SDL_mixer: stb_vorbis: apply CVE-2023-45676/CVE-2023-45677 fix to setup_temp_malloc (fbdce)

From fbdce6b390afdd07ecd558da727ef430a63e6596 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Mon, 11 Dec 2023 11:37:02 +0300
Subject: [PATCH] stb_vorbis: apply CVE-2023-45676/CVE-2023-45677 fix to
 setup_temp_malloc

(c.f.: https://github.com/nothings/stb/issues/1248,
       https://github.com/nothings/stb/pull/1554 ,
       https://github.com/nothings/stb/pull/1555 )
---
 src/codecs/stb_vorbis/stb_vorbis.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/codecs/stb_vorbis/stb_vorbis.h b/src/codecs/stb_vorbis/stb_vorbis.h
index 6944dbc4..1b7607d4 100644
--- a/src/codecs/stb_vorbis/stb_vorbis.h
+++ b/src/codecs/stb_vorbis/stb_vorbis.h
@@ -974,6 +974,8 @@ static int error(vorb *f, enum STBVorbisError e)
 // given a sufficiently large block of memory, make an array of pointers to subblocks of it
 static void *make_block_array(void *mem, int count, int size)
 {
+  if (!mem) return NULL;
+  else {
    int i;
    void ** p = (void **) mem;
    char *q = (char *) (p + count);
@@ -982,6 +984,7 @@ static void *make_block_array(void *mem, int count, int size)
       q += size;
    }
    return p;
+  }
 }
 
 static void *setup_malloc(vorb *f, int sz)
@@ -1006,6 +1009,7 @@ static void setup_free(vorb *f, void *p)
 
 static void *setup_temp_malloc(vorb *f, int sz)
 {
+   if (sz <= 0 || INT_MAX - 7 < sz) return NULL;
    sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
    if (f->alloc.alloc_buffer) {
       if (f->temp_offset - sz < f->setup_offset) return NULL;