From 6cd14660cfd65c2f8f5e7b5cc59fd10baaa5b1ea Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 23 Apr 2025 17:55:02 +0300
Subject: [PATCH] stb_image.h: apply mainstream PR/1736
Fix root-cause of CVE-2021-45340 : dereference of NULL ptr.
Patch authored by Henner Zeller <h.zeller@acm.org>
Mainstream pull request: https://github.com/nothings/stb/pull/1736
(cherry picked from commit b5ed0d0138a5467a3812af957c138b695bab31ed)
---
src/video/stb_image.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/video/stb_image.h b/src/video/stb_image.h
index f22de1bbd77ee..f7c71015def71 100644
--- a/src/video/stb_image.h
+++ b/src/video/stb_image.h
@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
Bug & warning fixes
Marc LeBlanc David Woo Guillaume George Martins Mozeiko
Christpher Lloyd Jerry Jansson Joseph Thomson Blazej Dariusz Roszkowski
- Phil Jordan Dave Moore Roy Eltham
+ Phil Jordan Henner Zeller Dave Moore Roy Eltham
Hayaki Saito Nathan Reed Won Chun
Luke Graham Johan Duparc Nick Verigakis the Horde3D community
Thomas Ruf Ronny Chevalier github:rlyeh
@@ -1914,6 +1914,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
int i,j;
unsigned char *good;
+ if (data == NULL) return data;
if (req_comp == img_n) return data;
STBI_ASSERT(req_comp >= 1 && req_comp <= 4);