SDL_mixer: stb_vorbis: fix CVE-2023-45676 and CVE-2023-45677.

From 6673679ac6ff53fa3a852a9acd49ab2531bfb6c4 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Mon, 11 Dec 2023 05:50:02 +0300
Subject: [PATCH] stb_vorbis: fix CVE-2023-45676 and CVE-2023-45677.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on the patches by Jaroslav Lobačevski (@JarLob) submitted
to mainstream at: https://github.com/nothings/stb/pull/1554 and
https://github.com/nothings/stb/pull/1555

GHSL-2023-166/CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
GHSL-2023-167/CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
---
 src/codecs/stb_vorbis/stb_vorbis.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/codecs/stb_vorbis/stb_vorbis.h b/src/codecs/stb_vorbis/stb_vorbis.h
index 9e59df2c..cf454279 100644
--- a/src/codecs/stb_vorbis/stb_vorbis.h
+++ b/src/codecs/stb_vorbis/stb_vorbis.h
@@ -986,6 +986,7 @@ static void *make_block_array(void *mem, int count, int size)
 
 static void *setup_malloc(vorb *f, int sz)
 {
+   if (sz < 0 || INT_MAX - 7 < sz) return NULL;
    sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
    f->setup_memory_required += sz;
    if (f->alloc.alloc_buffer) {