Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 140984 - blender-2.42: fix overly long misanimation
Summary: blender-2.42: fix overly long misanimation
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Luca Barbato
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-18 17:24 UTC by Alexey Dobriyan
Modified: 2010-04-21 10:54 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Show animation from Sta: to End: and only in that interval. (blender-img-last.patch,3.39 KB, patch)
2006-07-18 17:24 UTC, Alexey Dobriyan 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Dobriyan 2006-07-18 17:24:20 UTC 
1. Animate something for, say, 20 frames (ANIM when Sta:=1, End:=20)
2. Play animated result                  (PLAY when Sta:=1, End:=20)

               You:Blender
                 1:0

3. Naively bump End to 10 and play it    (PLAY when Sta:=1, End:=10)
   Ha-ha, it still plays everything.

               You:Blender
                 1:1

4. Local luser can put some more images (read: pr0n) with just right filenames
   (remember, it's "%04x.%s") and blender will show them [1]

               You:Blender
                 1:2

5. Upon exit they are not removed from /tmp

               You:Blender
                 1:3

Attached patch is for #3: play just from start to end. It wasn't tested for
AVIs et al, though.

[1] check whether mismatching image sizes can crash it (it's too late
    here, sorry)
[2] check whether "preallocating" symlinks in /tmp can screw you.
Comment 1 Alexey Dobriyan 2006-07-18 17:24:58 UTC 
Created attachment 92168 [details, diff]
Show animation from Sta: to End: and only in that interval.
Comment 2 Luca Barbato gentoo-dev 2006-07-19 03:17:52 UTC 
May you report it also upstream?
Comment 3 Alexey Dobriyan 2006-07-19 05:11:57 UTC 
Time to involve security team. Preallocating symlinks definitely works.

    ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg

    blender
    ANIM with Sta:=1, End:=10 (i. e.)

The right fix is to rewrite that turdlet called  BKE_makepicstring and friends.
I'll see what I can do.
Comment 4 Luca Barbato gentoo-dev 2006-07-20 07:01:58 UTC 
blender isn't suid...
Comment 5 Wouter van Heyst 2006-07-21 14:22:44 UTC 
(In reply to comment #3)
> Time to involve security team. Preallocating symlinks definitely works.
> 
>     ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg
> 
>     blender
>     ANIM with Sta:=1, End:=10 (i. e.)

As Luca said, blender isn't suid. However, it is annoying when other users have created such files and you don't have the permission to create those files. That said, the output location is a usersetting, so imho, the main issue is choosing a better default. What do you think?
Comment 6 Alexey Dobriyan 2006-07-21 15:54:48 UTC 
Sorry, I wasn't clear enough.

[attacker]
        ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg

[victim]
        blender
        ANIM with Sta:=1, End:=10 (i. e.)
        [where is my ssh key?]
Comment 7 Luca Barbato gentoo-dev 2006-07-21 17:00:27 UTC 
ls -al the file and the symlink and consider that blender isn't suid at all.
Comment 8 wayne tedder 2006-07-31 22:25:09 UTC 
I don't think anyone is worring about changing this any time soon.  As stated the default location for /tmp is user defined. What's more a lot of people consider the auto rewind to be a feature, not a bug.
Comment 9 Luca Barbato gentoo-dev 2010-04-21 10:54:25 UTC 
Please voice your concern with upstream and/or reopen if you consider this problem really annoying for you.