Commits · 9b4341e12c6be32b654478cdf3a4e8a631c4e31f · derf / feh

Sep 26, 2017
- Remove unused variable · 9b4341e1
  Niclas Zeising authored 7 years ago
  
  9b4341e1
Sep 24, 2017
- Replace keybinding struct with an array of named bindings · 1ed8c690
  Birte Kristina Friesel authored 7 years ago
  
  1ed8c690
Sep 16, 2017
- Add toggle_fixed_geometry ("g") keybinding to enable/disable window auto-resize · 7eb9d73e
  Birte Kristina Friesel authored 7 years ago
  
  Closes #326
  7eb9d73e
- Initialize png comment hash after setjmp() to avoid clobbering it · a6b5acb9
  Birte Kristina Friesel authored 7 years ago
  
  a6b5acb9
Sep 15, 2017
- Replace legacy signal(...) call with sigaction(...) · e91a10ec
  Birte Kristina Friesel authored 7 years ago
  
  e91a10ec
Sep 13, 2017
- Improve handling of lost terminals · 82083824
  Birte Kristina Friesel authored 7 years ago
  
  When feh loses its controlling terminal at runtime, e.g. due to backgrounding / disowning, it will no longer issue a warning on each terminal keystroke.
  82083824
- Only restore terminal settings if stdin still belongs to us (closes #324) · 284207b1
  Birte Kristina Friesel authored 7 years ago
  
  284207b1
Sep 05, 2017
- Work around ImageMagick bug when converting to file descriptors (#323) · 72cafccc
  Birte Kristina Friesel authored 7 years ago
  
  72cafccc
Sep 04, 2017
- Remove image from filelist if it was removed by an action (closes #322) · d77e4f0a
  Birte Kristina Friesel authored 7 years ago
  
  d77e4f0a
Sep 02, 2017
- Respect -N / --no-menus option (broken in 2.17) · 8ad7d163
  Birte Kristina Friesel authored 7 years ago
  
  8ad7d163
Aug 31, 2017
- Add support for caption editing to stdin key input · 2384a200
  Birte Kristina Friesel authored 7 years ago
  
  2384a200
Aug 29, 2017
- Handle detaching the controlling tty from a feh process · cbf6925b
  Birte Kristina Friesel authored 7 years ago
  
  cbf6925b
Aug 27, 2017
- Do not accept control from stdin when running in the background · 9e146eb6
  Birte Kristina Friesel authored 7 years ago
  
  9e146eb6
Aug 25, 2017
- Silence -Wimplicit-fallthrough= warning · a0e2ed52
  orbea authored 7 years ago
  
  a0e2ed52
- (src/Makefile) Manually set the target *.c files · 7391cd1f
  orbea authored 7 years ago
  
  This allows finer control of which files are compiled and additionally will silence some -Wpedantic warnings when "empty" files are compiled.
  7391cd1f
- Silence warnings · b6782ccf
  orbea authored 7 years ago
  
  b6782ccf
- Disable stdin control in multiwindow mode · 5cf2736a
  Birte Kristina Friesel authored 7 years ago
  
  As there's no "default" window, it doesn't make much sense here... Plus, it's buggy as hell in this mode
  5cf2736a
Aug 23, 2017
- Add terminal-input support for space and return · 3b53d965
  Birte Kristina Friesel authored 7 years ago
  
  3b53d965
- Put terminal into (mostly) raw mode when reading commands from stdin · 84c27062
  Birte Kristina Friesel authored 7 years ago
  
  Also, restore the previous terminal mode on exit
  84c27062
Aug 22, 2017
- Add experimental support for (remote) control via stdin · aaa67e2d
  Birte Kristina Friesel authored 7 years ago
  
  aaa67e2d
Aug 21, 2017
- Release v2.19.3 · fd524633
  Birte Kristina Friesel authored 7 years ago
  
  View commits for tag 2.19.3 2.19.3
  
  fd524633
Aug 19, 2017
- Make feh abort immediately if an index image could not be created (#306) · be4c0b01
  Birte Kristina Friesel authored 7 years ago
  
  be4c0b01
- Save --geometry flags in .fehbg if specified (closes #313) · 9ffb418a
  Birte Kristina Friesel authored 7 years ago
  
