The mptr_mplayer module isn't built by default, but prevent it from being compiled...

author pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>

Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)

committer pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>

Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)
author pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)
committer pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)
diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp

index f6a621a..9e3d547 100644 (file)
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -72,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
  bool
  mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
  {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
         int ret;
         ret=system(
                 strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",
author	pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
	Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)
committer	pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
	Thu, 6 Dec 2007 01:52:35 +0000 (01:52 +0000)