stb_vorbis: apply CVE-2023-45676/CVE-2023-45677 fix to setup_temp_malloc

(c.f.: nothings/stb#1248, nothings/stb#1554 , nothings/stb#1555 )
icculus · Dec 11, 2023 · 6ee6c83 · 6ee6c83
1 parent 7cc5fec
commit 6ee6c83
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/stb_vorbis.h b/src/stb_vorbis.h
@@ -970,6 +970,8 @@ static int error(vorb *f, enum STBVorbisError e)
 // given a sufficiently large block of memory, make an array of pointers to subblocks of it
 static void *make_block_array(void *mem, int count, int size)
 {
+  if (!mem) return NULL;
+  else {
    int i;
    void ** p = (void **) mem;
    char *q = (char *) (p + count);
@@ -978,6 +980,7 @@ static void *make_block_array(void *mem, int count, int size)
       q += size;
    }
    return p;
+  }
 }
 
 static void *setup_malloc(vorb *f, int sz)
@@ -1002,6 +1005,7 @@ static void setup_free(vorb *f, void *p)
 
 static void *setup_temp_malloc(vorb *f, int sz)
 {
+   if (sz <= 0 || INT_MAX - 7 < sz) return NULL;
    sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
    if (f->alloc.alloc_buffer) {
       if (f->temp_offset - sz < f->setup_offset) return NULL;