Skip to content

Commit

Permalink
stb_vorbis: fix CVE-2023-45682
Browse files Browse the repository at this point in the history
Based on patch by Jaroslav Lobačevski (@JarLob) submitted to
mainstream at nothings/stb#1560

GHSL-2023-172/CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
  • Loading branch information
sezero committed Dec 11, 2023
1 parent f04567f commit 9ebcb8b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/stb_vorbis.h
Original file line number Diff line number Diff line change
Expand Up @@ -1838,7 +1838,7 @@ static int codebook_decode_scalar(vorb *f, Codebook *c)

#define DECODE(var,f,c) \
DECODE_RAW(var,f,c) \
if (c->sparse) var = c->sorted_values[var];
if (c->sparse && var >= 0) var = c->sorted_values[var];

#ifndef STB_VORBIS_DIVIDES_IN_CODEBOOK
#define DECODE_VQ(var,f,c) DECODE_RAW(var,f,c)
Expand Down

0 comments on commit 9ebcb8b

Please sign in to comment.