Description: Fix CVE-2023-45681
Author: Abhijith PA <abhijith@debian.org>
Origin: https://github.com/nothings/stb/commit/3741e6fea656d3f1b9578d59f14d8945aea92a10.diff
Forwarded: not-needed
Last-Update: 2026-04-28

--- libstb-0.0~git20200713.b42009b+ds.orig/stb_vorbis.c
+++ libstb-0.0~git20200713.b42009b+ds/stb_vorbis.c
@@ -3642,6 +3642,10 @@ static int start_decoder(vorb *f)
    f->vendor[len] = (char)'\0';
    //user comments
    f->comment_list_length = get32_packet(f);
+   if (f->comment_list_length > INT_MAX / (int)sizeof(char*)) {
+      f->comment_list_length = 0;      
+      return error(f, VORBIS_outofmem);
+   }
    f->comment_list = (char**)setup_malloc(f, sizeof(char*) * (f->comment_list_length));
    if (f->comment_list == NULL)                     return error(f, VORBIS_outofmem);