From cbe01824698949b7208acd705da59614a1fe0b6b Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Fri, 1 Mar 2024 09:41:49 +0800
Subject: [PATCH] fix CVE-2023-45667

---
 ...-dereference-because-of-an-uninitial.patch | 27 +++++++++++++++++++
 stb.spec                                      | 16 ++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch

diff --git a/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch b/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
new file mode 100644
index 0000000..560178c
--- /dev/null
+++ b/0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
@@ -0,0 +1,27 @@
+From 800a684d6d3cae7ed2437a23496d9306c0dfa8dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 16:33:06 +0200
+Subject: [PATCH] Fix Null pointer dereference because of an uninitialized
+ variable
+
+Call `stbi__vertical_flip_slices` only if the previous function didn't fail. Fixes #1550
+---
+ stb_image.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stb_image.h b/stb_image.h
+index 49c53d0..de12c06 100644
+--- a/stb_image.h
++++ b/stb_image.h
+@@ -1446,7 +1446,7 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int *
+    stbi__start_mem(&s,buffer,len);
+ 
+    result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp);
+-   if (stbi__vertically_flip_on_load) {
++   if (stbi__vertically_flip_on_load && result) {
+       int channels = req_comp ? req_comp : *comp;
+       stbi__vertical_flip_slices( result, *x, *y, *z, channels );
+    }
+-- 
+2.41.0
+
diff --git a/stb.spec b/stb.spec
index cce0046..57cc19e 100644
--- a/stb.spec
+++ b/stb.spec
@@ -23,7 +23,7 @@ Name:           stb
 #   https://github.com/nothings/stb/issues/1101
 %global snapinfo .20220908git8b5f1f3
 Version:        0%{snapinfo}
-Release:        0.11
+Release:        0.12
 Summary:        Single-file public domain libraries for C/C++
 
 # See LICENSE.
@@ -211,6 +211,17 @@ Patch:        0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
 # https://github.com/nothings/stb/pull/1545.
 Patch:          0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
 
+# Fix Null pointer dereference because of an uninitialized variable
+# https://github.com/nothings/stb/pull/1551
+#
+# Fixes:
+#
+# Null pointer dereference because of an uninitialized variable
+# (GHSL-2023-151/CVE-2023-45667)
+# https://github.com/nothings/stb/issues/1550
+#
+# Rebased on top of https://github.com/nothings/stb/pull/1541.
+Patch:          0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
 
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
@@ -967,6 +978,9 @@ EOF
 
 
 %changelog
+* Fri Mar 01 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.12
+- stb_image: fix GHSL-2023-151 / fix CVE-2023-45667
+
 * Thu Feb 29 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.11
 - stb_image: fix GHSL-2023-150 / fix CVE-2023-45666
 
-- 
Gitee