stb_vorbis: fix CVE-2023-45682

Based on patch by Jaroslav Lobačevski (@JarLob) submitted to mainstream at nothings/stb#1560 GHSL-2023-172/CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
icculus · Dec 11, 2023 · 9ebcb8b · 9ebcb8b
1 parent f04567f
commit 9ebcb8b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/stb_vorbis.h b/src/stb_vorbis.h
@@ -1838,7 +1838,7 @@ static int codebook_decode_scalar(vorb *f, Codebook *c)
 
 #define DECODE(var,f,c)                                       \
    DECODE_RAW(var,f,c)                                        \
-   if (c->sparse) var = c->sorted_values[var];
+   if (c->sparse && var >= 0) var = c->sorted_values[var];
 
 #ifndef STB_VORBIS_DIVIDES_IN_CODEBOOK
   #define DECODE_VQ(var,f,c)   DECODE_RAW(var,f,c)