The stbi__sbraw() macro in stb_image_write.h causes Clang to spew about 24
warnings complaining that "cast from 'unsigned char *' to 'int *' increases
required alignment from 1 to 4" when compiled with the -Wcast-align option.
In practice, this is spurious so long as STBIW_MALLOC() and STBIW_REALLOC()
follow the usual alignment semantics for malloc() and realloc() in that they
align sufficiently for any built-in type.
To quell the warning, we can cast through a void pointer as an intermediary.
CVE-2019-13217: heap buffer overflow in start_decoder()
CVE-2019-13218: stack buffer overflow in compute_codewords()
CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
CVE-2019-13220: out-of-range read in draw_line()
CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
CVE-2019-13222: unchecked NULL returned by get_window()
CVE-2019-13223: division by zero in predict_point()
When calling stbtt_PackFontRanges, multiple missing glyphs in the range
of codepoints will create multiple copies of the font's missing glyph to
be added to the pixel buffer. Instead, the first codepoint that maps to the missing glyph will add it to the pixel buffer, and all subsequent glyphs will simply copy the stbtt_packedchar data to reference the same region of the buffer.
This does NOT prevent duplication in multiple calls to stbtt_PackFontRange(s) - that would require modifying the packing context, which could be nice but is a bit more intrusive.
