From d1780682ca19a6184288d672039693348174f82d Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Wed, 25 Oct 2023 11:17:55 -0400 Subject: [PATCH] stb_image: fix GHSL-2023-150 / fix CVE-2023-45666 --- ...free-in-stbi__load_gif_main_outofmem.patch | 2 +- ...ble-free-or-memory-leak-in-stbi__loa.patch | 46 +++++++++++++++++++ stb.spec | 13 ++++++ 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch diff --git a/0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch b/0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch index 1d402d7..bd4576d 100644 --- a/0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch +++ b/0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch @@ -1,7 +1,7 @@ From 4a4c1eeb8540c61ceb3456b3277184bc1c63c9be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Thu, 19 Oct 2023 16:16:34 +0200 -Subject: [PATCH] Fix double-free in stbi__load_gif_main_outofmem +Subject: [PATCH 1/2] Fix double-free in stbi__load_gif_main_outofmem Fixes #1544 --- diff --git a/0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch b/0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch new file mode 100644 index 0000000..25118c4 --- /dev/null +++ b/0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch @@ -0,0 +1,46 @@ +From 33c3c202425daea456520f92846b37da6a83e1c0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= +Date: Thu, 19 Oct 2023 16:29:56 +0200 +Subject: [PATCH 2/2] Fix possible double-free or memory leak in + stbi__load_gif_main + +Fixes #1548 +--- + stb_image.h | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/stb_image.h b/stb_image.h +index d3a1f59..df4ff95 100644 +--- a/stb_image.h ++++ b/stb_image.h +@@ -6999,8 +6999,11 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y, + return ret; + } + void *tmp = (stbi_uc*) STBI_REALLOC_SIZED( out, out_size, layers * stride ); +- if (!tmp) +- return stbi__load_gif_main_outofmem(&g, out, delays); ++ if (!tmp) { ++ void *ret = stbi__load_gif_main_outofmem(&g, out, delays); ++ if (delays && *delays) *delays = 0; ++ return ret; ++ } + else { + out = (stbi_uc*) tmp; + out_size = layers * stride; +@@ -7019,8 +7022,11 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y, + return ret; + } + out = (stbi_uc*)stbi__malloc( layers * stride ); +- if (!out) +- return stbi__load_gif_main_outofmem(&g, out, delays); ++ if (!out) { ++ void *ret = stbi__load_gif_main_outofmem(&g, out, delays); ++ if (delays && *delays) *delays = 0; ++ return ret; ++ } + out_size = layers * stride; + if (delays) { + *delays = (int*) stbi__malloc( layers * sizeof(int) ); +-- +2.41.0 + diff --git a/stb.spec b/stb.spec index a527191..452d1ef 100644 --- a/stb.spec +++ b/stb.spec @@ -157,6 +157,19 @@ Patch: %{url}/pull/1543.patch # Rebased on top of https://github.com/nothings/stb/pull/1539. Patch: 0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch +# Fix possible double-free or memory leak in stbi__load_gif_main +# https://github.com/nothings/stb/pull/1549 +# +# Fixes: +# +# Possible double-free or memory leak in stbi__load_gif_main +# (GHSL-2023-150/CVE-2023-45666) +# https://github.com/nothings/stb/issues/1548 +# +# Rebased on top of https://github.com/nothings/stb/pull/1539 and +# https://github.com/nothings/stb/pull/1545. +Patch: 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch + %global stb_c_lexer_version 0.12 %global stb_connected_components_version 0.96 %global stb_divide_version 0.94