centos 6
shell weakness #13

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gst-plugins-good-0.10.23/ext/dv/gstsmptetimecode.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

  * @frame_number: integer frame number
 *
 * Converts a frame number to a time code.
 *
 * Returns: TRUE if the conversion was successful
 */
gboolean
gst_smpte_time_code_from_frame_number (GstSMPTETimeCodeSystem system,
    GstSMPTETimeCode * time_code, int frame_number)
{
  int ten_mins;
  int n;

  g_return_val_if_fail (time_code != NULL, FALSE);
  g_return_val_if_fail (GST_SMPTE_TIME_CODE_SYSTEM_IS_VALID (system), FALSE);

  time_code->hours = 99;
  time_code->minutes = 99;
  time_code->seconds = 99;
  time_code->frames = 99;

  if (frame_number < 0)
    return FALSE;

  switch (system) {
    case GST_SMPTE_TIME_CODE_SYSTEM_30:
      if (frame_number >= 24 * NTSC_FRAMES_PER_HOUR)
        return FALSE;

      ten_mins = frame_number / NTSC_FRAMES_PER_10_MINS;
      frame_number -= ten_mins * NTSC_FRAMES_PER_10_MINS;

      time_code->hours = ten_mins / 6;
      time_code->minutes = 10 * (ten_mins % 6);

      if (frame_number < 2) {
        /* treat the first two frames of each ten minutes specially */
        time_code->seconds = 0;
        time_code->frames = frame_number;
      } else {
        n = (frame_number - 2) / (60 * 30 - 2);
        time_code->minutes += n;
        frame_number -= n * (60 * 30 - 2);

        time_code->seconds = frame_number / 30;
        time_code->frames = frame_number % 30;
      }
      break;
    case GST_SMPTE_TIME_CODE_SYSTEM_25:
      if (frame_number >= 24 * 60 * 60 * 25) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.