From 1736b1f69ecf3e44a1b957d8090fb04c6bc5fd95 Mon Sep 17 00:00:00 2001
From: Mikhail Efremov <sem@altlinux.org>
Date: Thu, 11 Feb 2016 18:59:27 +0300
Subject: [PATCH] Fix potential buffer overflow

Use g_malloc_n() instead of g_malloc to avoid integer overflow.
This fixes CVE-2013-7447, see
http://www.openwall.com/lists/oss-security/2016/02/10/2
for details.
---
 thunar/thunar-gdk-extensions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/thunar/thunar-gdk-extensions.c b/thunar/thunar-gdk-extensions.c
index 50ecb4a..775eca3 100644
--- a/thunar/thunar-gdk-extensions.c
+++ b/thunar/thunar-gdk-extensions.c
@@ -75,7 +75,7 @@ thunar_gdk_cairo_create_surface (const GdkPixbuf *pixbuf)
 
   /* prepare pixel data and surface */
   cairo_stride = cairo_format_stride_for_width (format, width);
-  cairo_pixels = g_malloc (height * cairo_stride);
+  cairo_pixels = g_malloc_n (height, cairo_stride);
   surface = cairo_image_surface_create_for_data (cairo_pixels, format,
                                                  width, height, cairo_stride);
   cairo_surface_set_user_data (surface, &cairo_key, cairo_pixels, g_free);
-- 
2.6.5