16,7 @@ ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ** General Public License for more details. +** \endlegal ** ** === N O T E S =========================================================== ** @@ -69,6 +72,9 @@ mplayer_mptr::~mplayer_mptr() bool mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *) { + +#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues + int ret; ret=system( strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size", @@ -95,12 +101,12 @@ mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCall cerr<<"unable to open /tmp/tmp.synfig.size"<