libsixel: fix CVE-2021-45340

Fixes: #160670
NixOS · Jan 9, 2025 · 7004da4 · 7004da4
1 parent d7d3f1b
commit 7004da4
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/pkgs/by-name/li/libsixel/fix-CVE-2021-45340.patch b/pkgs/by-name/li/libsixel/fix-CVE-2021-45340.patch
@@ -0,0 +1,12 @@
+diff --git a/src/stb_image.h b/src/stb_image.h
+index f12c30b..526281c 100644
+--- a/src/stb_image.h
++++ b/src/stb_image.h
+@@ -1534,6 +1534,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
+    int i,j;
+    unsigned char *good;
+
++   if (data == NULL) return data;
+    if (req_comp == img_n) return data;
+    STBI_ASSERT(req_comp >= 1 && req_comp <= 4);
+
diff --git a/pkgs/by-name/li/libsixel/package.nix b/pkgs/by-name/li/libsixel/package.nix
@@ -19,6 +19,11 @@ stdenv.mkDerivation rec {
     sha256 = "1nny4295ipy4ajcxmmh04c796hcds0y7z7rv3qd17mj70y8j0r2d";
   };
 
+  patches = [
+    # https://github.com/NixOS/nixpkgs/issues/160670
+    ./fix-CVE-2021-45340.patch
+  ];
+
   buildInputs = [
     gdk-pixbuf
     gd
@@ -43,7 +48,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "SIXEL library for console graphics, and converter programs";
     homepage = "https://github.com/libsixel/libsixel";
-    maintainers = [ ];
+    maintainers = with lib.maintainers; [ hzeller ];
     license = licenses.mit;
     platforms = platforms.unix;
   };