libjpeg-turbo: Patch to fix CVE-2013-6629 and CVE-2013-6630.

Merge #1399.
11 years ago · f6b3e2ca54
parent 4c5a71f777
commit f6b3e2ca54
2 changed files with 42 additions and 0 deletions
--- a/pkgs/development/libraries/libjpeg-turbo/default.nix
+++ b/pkgs/development/libraries/libjpeg-turbo/default.nix
@ -8,6 +8,8 @@ stdenv.mkDerivation rec {
    sha256 = "0d0jwdmj3h89bxdxlwrys2mw18mqcj4rzgb5l2ndpah8zj600mr6";
  };

+  patches = [ ./libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch ];
+
  buildInputs = [ nasm ];

  doCheck = true;
--- a/pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ b/pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
@ -0,0 +1,40 @@
+Thanks to the sources below; this patch discovered via Gentoo.
+
+http://bugzilla.redhat.com/show_bug.cgi?id=1031734
+http://bugzilla.redhat.com/show_bug.cgi?id=1031749
+http://sourceforge.net/p/libjpeg-turbo/code/1090/
+
+--- libjpeg-turbo-1.3.0/jdmarker.c
+++ libjpeg-turbo-1.3.0/jdmarker.c
+@@ -304,7 +304,7 @@
+ /* Process a SOS marker */
+ {
+   INT32 length;
+-  int i, ci, n, c, cc;
+  int i, ci, n, c, cc, pi;
+   jpeg_component_info * compptr;
+   INPUT_VARS(cinfo);
+ 
+@@ -348,6 +348,13 @@
+     
+     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
+
+    /* This CSi (cc) should differ from the previous CSi */
+    for (pi = 0; pi < i; pi++) {
+      if (cinfo->cur_comp_info[pi] == compptr) {
+        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
+      }
+    }
+   }
+ 
+   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
+@@ -465,6 +472,8 @@
+     for (i = 0; i < count; i++)
+       INPUT_BYTE(cinfo, huffval[i], return FALSE);
+ 
+    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+
+     length -= count;
+ 
+     if (index & 0x10) {		/* AC table definition */