On Monday, April 23, 2012 07:10:05 PM Albert Astals Cid wrote: > El Dilluns, 23 d'abril de 2012, a les 12:35:46, William Bader va escriure: > > Would it be safer to call one of the exec() functions instead of > > system()? > > Of course it is, it is what my patch does. Actually as my initial mail i > don't think quoting is a valid fix, so i'm voting for exec()+whatever > window has in turn of exec or direct removal.
On windows, the command line is just a string. Therefore, arguments must still be escaped. And escaping rules for CreateProcess are different than escaping rules for the cmd shell... I'm attaching a patch (to be applied on top of Albert's initial one) that implements the executeCommand on win32 Fabio References CreateProcess function http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx Parsing C Command-Line Arguments http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
commit 42870766264d7989be425b4cd1318c97b1a5ea47 Author: Fabio D'Urso <[email protected]> Date: Mon Apr 23 20:55:36 2012 +0200 win32 implementation for executeCommand diff --git a/goo/gfile.cc b/goo/gfile.cc index fd596b9..39cfd3a 100644 --- a/goo/gfile.cc +++ b/goo/gfile.cc @@ -585,8 +585,56 @@ GBool executeCommand(int nCommands, const char *cmd, ...) { } return 0; } +#elif defined(_WIN32) + va_list var_args; + va_start(var_args, cmd); + GooString escapedArgs; + + // Fill escaped argument list. First arg is cmdName + const char *cmdName = (char*)cmd; + for (int j = -1; j < nCommands; ++j) { + if (j != -1) escapedArgs.append(' '); // separate from previous argument + const char *argUnescaped = ( j == -1 ? cmdName : va_arg(var_args, char *) ); + escapedArgs.append('"'); + int pendingBackslashes = 0; + while (*argUnescaped) { + switch (*argUnescaped) { + case '\\': + pendingBackslashes++; + break; + case '\"': + for (; pendingBackslashes>0; pendingBackslashes--) escapedArgs.append("\\\\", 2); + escapedArgs.append("\\\"", 2); + break; + default: + for (; pendingBackslashes>0; pendingBackslashes--) escapedArgs.append('\\'); + escapedArgs.append(*argUnescaped); + break; + } + argUnescaped++; + } + for (; pendingBackslashes>0; pendingBackslashes--) escapedArgs.append("\\\\", 2); + escapedArgs.append('"'); // end argument + } + va_end(var_args); + //puts(escapedArgs.getCString()); + + STARTUPINFO si; + PROCESS_INFORMATION pi; + memset(&si, 0, sizeof(si)); + si.cb = sizeof(si); + memset(&pi, 0, sizeof(pi)); + if ( !CreateProcess(NULL, escapedArgs.getCString(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi ) ) { + return gFalse; + } + + DWORD exitCode; + WaitForSingleObject(pi.hProcess, INFINITE); + GetExitCodeProcess(pi.hProcess, &exitCode); + CloseHandle(pi.hProcess); + CloseHandle(pi.hThread); + return exitCode == 0; #else -sdf return gFalse; #endif }
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
