apply patch from @hzeller to fix the root cause of CVE-2021-45340 (#40)

* apply patch from @hzeller to fix the root cause of CVE-2021-45340

Signed-off-by: Cocoa <i@uwucocoa.moe>

Author: cocoa-xu

.github/workflows/ci.yml

@@ -71,7 +71,7 @@ jobs:
           mix test
 
   macos:
-    runs-on: macos-12
+    runs-on: macos-13
     env:
       MIX_ENV: test
       ELIXIR_VERSION: "1.16.2"

3rd_party/stb/stb_image.h

@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
  Bug & warning fixes
     Marc LeBlanc            David Woo          Guillaume George     Martins Mozeiko
     Christpher Lloyd        Jerry Jansson      Joseph Thomson       Blazej Dariusz Roszkowski
-    Phil Jordan                                Dave Moore           Roy Eltham
+    Phil Jordan             Henner Zeller      Dave Moore           Roy Eltham
     Hayaki Saito            Nathan Reed        Won Chun
     Luke Graham             Johan Duparc       Nick Verigakis       the Horde3D community
     Thomas Ruf              Ronny Chevalier                         github:rlyeh
@@ -1760,6 +1760,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
    int i,j;
    unsigned char *good;
 
+   if (data == NULL) return data;
    if (req_comp == img_n) return data;
    STBI_ASSERT(req_comp >= 1 && req_comp <= 4);
 

test/stb-issue-cve-2021-45340.gif

@@ -297,5 +297,11 @@ defmodule StbImageTest do
 
       assert decoded == expected
     end
+
+    test "CVE-2021-45340" do
+      assert_raise ArgumentError, "cannot decode image", fn ->
+        StbImage.read_file!(Path.join(__DIR__, "stb-issue-cve-2021-45340.gif"))
+      end
+    end
   end
 end