diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | src/collage.c | 6 | ||||
| -rw-r--r-- | src/index.c | 6 | ||||
| -rw-r--r-- | src/thumbnail.c | 6 | ||||
| -rw-r--r-- | src/utils.c | 6 |
5 files changed, 25 insertions, 8 deletions
@@ -1,3 +1,12 @@ +git HEAD + + * Fix double-free/OOB-write in E17 IPC. This only affects the + background setting options and requires a malicious X11 app to run + alongside feh and pretend to be an E17 window manager. + * Fix image-specific format specifiers not being updated correctly in + thumbnail mode window titles + * Fix memory leak when closing images opened from thumbnail mode + Thu, 16 Feb 2017 23:05:39 +0100 Daniel Friesel <derf+feh@finalrewind.org> * Release v2.18.2 diff --git a/src/collage.c b/src/collage.c index bcb30fa..b975136 100644 --- a/src/collage.c +++ b/src/collage.c @@ -191,8 +191,10 @@ void init_collage_mode(void) char output_buf[1024]; if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image(im_main, output_buf); if (opt.verbose) { int tw, th; diff --git a/src/index.c b/src/index.c index a71744d..7a2f5fc 100644 --- a/src/index.c +++ b/src/index.c @@ -324,8 +324,10 @@ void init_index_mode(void) if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image_with_error_return(im_main, output_buf, &err); if (err) { diff --git a/src/thumbnail.c b/src/thumbnail.c index c9cc24f..43168c4 100644 --- a/src/thumbnail.c +++ b/src/thumbnail.c @@ -381,8 +381,10 @@ void init_thumbnail_mode(void) if (opt.output_dir) snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file); - else - strncpy(output_buf, opt.output_file, 1024); + else { + strncpy(output_buf, opt.output_file, 1023); + output_buf[1023] = '\0'; + } gib_imlib_save_image_with_error_return(td.im_main, output_buf, &err); if (err) { feh_imlib_print_load_error(output_buf, td.im_main, err); diff --git a/src/utils.c b/src/utils.c index 7d30445..e02d807 100644 --- a/src/utils.c +++ b/src/utils.c @@ -169,9 +169,11 @@ char *feh_unique_filename(char *path, char *basename) ppid = getpid(); snprintf(cppid, sizeof(cppid), "%06ld", (long) ppid); + tmpname = NULL; /* make sure file doesn't exist */ do { snprintf(num, sizeof(num), "%06ld", i++); + free(tmpname); tmpname = estrjoin("", path, "feh_", cppid, "_", num, "_", basename, NULL); } while (stat(tmpname, &st) == 0); @@ -183,14 +185,14 @@ char *ereadfile(char *path) { char buffer[4096]; FILE *fp; - int count; + size_t count; fp = fopen(path, "r"); if (!fp) return NULL; count = fread(buffer, sizeof(char), sizeof(buffer) - 1, fp); - if (buffer[count - 1] == '\n') + if (count > 0 && buffer[count - 1] == '\n') buffer[count - 1] = '\0'; else buffer[count] = '\0'; |