fix CVE-2023-45662

2024-02-28 09:39:51 +08:00 · 2024-02-28 09:39:51 +08:00 · 46321e1738
commit 46321e1738
parent f8c7659d5c
2 changed files with 42 additions and 3 deletions
--- a/1541.patch
+++ b/1541.patch
@ -0,0 +1,25 @@
+From 973cdc889deaae2b97d1bdf9b793b96be02b9b3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 16:03:41 +0200
+Subject: [PATCH] Fix multi-byte read heap buffer overflow in
+ stbi__vertical_flip
+
+Fixes #1540
+---
+ stb_image.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/stb_image.h b/stb_image.h
+index 5e807a0a6..49c53d092 100644
+--- a/stb_image.h
+++ b/stb_image.h
+@@ -1447,7 +1447,8 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int *
+ 
+    result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp);
+    if (stbi__vertically_flip_on_load) {
+-      stbi__vertical_flip_slices( result, *x, *y, *z, *comp );
+      int channels = req_comp ? req_comp : *comp;
+      stbi__vertical_flip_slices( result, *x, *y, *z, channels );
+    }
+ 
+    return result;
--- a/stb.spec
+++ b/stb.spec
@ -23,7 +23,7 @@ Name:           stb
 #   https://github.com/nothings/stb/issues/1101
 %global snapinfo .20220908git8b5f1f3
 Version:        0%{snapinfo}
-Release:        0.8
+Release:        0.10
 Summary:        Single-file public domain libraries for C/C++

 # See LICENSE.
@ -166,6 +166,17 @@ Patch:          1534.patch
 # Wild address read in stbi__gif_load_next (GHSL-2023-145/CVE-2023-45661)
 # https://github.com/nothings/stb/issues/1538
 Patch:          1539.patch
+
+# Fix multi-byte read heap buffer overflow in stbi__vertical_flip
+# https://github.com/nothings/stb/pull/1541
+#
+# Fixes:
+#
+# Multi-byte read heap buffer overflow in stbi__vertical_flip
+# (GHSL-2023-146/CVE-2023-45662)
+# https://github.com/nothings/stb/issues/1540
+Patch:          1541.patch
+
 # Fix disclosure of uninitialized memory in stbi__tga_load
 # https://github.com/nothings/stb/pull/1543
 #
@ -174,7 +185,7 @@ Patch:          1539.patch
 # Disclosure of uninitialized memory in stbi__tga_load
 # (GHSL-2023-147/CVE-2023-45663)
 # https://github.com/nothings/stb/issues/1542
-Patch:          %{url}/pull/1543.patch
+Patch:          1543.patch

 # Fix double-free in stbi__load_gif_main_outofmem
 # https://github.com/nothings/stb/pull/1545
@ -942,7 +953,10 @@ EOF


 %changelog
-* Tue Feb 27 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.7
+* Wed Feb 28 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.10
+- stb_image: fix GHSL-2023-146 / fix CVE-2023-45662
+
+* Tue Feb 27 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.9
 - stb_image: fix GHSL-2023-147 / fix CVE-2023-45663

 * Thu Nov 23 2023 douyan <douyan@kylinos.cn> - 0.20220908git8b5f1f3-0.8