:: commit 002bd363b47ce458cf2ba98810336b791487abcb
misc: Fix potential buffer overflow bug with our stb_image support code
diff --git a/ChangeLog b/ChangeLog
index 82d9105b..ba244d05 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
Noteworthy changes compared to the previous release, 9.2.0:
+ Bug fixes:
+ - Fix potential buffer overflow bug with our stb_image support code.
+
Miscellaneous:
- Dynamically allocate volume index instead of relying on a hard coded
limit and a fixed allocation. This fixes potential panics or failure
diff --git a/common/stb_image.patch b/common/stb_image.patch
index 0f3718d7..87f6f719 100644
--- a/common/stb_image.patch
+++ b/common/stb_image.patch
@@ -6,6 +6,7 @@
+#include <stddef.h>
+#include <lib/libc.h>
++#include <lib/misc.h>
+#include <mm/pmm.h>
+
+#define STBI_ASSERT(x)
@@ -34,8 +35,10 @@
+ void *STBI_REALLOC_buf = (x); \
+ size_t STBI_REALLOC_alloc_size = (y); \
+ void *STBI_REALLOC_new_buf = STBI_MALLOC(STBI_REALLOC_alloc_size); \
++ size_t STBI_REALLOC_old_size = *(size_t *)((void *)STBI_REALLOC_buf - 16); \
+ if (STBI_REALLOC_buf != NULL) { \
-+ memcpy(STBI_REALLOC_new_buf, STBI_REALLOC_buf, STBI_REALLOC_alloc_size); \
++ memcpy(STBI_REALLOC_new_buf, STBI_REALLOC_buf, \
++ MIN(STBI_REALLOC_alloc_size, STBI_REALLOC_old_size)); \
+ STBI_FREE(STBI_REALLOC_buf); \
+ } \
+ STBI_REALLOC_new_buf; \
@@ -45,9 +48,6 @@
+#define STBI_NO_STDIO
+#define STBI_NO_SIMD
+#define STBI_NO_LINEAR
-+
-+
-+
+#define STBI_ONLY_JPEG
+#define STBI_ONLY_PNG
+#define STBI_ONLY_BMP
