diff options
Diffstat (limited to 'xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch')
| -rw-r--r-- | xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch new file mode 100644 index 000000000000..09f4b9374435 --- /dev/null +++ b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch @@ -0,0 +1,29 @@ +From 1736b1f69ecf3e44a1b957d8090fb04c6bc5fd95 Mon Sep 17 00:00:00 2001 +From: Mikhail Efremov <sem@altlinux.org> +Date: Thu, 11 Feb 2016 18:59:27 +0300 +Subject: [PATCH] Fix potential buffer overflow + +Use g_malloc_n() instead of g_malloc to avoid integer overflow. +This fixes CVE-2013-7447, see +http://www.openwall.com/lists/oss-security/2016/02/10/2 +for details. +--- + thunar/thunar-gdk-extensions.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/thunar/thunar-gdk-extensions.c b/thunar/thunar-gdk-extensions.c +index 50ecb4a..775eca3 100644 +--- a/thunar/thunar-gdk-extensions.c ++++ b/thunar/thunar-gdk-extensions.c +@@ -75,7 +75,7 @@ thunar_gdk_cairo_create_surface (const GdkPixbuf *pixbuf) + + /* prepare pixel data and surface */ + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data (cairo_pixels, format, + width, height, cairo_stride); + cairo_surface_set_user_data (surface, &cairo_key, cairo_pixels, g_free); +-- +2.6.5 + |