From 6ee6c835364360954847eda74824f141e1409775 Mon Sep 17 00:00:00 2001 From: Ozkan Sezer Date: Mon, 11 Dec 2023 11:37:04 +0300 Subject: [PATCH] stb_vorbis: apply CVE-2023-45676/CVE-2023-45677 fix to setup_temp_malloc (c.f.: https://github.com/nothings/stb/issues/1248, https://github.com/nothings/stb/pull/1554 , https://github.com/nothings/stb/pull/1555 ) --- src/stb_vorbis.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/stb_vorbis.h b/src/stb_vorbis.h index 06a684c..cf33242 100644 --- a/src/stb_vorbis.h +++ b/src/stb_vorbis.h @@ -970,6 +970,8 @@ static int error(vorb *f, enum STBVorbisError e) // given a sufficiently large block of memory, make an array of pointers to subblocks of it static void *make_block_array(void *mem, int count, int size) { + if (!mem) return NULL; + else { int i; void ** p = (void **) mem; char *q = (char *) (p + count); @@ -978,6 +980,7 @@ static void *make_block_array(void *mem, int count, int size) q += size; } return p; + } } static void *setup_malloc(vorb *f, int sz) @@ -1002,6 +1005,7 @@ static void setup_free(vorb *f, void *p) static void *setup_temp_malloc(vorb *f, int sz) { + if (sz <= 0 || INT_MAX - 7 < sz) return NULL; sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs. if (f->alloc.alloc_buffer) { if (f->temp_offset - sz < f->setup_offset) return NULL;