Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452

nothings / stb

stb single-file public domain libraries for C/C++

https://twitter.com/nothings

Other

26.31k stars 7.69k forks source link

Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452 #1454

Open NBickford-NV opened 1 year ago

NBickford-NV commented 1 year ago

Hi stb maintainers!

I just saw issue #1452, and put together this pull request to fix it. When stbipic_load_core returns NULL, this code now frees the allocated image and returns 0 immediately, instead of passing a null pointer to `stbiconvert_format()`.

Thanks!

musicinmybrain commented 1 year ago

Thank you! I have just applied this as a downstream patch in Fedora Linux.

NBickford-NV commented 1 year ago

That's amazingly fast, thank you Ben! (I figured I'd send you an email later this morning since I remember you saw and applied the earlier stb_image patches, but you beat me to it!)

NBickford-NV commented 11 months ago

Tracking CVE numbers: this is a patch for https://nvd.nist.gov/vuln/detail/CVE-2023-43898 ((#1521).