Skip to content

Commit

Permalink
stb_vorbis: fix CVE-2023-45675, CVE-2023-45676 and CVE-2023-45677.
Browse files Browse the repository at this point in the history 
Based on the patches by Jaroslav Lobačevski (@JarLob) submitted
to mainstream at: nothings#1554 and
nothings#1555

Also see nothings#1552 and
nothings#1553

GHSL-2023-166/CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
GHSL-2023-167/CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
GHSL-2023-165/CVE-2023-45675: 0 byte write heap buffer overflow in start_decoder()
  • Loading branch information
@sezero
sezero committed Dec 12, 2023
1 parent b025ad7 commit 65cae52
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions stb_vorbis.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -967,6 +967,7 @@ static void *make_block_array(void *mem, int count, int size)

static void *setup_malloc(vorb *f, int sz)
{
if (sz <= 0 || INT_MAX - 7 < sz) return NULL;
sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
f->setup_memory_required += sz;
if (f->alloc.alloc_buffer) {
Expand Down

0 comments on commit 65cae52

Please sign in to comment.