packages/stb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!35 [sync] PR-33: fix CVE-2023-45667

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2024-03-01 07:15:27 +00:00 committed by Gitee
commit 20d7d30fbb
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch Normal file
View File

@ -0,0 +1,27 @@
From 800a684d6d3cae7ed2437a23496d9306c0dfa8dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:33:06 +0200
Subject: [PATCH] Fix Null pointer dereference because of an uninitialized
variable
Call `stbi__vertical_flip_slices` only if the previous function didn't fail. Fixes #1550
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 49c53d0..de12c06 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1446,7 +1446,7 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int *
stbi__start_mem(&s,buffer,len);
result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp);
- if (stbi__vertically_flip_on_load) {
+ if (stbi__vertically_flip_on_load && result) {
int channels = req_comp ? req_comp : *comp;
stbi__vertical_flip_slices( result, *x, *y, *z, channels );
}
--
2.41.0

16
stb.spec
View File

@ -23,7 +23,7 @@ Name: stb
# https://github.com/nothings/stb/issues/1101
%global snapinfo .20220908git8b5f1f3
Version: 0%{snapinfo}
Release: 0.11
Release: 0.12
Summary: Single-file public domain libraries for C/C++
# See LICENSE.
@ -211,6 +211,17 @@ Patch: 0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
# https://github.com/nothings/stb/pull/1545.
Patch: 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
# Fix Null pointer dereference because of an uninitialized variable
# https://github.com/nothings/stb/pull/1551
#
# Fixes:
#
# Null pointer dereference because of an uninitialized variable
# (GHSL-2023-151/CVE-2023-45667)
# https://github.com/nothings/stb/issues/1550
#
# Rebased on top of https://github.com/nothings/stb/pull/1541.
Patch: 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
%global stb_c_lexer_version 0.12
%global stb_connected_components_version 0.96
@ -967,6 +978,9 @@ EOF
%changelog
* Fri Mar 01 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.12
- stb_image: fix GHSL-2023-151 / fix CVE-2023-45667
* Thu Feb 29 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.11
- stb_image: fix GHSL-2023-150 / fix CVE-2023-45666