This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository entice.
View the commit online.
commit ba51de241d00b13111286ac143abf66a5548ea37
Author: Vincent Torri <vto...@outlook.fr>
AuthorDate: Sun Feb 9 12:59:00 2025 +0100
Fix winlist code:
1. lack of escaping
2. use after free
patch from raster
---
src/bin/entice_winlist.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/bin/entice_winlist.c b/src/bin/entice_winlist.c
index 91b9871..59a3011 100644
--- a/src/bin/entice_winlist.c
+++ b/src/bin/entice_winlist.c
@@ -116,8 +116,6 @@ entice_winlist_genlist_content_get(void *data, Evas_Object *obj, const char *par
thumb = eina_strbuf_string_get(buf);
ef = eet_open(thumb, EET_FILE_MODE_READ);
- eina_strbuf_free(buf);
- buf = NULL;
if (ef)
{
unsigned char sha[20];
@@ -150,6 +148,7 @@ entice_winlist_genlist_content_get(void *data, Evas_Object *obj, const char *par
if (cmd)
{
Ecore_Exe *exe;
+ char *s;
eina_strbuf_append(cmd, PACKAGE_BIN_DIR);
eina_strbuf_append(cmd, "/entice_thumb_gen");
@@ -157,16 +156,22 @@ entice_winlist_genlist_content_get(void *data, Evas_Object *obj, const char *par
eina_strbuf_append(cmd, ".exe");
#endif
eina_strbuf_append_char(cmd, ' ');
+ s = ecore_file_escape_name(d->path);
eina_strbuf_append(cmd, d->path);
+ free(s);
eina_strbuf_append_char(cmd, ' ');
eina_strbuf_append(cmd, _entice_winlist_mime_get(d->path));
eina_strbuf_append_char(cmd, ' ');
+ s = ecore_file_escape_name(thumb);
eina_strbuf_append(cmd, thumb);
+ free(s);
exe = ecore_exe_run(eina_strbuf_string_get(cmd), NULL);
eina_strbuf_free(cmd);
cmd = NULL;
}
}
+ eina_strbuf_free(buf);
+ buf = NULL;
}
if (ok)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
