summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2013-05-09 20:59:02 +0200
committerDaniel Friesel <derf@finalrewind.org>2013-05-09 20:59:02 +0200
commit27a1fb87555b40e0ad4d0f24640801dd527ed4a4 (patch)
tree964f75dadaf4991e5cdeb8fad5985356b9b4ed2e
parent76e4af51d1b2a71b0e85f74a3e6a978e11af5f78 (diff)
downloadfeh-27a1fb87555b40e0ad4d0f24640801dd527ed4a4.zip
fix feh_printf buffer overflows
-rw-r--r--ChangeLog6
-rw-r--r--src/slideshow.c48
2 files changed, 30 insertions, 24 deletions
diff --git a/ChangeLog b/ChangeLog
index b777402..1ee60db 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+git HEAD
+
+ * Patch by David Gowers: Add %L format code (temporary copy of filelist)
+ * Fix buffer overflows in printf implementation (affects --action,
+ --customlist, --index-info, --info, --thumb-title, --title)
+
Fri, 03 May 2013 21:16:59 +0200 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.9.2
diff --git a/src/slideshow.c b/src/slideshow.c
index ee461ee..19fb773 100644
--- a/src/slideshow.c
+++ b/src/slideshow.c
@@ -478,116 +478,116 @@ char *feh_printf(char *str, feh_file * file, winwidget winwid)
switch (*c) {
case 'f':
if (file)
- strcat(ret, file->filename);
+ strncat(ret, file->filename, sizeof(ret) - strlen(ret));
break;
case 'F':
if (file)
- strcat(ret, shell_escape(file->filename));
+ strncat(ret, shell_escape(file->filename), sizeof(ret) - strlen(ret));
break;
case 'h':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
snprintf(buf, sizeof(buf), "%d", file->info->height);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 'l':
snprintf(buf, sizeof(buf), "%d", gib_list_length(filelist));
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
break;
case 'L':
if (filelist_tmppath != NULL) {
- strcat(ret, filelist_tmppath);
+ strncat(ret, filelist_tmppath, sizeof(ret) - strlen(ret));
} else {
filelist_tmppath = feh_unique_filename("/tmp/","filelist");
feh_write_filelist(filelist, filelist_tmppath);
- strcat(ret, filelist_tmppath);
+ strncat(ret, filelist_tmppath, sizeof(ret) - strlen(ret));
}
break;
case 'm':
- strcat(ret, mode);
+ strncat(ret, mode, sizeof(ret) - strlen(ret));
break;
case 'n':
if (file)
- strcat(ret, file->name);
+ strncat(ret, file->name, sizeof(ret) - strlen(ret));
break;
case 'N':
if (file)
- strcat(ret, shell_escape(file->name));
+ strncat(ret, shell_escape(file->name), sizeof(ret) - strlen(ret));
break;
case 'o':
if (winwid) {
snprintf(buf, sizeof(buf), "%d,%d", winwid->im_x,
winwid->im_y);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 'p':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
snprintf(buf, sizeof(buf), "%d", file->info->pixels);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 'P':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
- strcat(ret, format_size(file->info->pixels));
+ strncat(ret, format_size(file->info->pixels), sizeof(ret) - strlen(ret));
}
break;
case 'r':
if (winwid) {
snprintf(buf, sizeof(buf), "%.1f", winwid->im_angle);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 's':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
snprintf(buf, sizeof(buf), "%d", file->info->size);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 'S':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
- strcat(ret, format_size(file->info->size));
+ strncat(ret, format_size(file->info->size), sizeof(ret) - strlen(ret));
}
break;
case 't':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
- strcat(ret, file->info->format);
+ strncat(ret, file->info->format, sizeof(ret) - strlen(ret));
}
break;
case 'u':
snprintf(buf, sizeof(buf), "%d",
current_file != NULL ? gib_list_num(filelist, current_file)
+ 1 : 0);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
break;
case 'v':
- strcat(ret, VERSION);
+ strncat(ret, VERSION, sizeof(ret) - strlen(ret));
break;
case 'V':
snprintf(buf, sizeof(buf), "%d", getpid());
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
break;
case 'w':
if (file && (file->info || !feh_file_info_load(file, NULL))) {
snprintf(buf, sizeof(buf), "%d", file->info->width);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case 'z':
if (winwid) {
snprintf(buf, sizeof(buf), "%.2f", winwid->zoom);
- strcat(ret, buf);
+ strncat(ret, buf, sizeof(ret) - strlen(ret));
}
break;
case '%':
- strcat(ret, "%");
+ strncat(ret, "%", sizeof(ret) - strlen(ret));
break;
default:
weprintf("Unrecognized format specifier %%%c", *c);
strncat(ret, c - 1, 2);
break;
}
- } else if ((*c == '\\') && (*(c+1) != '\0')) {
+ } else if ((*c == '\\') && (*(c+1) != '\0') && ((strlen(ret) + 3) < sizeof(ret))) {
c++;
switch (*c) {
case 'n':
@@ -597,7 +597,7 @@ char *feh_printf(char *str, feh_file * file, winwidget winwid)
strncat(ret, c - 1, 2);
break;
}
- } else
+ } else if ((strlen(ret) + 2) < sizeof(ret))
strncat(ret, c, 1);
}
if (filelist_tmppath != NULL)