stb_vorbis: fix CVE-2023-45676 and CVE-2023-45677.

Based on the patches by Jaroslav Lobačevski (@JarLob) submitted to mainstream at: nothings/stb#1554 and nothings/stb#1555 GHSL-2023-166/CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() GHSL-2023-167/CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
icculus · Dec 11, 2023 · a9e5aa8 · a9e5aa8
1 parent d9d196a
commit a9e5aa8
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/stb_vorbis.h b/src/stb_vorbis.h
@@ -982,6 +982,7 @@ static void *make_block_array(void *mem, int count, int size)
 
 static void *setup_malloc(vorb *f, int sz)
 {
+   if (sz < 0 || INT_MAX - 7 < sz) return NULL;
    sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
    f->setup_memory_required += sz;
    if (f->alloc.alloc_buffer) {