Created attachment 6608 0001-Fix-potential-buffer-overflow.patch Use g_malloc_n() instead of g_malloc to avoid integer overflow. This fixes CVE-2013-7447, see http://www.openwall.com/lists/oss-security/2016/02/10/2 for details.
Mikhail Efremov referenced this bugreport in commit 7578cc83223b312af9900a08d9abe33df59a6c1b Fix potential buffer overflow (bug #12444) https://git.xfce.org/xfce/thunar/commit?id=7578cc83223b312af9900a08d9abe33df59a6c1b
Alexander Schwinn referenced this bugreport in commit 57e78a363ccab345c5bf90a43fc8f9c8d60e3a92 Fix potential buffer overflow (bug #12444) reverted - sorry, thought I tested, but I did not :F https://git.xfce.org/xfce/thunar/commit?id=57e78a363ccab345c5bf90a43fc8f9c8d60e3a92
Sorry for late reply ! Gna, sorry ... I should take better care. Need to add extra argument for "g_malloc_n"
Mikhail Efremov referenced this bugreport in commit ca3571e0f7ff1781a085106d58837bb01f994659 Fix potential buffer overflow (bug #12444) https://git.xfce.org/xfce/thunar/commit?id=ca3571e0f7ff1781a085106d58837bb01f994659
ok, this time :F Thanks for the patch !
Mikhail Efremov referenced this bugreport in commit 6d8b604cad217884d884a641bf7c2e19b7ca36f8 Fix potential buffer overflow (Bug #12444) https://git.xfce.org/xfce/thunar/commit?id=6d8b604cad217884d884a641bf7c2e19b7ca36f8
^^ as well fixed for xfce 4.12 branch