right click crash

[VoidYin]

when i right click the image, feh crashs.

here is distribution:
cat /etc/*-release
NAME="openSUSE Tumbleweed"
VERSION="20220915"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20220915"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20220915"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"

here is debug info:
(gdb) bt
#0 0x00007efea2c3181c in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007efea2bde846 in raise () from /lib64/libc.so.6
#2 0x00007efea2bc781c in abort () from /lib64/libc.so.6
#3 0x00007efea2c249ae in __libc_message () from /lib64/libc.so.6
#4 0x00007efea2cc5f1a in __fortify_fail () from /lib64/libc.so.6
#5 0x00007efea2cc4506 in __chk_fail () from /lib64/libc.so.6
#6 0x00007efea2dbc4c3 in memset (__len=4, __ch=0, __dest=0x55a6eae82a40) at /usr/include/bits/string_fortified.h:59
#7 __imlib_Polygon_FillToData (blend=, dst_alpha=, op=, clh=7, clw=4, cly=7, clx=70, dstw=,
dst=, color=4278190080, poly=0x55a6eae82970) at /usr/src/debug/imlib2-1.9.1-1.2.x86_64/src/lib/draw_polygon.c:1152
#8 __imlib_Polygon_FillToImage (anti_alias=, blend=, op=, clh=, clw=, cly=,
clx=, im=, color=4278190080, poly=0x55a6eae82970) at /usr/src/debug/imlib2-1.9.1-1.2.x86_64/src/lib/draw_polygon.c:1845
#9 imlib_image_fill_polygon (poly=0x55a6eae82970) at /usr/src/debug/imlib2-1.9.1-1.2.x86_64/src/lib/api.c:3287
#10 0x000055a6e93ccbd2 in feh_menu_draw_submenu_at (oy=0, ox=0, dst=0x55a6eae828b0, y=, x=)
at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:842
#11 feh_menu_draw_item (oy=0, ox=0, im=0x55a6eae828b0, i=0x55a6eae6a420) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:711
#12 feh_menu_draw_to_buf (oy=, ox=0, im=0x55a6eae828b0, m=0x55a6eae69c10) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:797
#13 feh_menu_redraw (m=m@entry=0x55a6eae69c10) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:763
#14 0x000055a6e93cce49 in feh_menu_redraw (m=0x55a6eae69c10) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:743
#15 feh_menu_show_at (m=0x55a6eae69c10, x=1022, y=523) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/menu.c:408
#16 0x000055a6e93d9be7 in winwidget_show_menu (winwid=0x55a6eae65c10) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/winwidget.c:1238
#17 0x000055a6e93cdc4e in feh_main_iteration (block=block@entry=1) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/main.c:155
#18 0x000055a6e93be83a in main (argc=, argv=) at /usr/src/debug/feh-3.9.1-1.1.x86_64/src/main.c:105
core.tar.gz

[NoSuck]

I also encounter this issue (on Fedora 38 ala #703).

$ LC_ALL=C feh .
*** buffer overflow detected ***: terminated
中止 (コアダンプ)

It is not purely a “right-click” issue, however. It seems to be a toggle_menu issue and—as above—a startup issue.

“コアダンプ” above means “core dump”.

[KoshulaDora]

I can confirm the issue can be easily replicated by installing feh on a fresh fedora 38 install. Did anyone manage to find a fix yet?

[andreygursky]

No right click crash on Debian (testing) with feh 3.10-1 and imlib2 1.11.1-2.

[CharlzKlug]

[nix-shell:~/Projects/feh]$ /home/charlzk/local/bin/feh --version
feh version 3.10-3-g7751353-dirty
Compile-time switches: curl verscmp xinerama 

Right click crash confirmed in NixOS:

[nix-shell:~/Projects/feh]$ nix-info -m
 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.52, NixOS, 23.11 (Tapir), 23.11.20230911.3a2786e`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.17.0`
 - channels(root): `"home-manager, nixos"`
 - channels(charlzk): `""`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

[CharlzKlug]

I have tried to build from source on Ubuntu 20.04.6 LTS, and right-click works fine.

[CharlzKlug]

I have debugged a little:

1238			feh_menu_show_at_xy(menu_main, winwid, x, y);
(gdb) n
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
0x00007ffff7ad2a8c in __pthread_kill_implementation () from /nix/store/9la894yvmmksqlapd4v16wvxpaw3rg70-glibc-2.37-8/lib/libc.so.6

Something goes wrong at 1238 in winwidget.c.

[CharlzKlug]

Something goes wrong in the imlib_image_fill_polygon(poly);

Breakpoint 9, feh_menu_draw_submenu_at (x=70, y=4, dst=<optimized out>, ox=<optimized out>, 
    oy=<optimized out>) at menu.c:840
840		imlib_image_fill_polygon(poly);
(gdb) p poly
$8 = (ImlibPolygon) 0x478080
(gdb) p *poly
Attempt to dereference a generic pointer.
(gdb) s
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
0x00007ffff7ad2a8c in __pthread_kill_implementation ()
   from /nix/store/9la894yvmmksqlapd4v16wvxpaw3rg70-glibc-2.37-8/lib/libc.so.6

[CharlzKlug]

Workaround, which helps me: edit function feh_menu_draw_submenu_at in the file menu.c like:

void feh_menu_draw_submenu_at(int x, int y, Imlib_Image dst, int ox, int oy)
{
	x -= ox;
	y -= oy;
	imlib_context_set_image(dst);
	imlib_context_set_color(0, 0, 0, 255);
	imlib_image_draw_line(x, y+3, x+3, y+6, 0);
	imlib_image_draw_line(x+3, y+6, x, y+9, 0);
	imlib_image_draw_line(x, y+9, x, y+3, 0);
	return;
}

[CharlzKlug]

A little bit improved code, that draw filled triangle:

void feh_menu_draw_submenu_at(int x, int y, Imlib_Image dst, int ox, int oy)
{
        // Draw filled triangle
        x -= ox;
	y -= oy;

	imlib_context_set_image(dst);
	imlib_context_set_color(0, 0, 0, 255);

	for (int i= 0; i <= 3; i++) {
	  imlib_image_draw_line(x+i, y+3+i, x+i, y+9-i, 0);
	}
	  
	return;
}

[derf]

Patch from #723 has been merged, so I'll consider this to be fixed. Thanks for pointing it out and for the PR!

[CharlzKlug]

You are welcome!