Age | Commit message (Collapse) | Author | Lines | |
---|---|---|---|---|
2017-04-02 | Check malloc return value for NULL. | Tobias Stoeckmann | -1/+1 | |
If malloc cannot allocate enough memory, it could return NULL. This is not necessarily true for default Linux settings, but can be provoked there as well by adjusting proc entries. Other systems like the *BSD ones definitely do this. The function _emalloc exists for exactly this purpose, so use it instead of calling malloc directly. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> | ||||
2017-03-29 | Merge pull request #286 from stoeckmann/ipc | Daniel Friesel | -1/+1 | |
Fix double-free/OOB-write while receiving IPC data | ||||
2017-03-23 | Fix double-free/OOB-write while receiving IPC data | Tobias Stoeckmann | -1/+1 | |
If a malicious client pretends to be the E17 window manager, it is possible to trigger an out of boundary heap write while receiving an IPC message. The length of the already received message is stored in an unsigned short, which overflows after receiving 64 KB of data. It's comparably small amount of data and therefore achievable for an attacker. When len overflows, realloc() will either be called with a small value and therefore chars will be appended out of bounds, or len + 1 will be exactly 0, in which case realloc() behaves like free(). This could be abused for a later double-free attack as it's even possible to overwrite the free information -- but this depends on the malloc implementation. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> | ||||
2017-02-26 | Also update window title for thumbnail windows (closes #280) | Daniel Friesel | -3/+22 | |
2017-02-23 | Fix memory leak when closing images opened from thumbnail mode | Daniel Friesel | -0/+3 | |
2017-02-16 | I made a derp2.18.2 | Daniel Friesel | -1/+7 | |
2017-01-22 | release v2.18.12.18.1 | Daniel Friesel | -2/+3 | |
2017-01-15 | feh(1): Update giflib notes | Daniel Friesel | -4/+5 | |
2017-01-14 | Changelog | Daniel Friesel | -0/+5 | |
2017-01-12 | Pass windidget to feh_action_run, making it possible to use format specifiers | ANogin | -10/+10 | |
like %o and %z in slideshow actions (I would like to use this to zoom in, pan, and then use an action to crop the window to zoomed in view). | ||||
2017-01-11 | rewrite window title whenever the image is rendered (closes #266) | Daniel Friesel | -0/+8 | |
2017-01-02 | feh(1): Move --index-info to INDEX AND THUMBNAIL MODE OPTIONS (closes #267) | Daniel Friesel | -26/+28 | |
2016-12-07 | feh(1): Add note about background setting in GNOME (#225) | Daniel Friesel | -0/+11 | |
2016-12-07 | feh.desktop: Use %U, not %F, since we also support URLs (closes #264) | Daniel Friesel | -1/+1 | |
2016-11-01 | Release v2.182.18 | Daniel Friesel | -3/+4 | |
2016-10-31 | feh(1): Add --auto-rotate | Daniel Friesel | -0/+5 | |
2016-10-30 | changelog | Daniel Friesel | -0/+8 | |
2016-10-30 | Merge branch 'teleshoes-autorotate' | Daniel Friesel | -12/+21 | |
2016-10-30 | imlib.c: Move orientation logic inside HAVE_LIBEXIF | Daniel Friesel | -2/+2 | |
2016-10-29 | Revert "config: exif 0 => 1" | Daniel Friesel | -1/+1 | |
This reverts commit 465238bdddb11d00926dcaa76ffe2f59fb536df5. | ||||
2016-10-29 | add cmdline opt --auto-rotate to rotate according to EXIF info | Elliot Wolk | -1/+7 | |
2016-10-29 | config: exif 0 => 1 | Elliot Wolk | -1/+1 | |
2016-10-29 | imlib: fix autorotate EXIF parsing | Elliot Wolk | -12/+15 | |
2016-10-24 | thumbnail mode: Add a debug printf for thumbnail image size | Daniel Friesel | -0/+1 | |
2016-10-17 | Merge branch 'ErnieE5-master' | Daniel Friesel | -5/+22 | |
2016-10-17 | Properly initialize zoom_fill key binding, set it to ! (exclamation mark) | Daniel Friesel | -1/+2 | |
2016-10-15 | Added missing man update | Ernie Ewert | -0/+5 | |
2016-10-15 | Added a "zoom fit" key binding for the current image. | Ernie Ewert | -5/+16 | |
Fixed(?) Makefile document build issue for README.md | ||||
2016-10-01 | feh(1): Remove accidentally copypasted debug info from exif=1 note | Daniel Friesel | -1/+1 | |
2016-09-21 | Merge pull request #254 from 1loop/master | Daniel Friesel | -109/+136 | |
Convert README to markdown | ||||
2016-09-21 | Convert README to markdown | Fahad Hossain | -109/+136 | |
Looks prettier | ||||
2016-09-06 | minor manpage updates/rewrites | Daniel Friesel | -19/+21 | |
2016-09-01 | Merge pull request #252 from Fale/patch-1 | Daniel Friesel | -2/+2 | |
Fix FSF address | ||||
2016-09-01 | Fix FSF address | Fabio Alessandro Locati | -2/+2 | |
2016-08-31 | changelog2.17.1 | Daniel Friesel | -0/+6 | |
2016-08-31 | Merge branch 'zeising-master' | Daniel Friesel | -0/+18 | |
2016-08-31 | winwidget: hostname always has a trailing null byte in the !HOST_NAME_MAX branch | Daniel Friesel | -1/+0 | |
2016-08-31 | Only use sysconf() if HOST_NAME_MAX is undefined | Niclas Zeising | -2/+15 | |
On some systsems sysconf() can return a very large value, unsuitable for use with malloc(). Only use sysconf() if HOST_NAME_MAX isn't avalable. | ||||
2016-08-31 | Fix build on FreeBSD. | Niclas Zeising | -6/+12 | |
FreeBSD lacks the constant HOST_NAME_MAX, instead using sysconf(3) to find out the value of the maximum host name length at run time. Patch to use this instead of HOST_NAME_MAX. This brings with it the need to use malloc instead of using a statically sized buffer for the host name, since the size of the buffer cannot be known at run time. Errors from sysconf or malloc just means that the entire block of code is skipped over (the same way it's skipped if the call to gethostname() fails), rather than returning any kind of error to the caller or logging an error message somewhere. | ||||
2016-08-28 | version bump2.17 | Daniel Friesel | -1/+2 | |
2016-08-28 | update manpage | Daniel Friesel | -35/+8 | |
2016-08-28 | changoleg | Daniel Friesel | -1/+9 | |
2016-08-28 | center feh.svg | Daniel Friesel | -41/+78 | |
2016-08-28 | Only install icons to /usr/share when running make install app=1 | Daniel Friesel | -11/+40 | |
2016-08-28 | dedup key/button initialization | Daniel Friesel | -254/+142 | |
2016-08-28 | merge next(_img), prev(_img) and (toggle_)menu | Daniel Friesel | -28/+19 | |
2016-08-28 | Merge branch 'Hadron-master' | Daniel Friesel | -0/+14 | |
2016-08-28 | Only set _NET_WM_PID once, also set WM_CLIENT_MACHINE | Daniel Friesel | -6/+14 | |
2016-08-27 | Add support for _NET_WM_PID | Klee Dienes | -0/+6 | |
2016-08-27 | feh(1): BUTTONS: Note that key actions can also be bound to buttons | Daniel Friesel | -2/+5 | |