From 38c5b84844574306dfe6f00bd3bcb81447efe138 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 23 Apr 2025 17:50:10 +0300
Subject: [PATCH] stb_image.h: apply mainstream PR/1736
Fix root-cause of CVE-2021-45340 : dereference of NULL ptr.
Patch authored by Henner Zeller <h.zeller@acm.org>
Mainstream pull request: https://github.com/nothings/stb/pull/1736
(cherry picked from commit d345579624ebb60882500c0eabc0aa17122e286b)
---
src/stb_image.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/stb_image.h b/src/stb_image.h
index 7147a7a1..6daf9eab 100644
--- a/src/stb_image.h
+++ b/src/stb_image.h
@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
Bug & warning fixes
Marc LeBlanc David Woo Guillaume George Martins Mozeiko
Christpher Lloyd Jerry Jansson Joseph Thomson Blazej Dariusz Roszkowski
- Phil Jordan Dave Moore Roy Eltham
+ Phil Jordan Henner Zeller Dave Moore Roy Eltham
Hayaki Saito Nathan Reed Won Chun
Luke Graham Johan Duparc Nick Verigakis the Horde3D community
Thomas Ruf Ronny Chevalier github:rlyeh
@@ -1895,6 +1895,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
int i,j;
unsigned char *good;
+ if (data == NULL) return data;
if (req_comp == img_n) return data;
STBI_ASSERT(req_comp >= 1 && req_comp <= 4);