Benjamin A. Beasley
4 weeks ago
parent
3572699378
commit
6719c00391
@ -0,0 +1,36 @@
|
|||||||
|
From 724a10527964762fde9e79f38413aed4166b456e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Henner Zeller <h.zeller@acm.org>
|
||||||
|
Date: Thu, 9 Jan 2025 08:57:50 -0800
|
||||||
|
Subject: [PATCH] Fix root-cause of CVE-2021-45340 : dereference of NULL ptr.
|
||||||
|
|
||||||
|
Originally reported in libsixel (https://github.com/libsixel/libsixel/issues/51
|
||||||
|
and https://github.com/libsixel/libsixel/issues/73) also as https://nvd.nist.gov/vuln/detail/CVE-2021-45340
|
||||||
|
|
||||||
|
Fixed there by locally patching stb https://github.com/libsixel/libsixel/commit/c8c7f1b1cab7bd556f54787a5e409d2ddf86ea9f
|
||||||
|
|
||||||
|
Hereby fixing upstream.
|
||||||
|
---
|
||||||
|
stb_image.h | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/stb_image.h b/stb_image.h
|
||||||
|
index 9eedabedc..4a435555e 100644
|
||||||
|
--- a/stb_image.h
|
||||||
|
+++ b/stb_image.h
|
||||||
|
@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
|
||||||
|
Bug & warning fixes
|
||||||
|
Marc LeBlanc David Woo Guillaume George Martins Mozeiko
|
||||||
|
Christpher Lloyd Jerry Jansson Joseph Thomson Blazej Dariusz Roszkowski
|
||||||
|
- Phil Jordan Dave Moore Roy Eltham
|
||||||
|
+ Phil Jordan Henner Zeller Dave Moore Roy Eltham
|
||||||
|
Hayaki Saito Nathan Reed Won Chun
|
||||||
|
Luke Graham Johan Duparc Nick Verigakis the Horde3D community
|
||||||
|
Thomas Ruf Ronny Chevalier github:rlyeh
|
||||||
|
@@ -1757,6 +1757,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
|
||||||
|
int i,j;
|
||||||
|
unsigned char *good;
|
||||||
|
|
||||||
|
+ if (data == NULL) return data;
|
||||||
|
if (req_comp == img_n) return data;
|
||||||
|
STBI_ASSERT(req_comp >= 1 && req_comp <= 4);
|
||||||
|
|
||||||
Loading…
Reference in new issue