From a64c256c37ed6e1176d84ae96ff6ddcda9efdc83 Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Fri, 8 Mar 2024 15:22:32 +0800
Subject: [PATCH] fix CVE-2023-45675

(cherry picked from commit ebf58542c0a905670c4d964bb1e616653187ff8a)
---
 1553.patch | 22 ++++++++++++++++++++++
 stb.spec   | 17 ++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 1553.patch

diff --git a/1553.patch b/1553.patch
new file mode 100644
index 0000000..b055715
--- /dev/null
+++ b/1553.patch
@@ -0,0 +1,22 @@
+From 746d207256ef408d92112a13a75aa8a42df6753f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 16:39:06 +0200
+Subject: [PATCH] Fix  `0` byte write heap buffer overflow in `start_decoder`
+
+Fixes #1552
+---
+ stb_vorbis.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/stb_vorbis.c b/stb_vorbis.c
+index 3e5c2504c0..8bc21de6b7 100644
+--- a/stb_vorbis.c
++++ b/stb_vorbis.c
+@@ -952,6 +952,7 @@ static void *setup_malloc(vorb *f, int sz)
+    sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
+    f->setup_memory_required += sz;
+    if (f->alloc.alloc_buffer) {
++      if (sz == 0) return NULL;
+       void *p = (char *) f->alloc.alloc_buffer + f->setup_offset;
+       if (f->setup_offset + sz > f->temp_offset) return NULL;
+       f->setup_offset += sz;
diff --git a/stb.spec b/stb.spec
index 57cc19e..2fa1700 100644
--- a/stb.spec
+++ b/stb.spec
@@ -23,7 +23,7 @@ Name:           stb
 #   https://github.com/nothings/stb/issues/1101
 %global snapinfo .20220908git8b5f1f3
 Version:        0%{snapinfo}
-Release:        0.12
+Release:        0.13
 Summary:        Single-file public domain libraries for C/C++
 
 # See LICENSE.
@@ -223,6 +223,18 @@ Patch:          0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
 # Rebased on top of https://github.com/nothings/stb/pull/1541.
 Patch:          0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
 
+# Fix 0 byte write heap buffer overflow in start_decoder
+# https://github.com/nothings/stb/pull/1553
+#
+# Fixes:
+#
+# 0 byte write heap buffer overflow in start_decoder
+# (GHSL-2023-165/CVE-2023-45675)
+# https://github.com/nothings/stb/issues/1552
+Patch:          %{url}/pull/1553.patch
+
+%global stb_c_lexer_version 0.12
+%global stb_connected_components_version 0.96
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
 %global stb_divide_version 0.94
@@ -978,6 +990,9 @@ EOF
 
 
 %changelog
+* Fri Mar 08 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.13
+- stb_vorbis: fix GHSL-2023-165 / fix CVE-2023-45675
+
 * Fri Mar 01 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.12
 - stb_image: fix GHSL-2023-151 / fix CVE-2023-45667
 
-- 
Gitee