diff --git a/1454.patch b/1454.patch new file mode 100644 index 0000000000000000000000000000000000000000..15bc577686672058b33daf4fc18aca33d1452c3b --- /dev/null +++ b/1454.patch @@ -0,0 +1,24 @@ +From 4e58258d8c434111fe2e8f1146ae0a72b0e8c554 Mon Sep 17 00:00:00 2001 +From: Neil Bickford +Date: Sat, 25 Feb 2023 05:13:25 -0800 +Subject: [PATCH] Fix nullptr dereference when a PIC file causes + stbi__pic_load_core to return 0, and the requested number of components to + stbi_load_from_memory is not 0 or 4 + +--- + stb_image.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/stb_image.h b/stb_image.h +index 5e807a0a6..7e6ddeefd 100644 +--- a/stb_image.h ++++ b/stb_image.h +@@ -6527,7 +6527,7 @@ static void *stbi__pic_load(stbi__context *s,int *px,int *py,int *comp,int req_c + + if (!stbi__pic_load_core(s,x,y,comp, result)) { + STBI_FREE(result); +- result=0; ++ return 0; + } + *px = x; + *py = y; diff --git a/stb.spec b/stb.spec index 058e7c1d486d4b08dfb8137712a6113f57cae7ab..39fb09672252722f06bac52090a2e6cdf616490a 100644 --- a/stb.spec +++ b/stb.spec @@ -23,7 +23,7 @@ Name: stb # https://github.com/nothings/stb/issues/1101 %global snapinfo .20220908git8b5f1f3 Version: 0%{snapinfo} -Release: 0.5 +Release: 0.6 Summary: Single-file public domain libraries for C/C++ # See LICENSE. @@ -113,6 +113,24 @@ Patch07: 1297.patch # https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24232&q=proj%3Dstb Patch08: 1230.patch +# Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452 +# https://github.com/nothings/stb/pull/1454 +# +# Fixes: +# +# NULL pointer dereference in the stb_image.h +# https://github.com/nothings/stb/issues/1452 +# NULL pointer derefence in PIC loading (CVE-2023-43898) +# https://github.com/nothings/stb/issues/1521 +# Null pointer dereference in stbi__convert_format (GHSL-2023-149) +# https://github.com/nothings/stb/issues/1546 +# +# An alternative and equivalent patch is: +# +# Fix Null pointer dereference in stbi__convert_format +# https://github.com/nothings/stb/pull/1547 +Patch: 1454.patch + %global stb_c_lexer_version 0.12 %global stb_connected_components_version 0.96 %global stb_divide_version 0.94 @@ -868,6 +886,9 @@ EOF %changelog +* Fri Nov 10 2023 peijiankang - 0.20220908git8b5f1f3-0.6 +- Document that 1454.patch fixes CVE-2023-43898 + * Thu Sep 14 2023 Darssin <2020303249@mail.nwpu.edu.cn> - 0.20220908git8b5f1f3-0.5 - del rpmautospec to fix eur build error and modify doc to help