Merge commit '98e3b90b6c8f400ae5438ef868eb992a64b75ce5'

2 files changed, 17 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch b/nixpkgs/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch
new file mode 100644
index 000000000000..2ea1b124ce7b
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libheif/1.4.0-CVE-2019-11471.patch
@@ -0,0 +1,15 @@
+Adapted from upstream commit 995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
+--- a/libheif/heif_context.cc
++++ b/libheif/heif_context.cc
+@@ -571,6 +571,11 @@
+             image->set_is_alpha_channel_of(refs[0]);
+ 
+             auto master_iter = m_all_images.find(refs[0]);
++            if (master_iter == m_all_images.end()) {
++              return Error(heif_error_Invalid_input,
++                           heif_suberror_Nonexisting_item_referenced,
++                           "Non-existing alpha image referenced");
++            }
+             master_iter->second->set_alpha_channel(image);
+           }
+
diff --git a/nixpkgs/pkgs/development/libraries/libheif/default.nix b/nixpkgs/pkgs/development/libraries/libheif/default.nix
index 581a579cbe2c..3182345bfd48 100644
--- a/nixpkgs/pkgs/development/libraries/libheif/default.nix
+++ b/nixpkgs/pkgs/development/libraries/libheif/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
     sha256 = "0vbjknkb2ccmw3xh2j8ljz5sj9i8wv92iw7zghcc5wn64sk1xkk2";
   };
 
+  patches = [ ./1.4.0-CVE-2019-11471.patch ];
+
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
   buildInputs = [ libde265 x265 libpng libjpeg ];