diff options
author | Tobias Stoeckmann <stoeckmann@users.noreply.github.com> | 2021-07-23 20:17:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-23 20:17:50 +0200 |
commit | c188578f3f807c967b54b73b793399f0e23f54b3 (patch) | |
tree | 1d7e827e65c57452f1b35ce7516bfd826c6993c7 /src | |
parent | 87d9b7edb0e348c606d0d064e8db998ee9cec208 (diff) |
Fix out of boundary access with exif (#617)
* Fix out of boundary access
The while-loop is not finished when pos is set to EXIF_MAX_DATA.
Instead, the loop continues and therefore tries to access data outside
of the array.
This is triggered when compiled with exif=1 and asan:
$ feh --draw-exif image.jpg
* Fixed formatting
No functional change but makes previous commit easier verifiable
(independent of tab space setup).
* Call break; instead of setting pos2 to a magic value
This is in line with the following else clause
* Another cosmetic adjustment
Co-authored-by: Daniel Friesel <derf@finalrewind.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/imlib.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/imlib.c b/src/imlib.c index 6f31e96..140e487 100644 --- a/src/imlib.c +++ b/src/imlib.c @@ -1183,23 +1183,23 @@ void feh_draw_exif(winwidget w) if ( (buffer[pos] != '\n') && (buffer[pos] != '\0') ) { - info_line[pos2] = buffer[pos]; - } - else if ( buffer[pos] == '\0' ) - { - pos = EXIF_MAX_DATA; /* all data seen */ - info_line[pos2] = '\0'; + info_line[pos2] = buffer[pos]; + } + else if ( buffer[pos] == '\0' ) + { + pos = EXIF_MAX_DATA; /* all data seen */ + info_line[pos2] = '\0'; + break; + } + else + { + info_line[pos2] = '\0'; /* line finished, continue with next line*/ + pos++; + break; } - else - { - info_line[pos2] = '\0'; /* line finished, continue with next line*/ - - pos++; - break; - } - pos++; - pos2++; + pos++; + pos2++; } gib_imlib_get_text_size(fn, info_line, NULL, &line_width, |