speaker

speaker copied to clipboard

The PicottsProvider creates a temporary file every time its textToSpeech() method is called. This file has the same name every time and there is no locking for it. This means a concurrent request can cause the file to be recreated before the output is returned, i. e. one request can get the result of a different request.

I can't provide anything you could use to reproduce this at the moment, but I think you can just infer the problem from looking at the code in PicottsProvider. There is nothing that prevents a different call from changing the file between

$result = $program->getResult("--wave={$filename}", "--lang={$this->language}", $text);

and

$result = file_get_contents($filename);

I'm not sure if, to solve this, you prefer to create a locking mechanism or something that makes the file name unique enough for the moment it takes to create, read, and remove it. For the latter, I suppose something like this could work (untested):

$filename = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "speaker_picotts_" . time() . bin2hex(random_bytes(12)) . ".wav";

Note that, if you change just the above, then whatever this precaution is would no longer work:

https://github.com/duncan3dc/speaker/blob/71152c30729b5fda8a84226b8def2ce26c257f9f/src/Providers/PicottsProvider.php#L133-L135