summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--src/collage.c6
-rw-r--r--src/index.c6
-rw-r--r--src/thumbnail.c6
-rw-r--r--src/utils.c4
5 files changed, 23 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 7c2ecfb..ec517ea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+git HEAD
+
+ * Fix double-free/OOB-write in E17 IPC. This only affects the
+ background setting options and requires a malicious X11 app to run
+ alongside feh and pretend to be an E17 window manager.
+ * Fix image-specific format specifiers not being updated correctly in
+ thumbnail mode window titles
+ * Fix memory leak when closing images opened from thumbnail mode
+
Thu, 16 Feb 2017 23:05:39 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.18.2
diff --git a/src/collage.c b/src/collage.c
index bcb30fa..b975136 100644
--- a/src/collage.c
+++ b/src/collage.c
@@ -191,8 +191,10 @@ void init_collage_mode(void)
char output_buf[1024];
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image(im_main, output_buf);
if (opt.verbose) {
int tw, th;
diff --git a/src/index.c b/src/index.c
index a71744d..7a2f5fc 100644
--- a/src/index.c
+++ b/src/index.c
@@ -324,8 +324,10 @@ void init_index_mode(void)
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image_with_error_return(im_main, output_buf, &err);
if (err) {
diff --git a/src/thumbnail.c b/src/thumbnail.c
index c9cc24f..43168c4 100644
--- a/src/thumbnail.c
+++ b/src/thumbnail.c
@@ -381,8 +381,10 @@ void init_thumbnail_mode(void)
if (opt.output_dir)
snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
- else
- strncpy(output_buf, opt.output_file, 1024);
+ else {
+ strncpy(output_buf, opt.output_file, 1023);
+ output_buf[1023] = '\0';
+ }
gib_imlib_save_image_with_error_return(td.im_main, output_buf, &err);
if (err) {
feh_imlib_print_load_error(output_buf, td.im_main, err);
diff --git a/src/utils.c b/src/utils.c
index 8372d8f..fdd4c22 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -185,14 +185,14 @@ char *ereadfile(char *path)
{
char buffer[4096];
FILE *fp;
- int count;
+ size_t count;
fp = fopen(path, "r");
if (!fp)
return NULL;
count = fread(buffer, sizeof(char), sizeof(buffer) - 1, fp);
- if (buffer[count - 1] == '\n')
+ if (count > 0 && buffer[count - 1] == '\n')
buffer[count - 1] = '\0';
else
buffer[count] = '\0';