#include <ETL/stringf>
#include "mptr_imagemagick.h"
#include <stdio.h>
+#include <sys/types.h>
+#if HAVE_SYS_WAIT_H
+ #include <sys/wait.h>
+#endif
+#if HAVE_IO_H
+ #include <io.h>
+#endif
+#if HAVE_PROCESS_H
+ #include <process.h>
+#endif
+#if HAVE_FCNTL_H
+ #include <fcntl.h>
+#endif
+#include <unistd.h>
#include <algorithm>
#include <functional>
#include <ETL/stringf>
using namespace std;
using namespace etl;
+#if defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID)
+ #define UNIX_PIPE_TO_PROCESSES
+#elif defined(HAVE__SPAWNLP) && defined(HAVE__PIPE) && defined(HAVE_CWAIT)
+ #define WIN32_PIPE_TO_PROCESSES
+#endif
+
/* === G L O B A L S ======================================================= */
SYNFIG_IMPORTER_INIT(imagemagick_mptr);
//#define HAS_LIBPNG 1
#if 1
- if(file)
- pclose(file);
-
- string command;
-
if(filename.empty())
{
if(cb)cb->error(_("No file to load"));
return false;
}
string temp_file="/tmp/deleteme.png";
+ string output="png32:"+temp_file;
+
+#if defined(WIN32_PIPE_TO_PROCESSES)
if(filename.find("psd")!=String::npos)
- command=strprintf("convert \"%s\" -flatten \"png32:%s\"\n",filename.c_str(),temp_file.c_str());
+ _spawnlp(_P_WAIT, "convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL);
else
- command=strprintf("convert \"%s\" \"png32:%s\"\n",filename.c_str(),temp_file.c_str());
+ _spawnlp(_P_WAIT, "convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL);
- synfig::info("command=%s",command.c_str());
+#elif defined(UNIX_PIPE_TO_PROCESSES)
- if(system(command.c_str())!=0)
+ pid_t pid = fork();
+
+ if (pid == -1) {
return false;
+ }
+
+ if (pid == 0){
+ // Child process
+ if(filename.find("psd")!=String::npos)
+ execlp("convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL);
+ else
+ execlp("convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL);
+ // We should never reach here unless the exec failed
+ return false;
+ }
- Importer::Handle importer(Importer::open(temp_file));
+ int status;
+ waitpid(pid, &status, 0);
+ if( (WIFEXITED(status) && WEXITSTATUS(status) != 0) || !WIFEXITED(status) )
+ return false;
- DEBUGPOINT();
+#else
+ #error There are no known APIs for creating child processes
+#endif
+
+ Importer::Handle importer(Importer::open(temp_file));
if(!importer)
{
return false;
}
- DEBUGPOINT();
-
if(!importer->get_frame(surface,0,cb))
{
if(cb)cb->error(_("Unable to get frame from ")+temp_file);
Surface bleh(surface);
surface=bleh;
-
//remove(temp_file.c_str());
- DEBUGPOINT();
return true;
#else
+
+#error This code contains tempfile and arbitrary shell command execution vulnerabilities
+
if(file)
pclose(file);
command=strprintf("convert \"%s\" -flatten ppm:-\n",filename.c_str());
- file=popen(command.c_str(),"rb");
+ file=popen(command.c_str(),POPEN_BINARY_READ_TYPE);
if(!file)
{
projects / synfig.git / blobdiff