summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2014-05-11 13:48:48 +0200
committerDaniel Friesel <derf@finalrewind.org>2014-05-11 13:48:48 +0200
commitd3275f49374d258c6962d101321b218fc70fec89 (patch)
treeeef7acaf5fa02c78618bde26fbf4a5466e1cc52b
parent2cbfb7eea3ab6bdcc056f5ce42967e79ddcda4a2 (diff)
feh_printf: Fix buffer overflow when handling unknown format specifiers
-rw-r--r--ChangeLog3
-rw-r--r--src/slideshow.c3
2 files changed, 5 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 0a441c9..16b0c0f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ git HEAD
in it, and as I do not have the time to take over giblib development,
importing the library seems to be the best solution.
* Fix/improve --randomize for short filelists (closes #151)
+ * Fix a buffer overflow in the printf implementation when handling unknown
+ format specifiers (affects --action, --customlist, --index-info, --info,
+ --thumb-title and --title)
Sun, 27 Apr 2014 20:28:02 +0200 Daniel Friesel <derf+feh@finalrewind.org>
diff --git a/src/slideshow.c b/src/slideshow.c
index 8aa783c..a18c1f8 100644
--- a/src/slideshow.c
+++ b/src/slideshow.c
@@ -584,7 +584,8 @@ char *feh_printf(char *str, feh_file * file, winwidget winwid)
break;
default:
weprintf("Unrecognized format specifier %%%c", *c);
- strncat(ret, c - 1, 2);
+ if ((strlen(ret) + 3) < sizeof(ret))
+ strncat(ret, c - 1, 2);
break;
}
} else if ((*c == '\\') && (*(c+1) != '\0') && ((strlen(ret) + 3) < sizeof(ret))) {