Jaroslav Lobačevski

It may look like [`stbi__load_gif_main`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045) doesn't give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning [1], it doesn't do...

Fixes #1544

A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the `out` variable. [1] ```cpp static void *stbi__load_gif_main_outofmem(stbi__gif *g, stbi_uc *out, int **delays) { STBI_FREE(g->out); STBI_FREE(g->history); STBI_FREE(g->background); if (out) STBI_FREE(out);...

The [`stbi__getn`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664) function reads a specified number of bytes from `context` (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero....

Fixes #1540

When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn't match the real number of components per pixel, the library attempts to flip the image...

Fixes #1531

It seems `layers` were forgotten to include in equation. Fixes #1538

A crafted image file may trigger out of bounds [`memcpy`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817) read in `stbi__gif_load_next`. This happens because [`two_back` points to a memory address lower than the start of the buffer `out`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022)....

A crafted file may trigger signed integer overflow in [`int v = FAST_SCALED_FLOAT_TO_INT(temp, f,15);`](https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L5285). The macro is defined as `#define FAST_SCALED_FLOAT_TO_INT(temp,x,s) (temp.f = (x) + MAGIC(s), temp.i - ADDEND(s))` and...