  9ffb418a
Aug 12, 2017
- Release v2.19.2 · 19655b45
  Birte Kristina Friesel authored 7 years ago
  
  View commits for tag 2.19.2 2.19.2
  
  19655b45
Aug 10, 2017
- Fix segfault in feh_event_handle_keypress for certain key inputs · b7cf37bc
  Birte Kristina Friesel authored 7 years ago
  
  Turns out that it is undefined behaviour to pass a value to isctype functions which does not fit inside a char. Closes #312
  b7cf37bc
Aug 05, 2017
- Show ImageMagick output on the terminal unless --quiet is specified · 0c5ed692
  Birte Kristina Friesel authored 7 years ago
  
  (cf #309)
  0c5ed692
Jun 19, 2017
- Fix Shift modifier not being recognized for tab, space and similar keys · 428c7eed
  Birte Kristina Friesel authored 7 years ago
  
  Closes #303
  428c7eed
Apr 16, 2017
- Thumbnail generation: Handle HOME-less users (and some other edge cases) · a22f1452
  Birte Kristina Friesel authored 7 years ago
  
  a22f1452
Apr 06, 2017
- Fix indentation. · cc6d820e
  Olof-Joachim Frahm authored 7 years ago
  
  cc6d820e
Apr 05, 2017
- Use temporary file to create thumbnail. · 848c5f8a
  Olof-Joachim Frahm authored 7 years ago
  
  848c5f8a
- `sizeof(char)` is defined to be 1. · c42d5542
  Olof-Joachim Frahm authored 7 years ago
  
  c42d5542
- Use XDG_CACHE_HOME for thumbnails. · c41e7244
  Olof-Joachim Frahm authored 7 years ago
  
  c41e7244
Apr 02, 2017

replace _emalloc with emalloc (is the same unless DMALLOC is used) · 03a64923
Birte Kristina Friesel authored 7 years ago

03a64923

Check malloc return value for NULL. · b95c1ea6


If malloc cannot allocate enough memory, it could return NULL. This is
not necessarily true for default Linux settings, but can be provoked
there as well by adjusting proc entries. Other systems like the *BSD
ones definitely do this.

The function _emalloc exists for exactly this purpose, so use it instead
of calling malloc directly.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

b95c1ea6

Fixed memory leak on file name collision. · 08dbe8e2

Tobias Stoeckmann authored 7 years ago

If feh_unique_filename encounters a file that already exists, the memory
for the temporary filename is not released. As this happens in /tmp at
some code places, an attacker could use this to spray the memory of feh,
or simply triggering an out of memory condition.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

08dbe8e2

Avoid out of boundary read on empty/broken file. · bdee6af0

Tobias Stoeckmann authored 7 years ago

If ereadfile encounters an empty file or the file could not be read, an
out ouf boundary read (and possible write) occurs. Always check the
return value of fread to be > 0 before processing the result buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

bdee6af0

Always terminate strncpy results with '\0'. · 575b9345

Tobias Stoeckmann authored 7 years ago


The strncpy function does not guarantee to end the resulting character
sequence with a terminating nul character if not enough space is
available. This could be triggered by supplying a sufficiently long
output_file option.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

575b9345

Mar 23, 2017

Fix double-free/OOB-write while receiving IPC data · f7a547b7

Tobias Stoeckmann authored 8 years ago

If a malicious client pretends to be the E17 window manager, it is
possible to trigger an out of boundary heap write while receiving an
IPC message.

The length of the already received message is stored in an unsigned
short, which overflows after receiving 64 KB of data. It's comparably
small amount of data and therefore achievable for an attacker.

When len overflows, realloc() will either be called with a small value
and therefore chars will be appended out of bounds, or len + 1 will be
exactly 0, in which case realloc() behaves like free(). This could be
abused for a later double-free attack as it's even possible to overwrite
the free information -- but this depends on the malloc implementation.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

f7a547b7

Feb 26, 2017
- Also update window title for thumbnail windows (closes #280) · a0072d60
  Birte Kristina Friesel authored 8 years ago
  
  a0072d60
Feb 23, 2017
- Fix memory leak when closing images opened from thumbnail mode · f05ba61a
  Birte Kristina Friesel authored 8 years ago
  
  f05ba61a