From 6cd14660cfd65c2f8f5e7b5cc59fd10baaa5b1ea Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Wed, 23 Apr 2025 17:55:02 +0300
Subject: [PATCH] stb_image.h: apply mainstream PR/1736

Fix root-cause of CVE-2021-45340 : dereference of NULL ptr.
Patch authored by Henner Zeller <h.zeller@acm.org>
Mainstream pull request: https://github.com/nothings/stb/pull/1736

(cherry picked from commit b5ed0d0138a5467a3812af957c138b695bab31ed)
---
 src/video/stb_image.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/video/stb_image.h b/src/video/stb_image.h
index f22de1bbd7..f7c71015de 100644
--- a/src/video/stb_image.h
+++ b/src/video/stb_image.h
@@ -100,7 +100,7 @@ RECENT REVISION HISTORY:
  Bug & warning fixes
     Marc LeBlanc            David Woo          Guillaume George     Martins Mozeiko
     Christpher Lloyd        Jerry Jansson      Joseph Thomson       Blazej Dariusz Roszkowski
-    Phil Jordan                                Dave Moore           Roy Eltham
+    Phil Jordan             Henner Zeller      Dave Moore           Roy Eltham
     Hayaki Saito            Nathan Reed        Won Chun
     Luke Graham             Johan Duparc       Nick Verigakis       the Horde3D community
     Thomas Ruf              Ronny Chevalier                         github:rlyeh
@@ -1914,6 +1914,7 @@ static unsigned char *stbi__convert_format(unsigned char *data, int img_n, int r
    int i,j;
    unsigned char *good;
 
+   if (data == NULL) return data;
    if (req_comp == img_n) return data;
    STBI_ASSERT(req_comp >= 1 && req_comp <= 4);