stb_image: fix GHSL-2023-148 / fix CVE-2023-45664

0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch

@@ -0,0 +1,28 @@
+From 4a4c1eeb8540c61ceb3456b3277184bc1c63c9be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 16:16:34 +0200
+Subject: [PATCH] Fix double-free in stbi__load_gif_main_outofmem
+
+Fixes #1544
+---
+ stb_image.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/stb_image.h b/stb_image.h
+index aac3653..d3a1f59 100644
+--- a/stb_image.h
++++ b/stb_image.h
+@@ -6990,6 +6990,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
+             stride = g.w * g.h * 4;
+ 
+             if (out) {
++               if (stride == 0) {
++                  void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
++                  return ret;
++               }
+                if (!stbi__mul2sizes_valid(layers, stride)) {
+                   void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+                   return ret;
+-- 
+2.41.0
+

stb.spec

@@ -139,6 +139,17 @@ Patch:          %{url}/pull/1541.patch
 # https://github.com/nothings/stb/issues/1542
 Patch:          %{url}/pull/1543.patch
 
+# Fix double-free in stbi__load_gif_main_outofmem
+# https://github.com/nothings/stb/pull/1545
+#
+# Fixes:
+#
+# Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148/CVE-2023-45664)
+# https://github.com/nothings/stb/issues/1544
+#
+# Rebased on top of https://github.com/nothings/stb/pull/1539.
+Patch:          0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
+
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
 %global stb_divide_version 0.94