Skip to content

Commit 47cff74

Browse files
sezeroicculus
sezero
authored and
icculus
committed
stb_vorbis: fix CVE-2023-45682
Based on patch by Jaroslav Lobačevski (@JarLob) submitted to mainstream at nothings/stb#1560 GHSL-2023-172/CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
1 parent 013c59c commit 47cff74

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/codecs/stb_vorbis/stb_vorbis.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1840,7 +1840,7 @@ static int codebook_decode_scalar(vorb *f, Codebook *c)
18401840

18411841
#define DECODE(var,f,c) \
18421842
DECODE_RAW(var,f,c) \
1843-
if (c->sparse) var = c->sorted_values[var];
1843+
if (c->sparse && var >= 0) var = c->sorted_values[var];
18441844

18451845
#ifndef STB_VORBIS_DIVIDES_IN_CODEBOOK
18461846
#define DECODE_VQ(var,f,c) DECODE_RAW(var,f,c)

0 commit comments

Comments
 (0)