!14 [sync] PR-8: fixes CVE-2023-43898

From: @openeuler-sync-bot Reviewed-by: @peijiankang Signed-off-by: @peijiankang
2023-11-10 08:08:23 +00:00 · 2023-11-10 08:08:23 +00:00 · 6278b0cbc0
commit 6278b0cbc0
parent 9bdd913647 7eaf7317c2
2 changed files with 46 additions and 1 deletions
--- a/1454.patch
+++ b/1454.patch
@ -0,0 +1,24 @@
+From 4e58258d8c434111fe2e8f1146ae0a72b0e8c554 Mon Sep 17 00:00:00 2001
+From: Neil Bickford <nbickford@nvidia.com>
+Date: Sat, 25 Feb 2023 05:13:25 -0800
+Subject: [PATCH] Fix nullptr dereference when a PIC file causes
+ stbi__pic_load_core to return 0, and the requested number of components to
+ stbi_load_from_memory is not 0 or 4
+
+---
+ stb_image.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stb_image.h b/stb_image.h
+index 5e807a0a6..7e6ddeefd 100644
+--- a/stb_image.h
+++ b/stb_image.h
+@@ -6527,7 +6527,7 @@ static void *stbi__pic_load(stbi__context *s,int *px,int *py,int *comp,int req_c
+ 
+    if (!stbi__pic_load_core(s,x,y,comp, result)) {
+       STBI_FREE(result);
+-      result=0;
+      return 0;
+    }
+    *px = x;
+    *py = y;
--- a/stb.spec
+++ b/stb.spec
@ -23,7 +23,7 @@ Name:           stb
 #   https://github.com/nothings/stb/issues/1101
 %global snapinfo .20220908git8b5f1f3
 Version:        0%{snapinfo}
-Release:        0.5
+Release:        0.6
 Summary:        Single-file public domain libraries for C/C++

 # See LICENSE.
@ -113,6 +113,24 @@ Patch07:        1297.patch
 # https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24232&q=proj%3Dstb
 Patch08:        1230.patch

+# Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452
+# https://github.com/nothings/stb/pull/1454
+#
+# Fixes:
+#
+# NULL pointer dereference in the stb_image.h
+# https://github.com/nothings/stb/issues/1452
+# NULL pointer derefence in PIC loading (CVE-2023-43898)
+# https://github.com/nothings/stb/issues/1521
+# Null pointer dereference in stbi__convert_format (GHSL-2023-149)
+# https://github.com/nothings/stb/issues/1546
+#
+# An alternative and equivalent patch is:
+#
+# Fix Null pointer dereference in stbi__convert_format
+# https://github.com/nothings/stb/pull/1547
+Patch:          1454.patch
+
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
 %global stb_divide_version 0.94
@ -868,6 +886,9 @@ EOF


 %changelog
+* Fri Nov 10 2023 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.6
+- Document that 1454.patch fixes CVE-2023-43898
+
 * Thu Sep 14 2023 Darssin <2020303249@mail.nwpu.edu.cn> - 0.20220908git8b5f1f3-0.5
 - del rpmautospec to fix eur build error and modify doc to help