stb/1553.patch
2023-10-25 11:38:48 -04:00

23 lines
840 B
Diff

From 746d207256ef408d92112a13a75aa8a42df6753f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:39:06 +0200
Subject: [PATCH] Fix `0` byte write heap buffer overflow in `start_decoder`
Fixes #1552
---
stb_vorbis.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/stb_vorbis.c b/stb_vorbis.c
index 3e5c2504c0..8bc21de6b7 100644
--- a/stb_vorbis.c
+++ b/stb_vorbis.c
@@ -952,6 +952,7 @@ static void *setup_malloc(vorb *f, int sz)
sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
f->setup_memory_required += sz;
if (f->alloc.alloc_buffer) {
+ if (sz == 0) return NULL;
void *p = (char *) f->alloc.alloc_buffer + f->setup_offset;
if (f->setup_offset + sz > f->temp_offset) return NULL;
f->setup_offset += sz;