From 7b706900e7dd3ec55eb46a366f0bc47858fb7633 Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Sat, 25 Mar 2017 21:03:46 +0100
Subject: graphicsmagick: patch for CVE-2017-6335

---
 .../graphics/graphicsmagick/cmyka-bounds.patch     | 36 ++++++++++++++++++++++
 .../graphics/graphicsmagick/default.nix            |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 pkgs/applications/graphics/graphicsmagick/cmyka-bounds.patch

(limited to 'pkgs/applications/graphics/graphicsmagick')

diff --git a/pkgs/applications/graphics/graphicsmagick/cmyka-bounds.patch b/pkgs/applications/graphics/graphicsmagick/cmyka-bounds.patch
new file mode 100644
index 00000000000..dd375143277
--- /dev/null
+++ b/pkgs/applications/graphics/graphicsmagick/cmyka-bounds.patch
@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1487905610 21600
+# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8
+# Parent  0392c4305a4369984ec8069055acc470c0a73647
+Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel.
+
+diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c
+--- a/coders/tiff.c	Sun Jan 29 10:04:57 2017 -0600
++++ b/coders/tiff.c	Thu Feb 23 21:06:50 2017 -0600
+@@ -1230,8 +1230,8 @@
+                   case 0:
+                     if (samples_per_pixel == 1)
+                       *quantum_type=GrayQuantum;
+-                      else
+-                        *quantum_type=RedQuantum;
++                    else
++                      *quantum_type=RedQuantum;
+                     break;
+                   case 1:
+                     *quantum_type=GreenQuantum;
+@@ -1411,12 +1411,12 @@
+               }
+             else
+               {
+-                if (image->matte)
++                if (image->matte && samples_per_pixel >= 5)
+                   {
+                     *quantum_type=CMYKAQuantum;
+                     *quantum_samples=5;
+                   }
+-                else
++                else if (samples_per_pixel >= 4)
+                   {
+                     *quantum_type=CMYKQuantum;
+                     *quantum_samples=4;
diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix
index f655979c2cc..0858dfba8b4 100644
--- a/pkgs/applications/graphics/graphicsmagick/default.nix
+++ b/pkgs/applications/graphics/graphicsmagick/default.nix
@@ -42,6 +42,7 @@ stdenv.mkDerivation {
       url = "https://sources.debian.net/data/main/g/graphicsmagick/1.3.25-7/debian/patches/CVE-2016-9830.patch";
       sha256 = "0qh15sd7nx7vf9sld4453iml951bwsx2fx84hxc7plhds2k3gjpa";
     })
+    ./cmyka-bounds.patch
   ];
 
   configureFlags = [
-- 
cgit 1.4.1