[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SpeechIO-195] speechd v0.54 - morse code support

> speechd has almost always supported multiple speech synthesizers, and I've
> wanted to add more.
> My interest in amateur radio has recently re-surfaced, as I've discovered
> an aquaintence is familiar w/ ax.25 (network protocol for use in packet
> radio -- you can encapsulate tcp/ip over ax.25 over ham radio & do free
> wireless internet access.. and there's support in the linux kernel... and
> nobody knows this).  I bought, and have started reading, radio shack's
> test prep book for the no-code ham license.
> Anyway, I was playing with this program called "morse", that takes text,
> and starts using the pc speaker to beep out the morse code form of that
> text.  Then somebody was asking me stuff about speechd.  Synapses started
> shooting at each other.  It was mesy.
> I dunno if anybody will actually be able to use this... to somebody who
> doesn't know code, it's just gonna be incessent obnoxious beeping.  And I
> hardcoded the speed at 20 wpm (20 words per minute).. which is still
> pretty slow, compaired to festival.  20wpm is fast for code.. a novice is
> only required to be able to understand 5wpm, the highest level requires
> 20wpm, & only 10% of hams reach that level.  So you may wanna edit the
> code & change the part that says "-s 20" to like "-s 5" (for 5wpm).
> If you're familiar w/ the structure of the code in speechd, you know that
> there's a main loop for each speech synthesizer -- one called
> use_festival, and one called use_rsynth.  I modified use_rsynth a bit, and
> used that for morse as well.
> It now does
>   system ("$cmd \'$text\'");
> where $cmd equals either 'morse -s 20 -d 0 -p' or 'say' (for rsynth).  And
> $text is one line read from /dev/speech.
> The difference is, the old version opened up a pipe to the stdin of the
> "say" program.  
> Is this implimentation safe, as far as shell expansion possibilities ?
> Kyle, I'm not posting this to freshmeat until I get a "yes" from you :)

It's not safe :)  You have to seperate the arguments into an array 
when you pass them to system().  I assume the single quotes you have
used are to account for the possibility of spaces being in $text -- if
you use the array syntax for system(), the quotes aren't necessary -- 
actually, the fact taht you used the quotes shows that you were trying
to protect the spaces from the shell :)  Instead, do something like this:


This passes $text directly into the argv of $cmd, and no shell is ever
invoked (so it's more efficient too).  To be really safe, you should 
make sure $cmd is fully pathed, i.e. '/usr/bin/morse' instead of just 
'morse'.  Using the array syntax is actualy more efficient too, as
there is no intermediate shell invoked to parse the arguments.

Now that I've looked at the code, I kind of relize that we should
add -T to the command line (which could be a little bit of work
to make the code taint safe).  The code should be converted to use
an array (@cmd) instead of a scalar ($cmd) to be safe when performing
exec()s, pipe open()s, and system() calls.

I can look at this possibly later today -- or one of you can (just change
the shebang line to end like this: perl -wT).  I'm sure perl will have
a hissy fit over alot of the stuff that's going on within the code.

> I'd also like to get somebody else to test this version before posting to
> freshmeat -- at least with festival, but preferably w/ festival, rsynth,
> and morse.


"Minors in Kansas City, Missouri, are not allowed to purchase cap pistols;
they may buy shotguns freely, however." 
    -- Ambrose Bierce, "The Devil's Dictionary"
mortis@voicenet.com                            http://www.voicenet.com/~mortis