From: pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
Date: Thu, 6 Dec 2007 01:52:35 +0000 (+0000)
Subject: The mptr_mplayer module isn't built by default, but prevent it from being compiled... 
X-Git-Url: https://git.pterodactylus.net/?a=commitdiff_plain;h=c39ef5a79efb779da2c9a4c6ddf713b91f4a1ec7;p=synfig.git

The mptr_mplayer module isn't built by default, but prevent it from being compiled due to security issues.

git-svn-id: http://svn.voria.com/code@1178 1f10aa63-cdf2-0310-b900-c93c546f37ac
---

diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
index f6a621a..9e3d547 100644
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -72,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",