Permalink
Commits on Apr 16, 2017
Commits on Apr 6, 2017
  1. Fix indentation.

    Ferada committed Apr 6, 2017
Commits on Apr 5, 2017
Commits on Apr 4, 2017
  1. version bump

    committed Apr 4, 2017
Commits on Apr 3, 2017
  1. changelog

    committed Apr 3, 2017
Commits on Apr 2, 2017
  1. Merge pull request #290 from stoeckmann/emalloc

    Check malloc return value for NULL.
    committed on GitHub Apr 2, 2017
  2. Merge pull request #289 from stoeckmann/memory-leak

    Fixed memory leak on file name collision.
    committed on GitHub Apr 2, 2017
  3. Merge pull request #288 from stoeckmann/strncpy

    Always terminate strncpy results with '\0'.
    committed on GitHub Apr 2, 2017
  4. Merge pull request #287 from stoeckmann/empty-file

    Avoid out of boundary read on empty/broken file.
    committed on GitHub Apr 2, 2017
  5. Check malloc return value for NULL.

    If malloc cannot allocate enough memory, it could return NULL. This is
    not necessarily true for default Linux settings, but can be provoked
    there as well by adjusting proc entries. Other systems like the *BSD
    ones definitely do this.
    
    The function _emalloc exists for exactly this purpose, so use it instead
    of calling malloc directly.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    stoeckmann committed Apr 2, 2017
  6. Fixed memory leak on file name collision.

    If feh_unique_filename encounters a file that already exists, the memory
    for the temporary filename is not released. As this happens in /tmp at
    some code places, an attacker could use this to spray the memory of feh,
    or simply triggering an out of memory condition.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    stoeckmann committed Apr 2, 2017
  7. Avoid out of boundary read on empty/broken file.

    If ereadfile encounters an empty file or the file could not be read, an
    out ouf boundary read (and possible write) occurs. Always check the
    return value of fread to be > 0 before processing the result buffer.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    stoeckmann committed Apr 2, 2017
  8. Always terminate strncpy results with '\0'.

    The strncpy function does not guarantee to end the resulting character
    sequence with a terminating nul character if not enough space is
    available. This could be triggered by supplying a sufficiently long
    output_file option.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    stoeckmann committed Apr 2, 2017
Commits on Apr 1, 2017
  1. changelog

    committed Apr 1, 2017
Commits on Mar 28, 2017
  1. Merge pull request #286 from stoeckmann/ipc

    Fix double-free/OOB-write while receiving IPC data
    committed on GitHub Mar 28, 2017
Commits on Mar 23, 2017
  1. Fix double-free/OOB-write while receiving IPC data

    If a malicious client pretends to be the E17 window manager, it is
    possible to trigger an out of boundary heap write while receiving an
    IPC message.
    
    The length of the already received message is stored in an unsigned
    short, which overflows after receiving 64 KB of data. It's comparably
    small amount of data and therefore achievable for an attacker.
    
    When len overflows, realloc() will either be called with a small value
    and therefore chars will be appended out of bounds, or len + 1 will be
    exactly 0, in which case realloc() behaves like free(). This could be
    abused for a later double-free attack as it's even possible to overwrite
    the free information -- but this depends on the malloc implementation.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    stoeckmann committed Mar 23, 2017
Commits on Feb 26, 2017
Commits on Feb 23, 2017
Commits on Feb 16, 2017
  1. I made a derp

    committed Feb 16, 2017
Commits on Jan 22, 2017
  1. release v2.18.1

    committed Jan 22, 2017
Commits on Jan 15, 2017
  1. feh(1): Update giflib notes

    committed Jan 15, 2017
Commits on Jan 14, 2017
  1. Changelog

    committed Jan 14, 2017
Commits on Jan 12, 2017
  1. Pass windidget to feh_action_run, making it possible to use format sp…

    …ecifiers
    
    like %o and %z in slideshow actions (I would like to use this to zoom in, pan,
    and then use an action to crop the window to zoomed in view).
    ANogin committed with Dec 8, 2013
Commits on Jan 11, 2017
Commits on Jan 2, 2017
Commits on Dec 7, 2016
Commits on Nov 1, 2016
  1. Release v2.18

    committed Nov 1, 2016
Commits on Oct 31, 2016
  1. feh(1): Add --auto-rotate

    committed Oct 31, 2016
Commits on Oct 30, 2016
  1. changelog

    committed Oct 30, 2016