Ubuntu
feh package

[SRU] feh crashes on right-click

Bug #2063843 reported by wxpte
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
feh (Ubuntu)
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

"feh" will crash with a coredump if any user tries to open the context menu by right-clicking on the displayed image.

[ Test Plan ]

Install feh
open any image with feh, the command is "feh <image filename>"
right click on the displayed image.

If the package is not fixed it will result in a coredump.
With the fixed package the context menu will be displayed.

To make sure the context menu is working as expected:
1. Goto "image info" in the context manu, and it will show the info in a submenu
2. Goto "File" -> "Change View" and then choose any of the options displayed to rotate or flip the image and the image should behave accordingly.

[ Where problems could occur ]

The upstream patch has changed how it draws the context menu. Instead of using a polygon, its now using lines to draw the menu.
I can imagine that for some users this might cause the menu to be not properly aligned or not displayed correctly at the correct position.
But that might still be better than "feh" crashing while trying to display the menu.

[ Other Info ]

This has been fixed upstream and in Debian (3.10.2-1) and as a result Oracular has the fixed package.

[ Original Bug Description ]

When I right-click on the opened window with the picture to get access to the context menu, the window closes with an error message:
*** buffer overflow detected ***: terminated

lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04

apt-cache policy feh
feh:
  Installiert: 3.10.1-1build3
  Installationskandidat: 3.10.1-1build3
  Versionstabelle:
 *** 3.10.1-1build3 500
        500 http://de.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
        100 /var/lib/dpkg/status

See original description
Paul White (paulw2u)
affects: ubuntu → feh (Ubuntu)
tags: added: noble
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can reproduce the issue on Noble. Also tested and confirmed that Oracular and Mantic are not affected.

Changed in feh (Ubuntu):
status: New → In Progress
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in feh (Ubuntu Noble):
status: New → In Progress
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in feh (Ubuntu):
assignee: Sudip Mukherjee (sudipmuk) → nobody
status: In Progress → Fix Released
Sudip Mukherjee (sudipmuk)
summary: - feh crashes on right-click
+ [SRU] feh crashes on right-click
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

Uploaded to Noble. Now waiting for SRU review.

Changed in feh (Ubuntu Noble):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello wxpte, or anyone else affected,

Accepted feh into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/feh/3.10.1-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in feh (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-noble
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that feh from noble-proposed has fixed the bug for me.

Test done:

install feh and open an image with feh, right-click on it and confirm that the coredump is still seen.

Added noble-proposed to apt sources.
install feh from noble-proposed.

open the image with feh, right click on it and confirmed that the context menu is displayed. Clicked on "image info" and also clicked on "change view" to confirm feh context menu works as expected.

Package tested:

$ apt-cache policy feh
feh:
  Installed: 3.10.1-1ubuntu0.1
  Candidate: 3.10.1-1ubuntu0.1
  Version table:
 *** 3.10.1-1ubuntu0.1 100
        100 http://gb.archive.ubuntu.com/ubuntu noble-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     3.10.1-1build3 500
        500 http://gb.archive.ubuntu.com/ubuntu noble/universe amd64 Packages

tags: added: verification-done verification-done-noble
removed: verification-needed verification-needed-noble
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package feh - 3.10.1-1ubuntu0.1

---------------
feh (3.10.1-1ubuntu0.1) noble; urgency=medium

  * Fix crash due to buffer overflow on context menu. (LP: #2063843)

 -- Sudip Mukherjee <email address hidden> Wed, 26 Jun 2024 20:22:35 +0100

Changed in feh (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for feh has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.