commit e965d07055f5dd3e046469232e4b3986fb60cbaf speech: added flite - the alternative synthesis engine.
write_to_festival inserts backslashes in front of double-quotes and backslashes so that Festival can distinguish them from string delimiters. Now if FLITE_SYSTEM is selected, the output instead goes to a loop in init_festival that adds quotes around the string and "flite -t " to the beginning and calls system(). Unfortunately, the shell executed by system() recognizes more metacharacters in double-quoted strings than just double-quotes and backslashes. Specifically, if the string contains `foo` or $(foo), then arbitrary programs can be executed. It may also be possible that flite treats the entire line as an option if it begins with a dash. (The quotes don't help here because the shell eats them.) The documentation at <http://www.speech.cs.cmu.edu/flite/doc/flite_7.html#SEC16> does not say whether that is possible; I suppose someone should check the source code of flite.
pgpx54KODjVxc.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list elinks-dev@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-dev
