nixpkgs/pkgs/tools/compression/bzip2/cve-2019-12900.patch

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
diff --git a/decompress.c b/decompress.c
--- a/decompress.c
+++ b/decompress.c
@@ -287,7 +287,7 @@
       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
       for (i = 0; i < nSelectors; i++) {
          j = 0;
          while (True) {