summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorTobias Stoeckmann <stoeckmann@users.noreply.github.com>2021-07-23 20:17:50 +0200
committerGitHub <noreply@github.com>2021-07-23 20:17:50 +0200
commitc188578f3f807c967b54b73b793399f0e23f54b3 (patch)
tree1d7e827e65c57452f1b35ce7516bfd826c6993c7 /src
parent87d9b7edb0e348c606d0d064e8db998ee9cec208 (diff)
Fix out of boundary access with exif (#617)
* Fix out of boundary access The while-loop is not finished when pos is set to EXIF_MAX_DATA. Instead, the loop continues and therefore tries to access data outside of the array. This is triggered when compiled with exif=1 and asan: $ feh --draw-exif image.jpg * Fixed formatting No functional change but makes previous commit easier verifiable (independent of tab space setup). * Call break; instead of setting pos2 to a magic value This is in line with the following else clause * Another cosmetic adjustment Co-authored-by: Daniel Friesel <derf@finalrewind.org>
Diffstat (limited to 'src')
-rw-r--r--src/imlib.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/src/imlib.c b/src/imlib.c
index 6f31e96..140e487 100644
--- a/src/imlib.c
+++ b/src/imlib.c
@@ -1183,23 +1183,23 @@ void feh_draw_exif(winwidget w)
if ( (buffer[pos] != '\n')
&& (buffer[pos] != '\0') )
{
- info_line[pos2] = buffer[pos];
- }
- else if ( buffer[pos] == '\0' )
- {
- pos = EXIF_MAX_DATA; /* all data seen */
- info_line[pos2] = '\0';
+ info_line[pos2] = buffer[pos];
+ }
+ else if ( buffer[pos] == '\0' )
+ {
+ pos = EXIF_MAX_DATA; /* all data seen */
+ info_line[pos2] = '\0';
+ break;
+ }
+ else
+ {
+ info_line[pos2] = '\0'; /* line finished, continue with next line*/
+ pos++;
+ break;
}
- else
- {
- info_line[pos2] = '\0'; /* line finished, continue with next line*/
-
- pos++;
- break;
- }
- pos++;
- pos2++;
+ pos++;
+ pos2++;
}
gib_imlib_get_text_size(fn, info_line, NULL, &line_width,