From 1cb7df649d943a7cad4bbfe941117ed4f56fa81a Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 25 Oct 2023 11:19:23 -0400 Subject: [PATCH] stb_image: fix GHSL-2023-151 / fix CVE-2023-45667 --- ...-dereference-because-of-an-uninitial.patch | 27 +++++++++++++++++++ stb.spec | 12 +++++++++ 2 files changed, 39 insertions(+) create mode 100644 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch diff --git a/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch b/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch new file mode 100644 index 0000000..560178c --- /dev/null +++ b/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch @@ -0,0 +1,27 @@ +From 800a684d6d3cae7ed2437a23496d9306c0dfa8dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= +Date: Thu, 19 Oct 2023 16:33:06 +0200 +Subject: [PATCH] Fix Null pointer dereference because of an uninitialized + variable + +Call `stbi__vertical_flip_slices` only if the previous function didn't fail. Fixes #1550 +--- + stb_image.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/stb_image.h b/stb_image.h +index 49c53d0..de12c06 100644 +--- a/stb_image.h ++++ b/stb_image.h +@@ -1446,7 +1446,7 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int * + stbi__start_mem(&s,buffer,len); + + result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp); +- if (stbi__vertically_flip_on_load) { ++ if (stbi__vertically_flip_on_load && result) { + int channels = req_comp ? req_comp : *comp; + stbi__vertical_flip_slices( result, *x, *y, *z, channels ); + } +-- +2.41.0 + diff --git a/stb.spec b/stb.spec index d601a16..640a8fd 100644 --- a/stb.spec +++ b/stb.spec @@ -170,6 +170,18 @@ Patch: 0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch # https://github.com/nothings/stb/pull/1545. Patch: 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch +# Fix Null pointer dereference because of an uninitialized variable +# https://github.com/nothings/stb/pull/1551 +# +# Fixes: +# +# Null pointer dereference because of an uninitialized variable +# (GHSL-2023-151/CVE-2023-45667) +# https://github.com/nothings/stb/issues/1550 +# +# Rebased on top of https://github.com/nothings/stb/pull/1541. +Patch: 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch + %global stb_c_lexer_version 0.12 %global stb_connected_components_version 0.96 %global stb_divide_version 0.94