Skip to content

Commit

Permalink
stb_vorbis: fix CVE-2023-45679 and CVE-2023-45680.
Browse files Browse the repository at this point in the history
Based on the patches by Jaroslav Lobačevski (@JarLob) submitted
to mainstream at: nothings/stb#1557 and
nothings/stb#1558

GHSL-2023-169/CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
GHSL-2023-170/CVE-2023-45680: Null pointer dereference in vorbis_deinit()
  • Loading branch information
sezero committed Dec 11, 2023
1 parent a9e5aa8 commit 09996c4
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/stb_vorbis.h
Original file line number Diff line number Diff line change
Expand Up @@ -3747,8 +3747,13 @@ static int start_decoder(vorb *f)
f->comment_list = NULL;
if (f->comment_list_length > 0)
{
f->comment_list = (char**) setup_malloc(f, sizeof(char*) * (f->comment_list_length));
if (f->comment_list == NULL) return error(f, VORBIS_outofmem);
len = sizeof(char*) * f->comment_list_length;
f->comment_list = (char**) setup_malloc(f, len);
if (f->comment_list == NULL) {
f->comment_list_length = 0;
return error(f, VORBIS_outofmem);
}
memset(f->comment_list, 0, len);
}

for(i=0; i < f->comment_list_length; ++i) {
Expand Down

0 comments on commit 09996c4

Please sign in to comment.