aboutsummaryrefslogtreecommitdiff
path: root/pkgs/development/libraries/libheif
diff options
context:
space:
mode:
authorRobert Scott <code@humanleg.org.uk>2019-05-23 01:12:23 +0100
committerVladimír Čunát <v@cunat.cz>2019-05-23 10:06:11 +0200
commit9c4d318f06c5728980f1c7f781cf4703ef8c476d (patch)
tree1f3da41a9990532c852bbf809e2411637332e5a2 /pkgs/development/libraries/libheif
parent3a28c99923f9edfe750c866887cb0b4105e6d707 (diff)
libheif: add patch for CVE-2019-11471 (PR #61919)
Diffstat (limited to 'pkgs/development/libraries/libheif')
-rw-r--r--pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch15
-rw-r--r--pkgs/development/libraries/libheif/default.nix2
2 files changed, 17 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch b/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch
new file mode 100644
index 000000000000..2ea1b124ce7b
--- /dev/null
+++ b/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch
@@ -0,0 +1,15 @@
+Adapted from upstream commit 995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
+--- a/libheif/heif_context.cc
++++ b/libheif/heif_context.cc
+@@ -571,6 +571,11 @@
+ image->set_is_alpha_channel_of(refs[0]);
+
+ auto master_iter = m_all_images.find(refs[0]);
++ if (master_iter == m_all_images.end()) {
++ return Error(heif_error_Invalid_input,
++ heif_suberror_Nonexisting_item_referenced,
++ "Non-existing alpha image referenced");
++ }
+ master_iter->second->set_alpha_channel(image);
+ }
+
diff --git a/pkgs/development/libraries/libheif/default.nix b/pkgs/development/libraries/libheif/default.nix
index 581a579cbe2c..3182345bfd48 100644
--- a/pkgs/development/libraries/libheif/default.nix
+++ b/pkgs/development/libraries/libheif/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
sha256 = "0vbjknkb2ccmw3xh2j8ljz5sj9i8wv92iw7zghcc5wn64sk1xkk2";
};
+ patches = [ ./1.4.0-CVE-2019-11471.patch ];
+
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ libde265 x265 libpng libjpeg ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 23:37:07 +0000