stb_vorbis: fix GHSL-2023-165 / fix CVE-2023-45675

This commit is contained in:
Benjamin A. Beasley 2023-10-25 11:21:05 -04:00
parent 1cb7df649d
commit 7cf08bbaea
2 changed files with 32 additions and 0 deletions

22
1553.patch Normal file
View File

@ -0,0 +1,22 @@
From 746d207256ef408d92112a13a75aa8a42df6753f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:39:06 +0200
Subject: [PATCH] Fix `0` byte write heap buffer overflow in `start_decoder`
Fixes #1552
---
stb_vorbis.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/stb_vorbis.c b/stb_vorbis.c
index 3e5c2504c0..8bc21de6b7 100644
--- a/stb_vorbis.c
+++ b/stb_vorbis.c
@@ -952,6 +952,7 @@ static void *setup_malloc(vorb *f, int sz)
sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
f->setup_memory_required += sz;
if (f->alloc.alloc_buffer) {
+ if (sz == 0) return NULL;
void *p = (char *) f->alloc.alloc_buffer + f->setup_offset;
if (f->setup_offset + sz > f->temp_offset) return NULL;
f->setup_offset += sz;

View File

@ -182,6 +182,16 @@ Patch: 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
# Rebased on top of https://github.com/nothings/stb/pull/1541.
Patch: 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
# Fix 0 byte write heap buffer overflow in start_decoder
# https://github.com/nothings/stb/pull/1553
#
# Fixes:
#
# 0 byte write heap buffer overflow in start_decoder
# (GHSL-2023-165/CVE-2023-45675)
# https://github.com/nothings/stb/issues/1552
Patch: %{url}/pull/1553.patch
%global stb_c_lexer_version 0.12
%global stb_connected_components_version 0.96
%global stb_divide_version 0.94