stb_vorbis: fix CVE-2023-45681 (integer overflow.)

Based on patch by Jaroslav Lobačevski (@JarLob) submitted to mainstream at nothings/stb#1559 GHSL-2023-171/CVE-2023-45681: Out of bounds heap buffer write
icculus · Dec 11, 2023 · f04567f · f04567f
1 parent 09996c4
commit f04567f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/stb_vorbis.h b/src/stb_vorbis.h
@@ -3747,9 +3747,12 @@ static int start_decoder(vorb *f)
    f->comment_list = NULL;
    if (f->comment_list_length > 0)
    {
+      if (INT_MAX / sizeof(char*) < f->comment_list_length)
+          goto no_comment;
       len = sizeof(char*) * f->comment_list_length;
       f->comment_list = (char**) setup_malloc(f, len);
       if (f->comment_list == NULL) {
+         no_comment:
          f->comment_list_length = 0;
          return error(f, VORBIS_outofmem);
       }