summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorLines
2017-04-02Fixed memory leak on file name collision.Tobias Stoeckmann-0/+2
If feh_unique_filename encounters a file that already exists, the memory for the temporary filename is not released. As this happens in /tmp at some code places, an attacker could use this to spray the memory of feh, or simply triggering an out of memory condition. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2017-03-29Merge pull request #286 from stoeckmann/ipcDaniel Friesel-1/+1
Fix double-free/OOB-write while receiving IPC data
2017-03-23Fix double-free/OOB-write while receiving IPC dataTobias Stoeckmann-1/+1
If a malicious client pretends to be the E17 window manager, it is possible to trigger an out of boundary heap write while receiving an IPC message. The length of the already received message is stored in an unsigned short, which overflows after receiving 64 KB of data. It's comparably small amount of data and therefore achievable for an attacker. When len overflows, realloc() will either be called with a small value and therefore chars will be appended out of bounds, or len + 1 will be exactly 0, in which case realloc() behaves like free(). This could be abused for a later double-free attack as it's even possible to overwrite the free information -- but this depends on the malloc implementation. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2017-02-26Also update window title for thumbnail windows (closes #280)Daniel Friesel-3/+22
2017-02-23Fix memory leak when closing images opened from thumbnail modeDaniel Friesel-0/+3
2017-02-16I made a derp2.18.2Daniel Friesel-1/+7
2017-01-22release v2.18.12.18.1Daniel Friesel-2/+3
2017-01-15feh(1): Update giflib notesDaniel Friesel-4/+5
2017-01-14ChangelogDaniel Friesel-0/+5
2017-01-12Pass windidget to feh_action_run, making it possible to use format specifiersANogin-10/+10
like %o and %z in slideshow actions (I would like to use this to zoom in, pan, and then use an action to crop the window to zoomed in view).
2017-01-11rewrite window title whenever the image is rendered (closes #266)Daniel Friesel-0/+8
2017-01-02feh(1): Move --index-info to INDEX AND THUMBNAIL MODE OPTIONS (closes #267)Daniel Friesel-26/+28
2016-12-07feh(1): Add note about background setting in GNOME (#225)Daniel Friesel-0/+11
2016-12-07feh.desktop: Use %U, not %F, since we also support URLs (closes #264)Daniel Friesel-1/+1
2016-11-01Release v2.182.18Daniel Friesel-3/+4
2016-10-31feh(1): Add --auto-rotateDaniel Friesel-0/+5
2016-10-30changelogDaniel Friesel-0/+8
2016-10-30Merge branch 'teleshoes-autorotate'Daniel Friesel-12/+21
2016-10-30imlib.c: Move orientation logic inside HAVE_LIBEXIFDaniel Friesel-2/+2
2016-10-29Revert "config: exif 0 => 1"Daniel Friesel-1/+1
This reverts commit 465238bdddb11d00926dcaa76ffe2f59fb536df5.
2016-10-29add cmdline opt --auto-rotate to rotate according to EXIF infoElliot Wolk-1/+7
2016-10-29config: exif 0 => 1Elliot Wolk-1/+1
2016-10-29imlib: fix autorotate EXIF parsingElliot Wolk-12/+15
2016-10-24thumbnail mode: Add a debug printf for thumbnail image sizeDaniel Friesel-0/+1
2016-10-17Merge branch 'ErnieE5-master'Daniel Friesel-5/+22
2016-10-17Properly initialize zoom_fill key binding, set it to ! (exclamation mark)Daniel Friesel-1/+2
2016-10-15Added missing man updateErnie Ewert-0/+5
2016-10-15Added a "zoom fit" key binding for the current image.Ernie Ewert-5/+16
Fixed(?) Makefile document build issue for README.md
2016-10-01feh(1): Remove accidentally copypasted debug info from exif=1 noteDaniel Friesel-1/+1
2016-09-21Merge pull request #254 from 1loop/masterDaniel Friesel-109/+136
Convert README to markdown
2016-09-21Convert README to markdownFahad Hossain-109/+136
Looks prettier
2016-09-06minor manpage updates/rewritesDaniel Friesel-19/+21
2016-09-01Merge pull request #252 from Fale/patch-1Daniel Friesel-2/+2
Fix FSF address
2016-09-01Fix FSF addressFabio Alessandro Locati-2/+2
2016-08-31changelog2.17.1Daniel Friesel-0/+6
2016-08-31Merge branch 'zeising-master'Daniel Friesel-0/+18
2016-08-31winwidget: hostname always has a trailing null byte in the !HOST_NAME_MAX branchDaniel Friesel-1/+0
2016-08-31Only use sysconf() if HOST_NAME_MAX is undefinedNiclas Zeising-2/+15
On some systsems sysconf() can return a very large value, unsuitable for use with malloc(). Only use sysconf() if HOST_NAME_MAX isn't avalable.
2016-08-31Fix build on FreeBSD.Niclas Zeising-6/+12
FreeBSD lacks the constant HOST_NAME_MAX, instead using sysconf(3) to find out the value of the maximum host name length at run time. Patch to use this instead of HOST_NAME_MAX. This brings with it the need to use malloc instead of using a statically sized buffer for the host name, since the size of the buffer cannot be known at run time. Errors from sysconf or malloc just means that the entire block of code is skipped over (the same way it's skipped if the call to gethostname() fails), rather than returning any kind of error to the caller or logging an error message somewhere.
2016-08-28version bump2.17Daniel Friesel-1/+2
2016-08-28update manpageDaniel Friesel-35/+8
2016-08-28changolegDaniel Friesel-1/+9
2016-08-28center feh.svgDaniel Friesel-41/+78
2016-08-28Only install icons to /usr/share when running make install app=1Daniel Friesel-11/+40
2016-08-28dedup key/button initializationDaniel Friesel-254/+142
2016-08-28merge next(_img), prev(_img) and (toggle_)menuDaniel Friesel-28/+19
2016-08-28Merge branch 'Hadron-master'Daniel Friesel-0/+14
2016-08-28Only set _NET_WM_PID once, also set WM_CLIENT_MACHINEDaniel Friesel-6/+14
2016-08-27Add support for _NET_WM_PIDKlee Dienes-0/+6
2016-08-27feh(1): BUTTONS: Note that key actions can also be bound to buttonsDaniel Friesel-2/+5