stb_image: fix GHSL-2023-145 / fix CVE-2023-45661

1539.patch

@@ -0,0 +1,24 @@
+From 8cfcbf7dde7705c849f4f7a5acb26f79b895fffe Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 15:57:03 +0200
+Subject: [PATCH] Fix wild address read in stbi__gif_load_next
+
+It seems `layers` were forgotten to include in equation.
+Fixes #1538
+---
+ stb_image.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stb_image.h b/stb_image.h
+index 5e807a0a6..cd09ab697 100644
+--- a/stb_image.h
++++ b/stb_image.h
+@@ -7019,7 +7019,7 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
+             }
+             memcpy( out + ((layers - 1) * stride), u, stride );
+             if (layers >= 2) {
+-               two_back = out - 2 * stride;
++               two_back = out + (layers - 2) * stride;
+             }
+ 
+             if (delays) {

stb.spec

@@ -110,6 +110,15 @@ Patch:          %{url}/pull/1532.patch
 # https://github.com/nothings/stb/pull/1533
 Patch:          %{url}/pull/1534.patch
 
+# Fix wild address read in stbi__gif_load_next
+# https://github.com/nothings/stb/pull/1539
+#
+# Fixes:
+#
+# Wild address read in stbi__gif_load_next (GHSL-2023-145/CVE-2023-45661)
+# https://github.com/nothings/stb/issues/1538
+Patch:          %{url}/pull/1539.patch
+
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
 %global stb_divide_version 0.94