You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.6 KiB
37 lines
1.6 KiB
From 724a10527964762fde9e79f38413aed4166b456e Mon Sep 17 00:00:00 2001
|
|
From: Henner Zeller <h.zeller@acm.org>
|
|
Date: Thu, 9 Jan 2025 08:57:50 -0800
|
|
Subject: [PATCH] Fix root-cause of CVE-2021-45340 : dereference of NULL ptr.
|
|
|
|
Originally reported in libsixel (https://github.com/libsixel/libsixel/issues/51
|
|
and https://github.com/libsixel/libsixel/issues/73) also as https://nvd.nist.gov/vuln/detail/CVE-2021-45340
|
|
|
|
Fixed there by locally patching stb https://github.com/libsixel/libsixel/commit/c8c7f1b1cab7bd556f54787a5e409d2ddf86ea9f
|
|
|
|
Hereby fixing upstream.
|
|
---
|
|
stb_image.h | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/stb_image.h b/stb_image.h
|
|
index 9eedabedc..4a435555e 100644
|
|
--- a/stb_image.h
|
|
+++ b/stb_image.h
|
|
@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
|
|
Bug & warning fixes
|
|
Marc LeBlanc David Woo Guillaume George Martins Mozeiko
|
|
Christpher Lloyd Jerry Jansson Joseph Thomson Blazej Dariusz Roszkowski
|
|
- Phil Jordan Dave Moore Roy Eltham
|
|
+ Phil Jordan Henner Zeller Dave Moore Roy Eltham
|
|
Hayaki Saito Nathan Reed Won Chun
|
|
Luke Graham Johan Duparc Nick Verigakis the Horde3D community
|
|
Thomas Ruf Ronny Chevalier github:rlyeh
|
|
@@ -1757,6 +1757,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
|
|
int i,j;
|
|
unsigned char *good;
|
|
|
|
+ if (data == NULL) return data;
|
|
if (req_comp == img_n) return data;
|
|
STBI_ASSERT(req_comp >= 1 && req_comp <= 4);
|
|
|