From 01293d1886c94c04cb7967c7d03d84cf27dd3f8e Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sat, 5 Nov 2022 11:44:56 +0100
Subject: [PATCH] pixman: Apply fix for integer overflow in
 pixman_sample_floor_y

https://gitlab.freedesktop.org/pixman/pixman/-/issues/63

Fixes: CVE-2022-44638
---
 pkgs/development/libraries/pixman/default.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/pixman/default.nix b/pkgs/development/libraries/pixman/default.nix
index ffdaeaef035aa..60ca31faef5f3 100644
--- a/pkgs/development/libraries/pixman/default.nix
+++ b/pkgs/development/libraries/pixman/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, libpng, glib /*just passthru*/ }:
+{ lib, stdenv, fetchurl, fetchpatch, pkg-config, libpng, glib /*just passthru*/ }:
 
 stdenv.mkDerivation rec {
   pname = "pixman";
@@ -9,6 +9,15 @@ stdenv.mkDerivation rec {
     sha256 = "0l0m48lnmdlmnaxn2021qi5cj366d9fzfjxkqgcj9bs14pxbgaw4";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+      name = "CVE-2022-44638.patch";
+      url = "https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395.patch";
+      hash = "sha256-a7voyeqcMGw+PABnVwqiakeFWhobqovNwcOvpIHjYB0=";
+    })
+  ];
+
   separateDebugInfo = !stdenv.hostPlatform.isStatic;
 
   nativeBuildInputs = [ pkg-config ];