From 3b491aa07c2c704b724921b1ef514c45d0153b89 Mon Sep 17 00:00:00 2001
From: Kevin Croft <krcroft@gmail.com>
Date: Wed, 4 Dec 2019 20:00:45 -0800
Subject: [PATCH] STB Vorbis: prevent division by zero in decode_resign if ch
 == 0

In the call to decode_residue:
  decode_residue(f, residue_buffers, ch, n2, r, do_not_decode);

The channel count is previously intialized as zero and incremented
based on a for-loop (f->channels) plus a conditional,
if (map->chan[j].mux == i).  If this doesn't happen then 'ch'
remains zero.

Once inside decode_residue(..), the code has three branches based
on channel count: stereo (ch == 2), mono (ch == 1), and then the
exception if it's neither of those (simple 'else').  It's in here
where a zero-valued 'ch' can be used as the denominator in these
calculations:
    int c_inter = z % ch
    p_inter = z/ch;

Obviously this 'else' branch is meant for channel counts greater
than two an not for zero channels; so this change simply makes
that branch only valid if (ch > 2).
---
 stb_vorbis.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stb_vorbis.c b/stb_vorbis.c
index fd02caf..3f43983 100644
--- a/stb_vorbis.c
+++ b/stb_vorbis.c
@@ -2170,7 +2170,7 @@ static void decode_residue(vorb *f, float *residue_buffers[], int ch, int n, int
                ++class_set;
                #endif
             }
-         } else {
+         } else if (ch > 2) {
             while (pcount < part_read) {
                int z = r->begin + pcount*r->part_size;
                int c_inter = z % ch, p_inter = z/ch;