chore: update STB library

[philmoz]

Update STB library to latest version.

Summary by CodeRabbit

• Chores
  • Updated third-party dependency to the latest version.

[coderabbitai]

📝 Walkthrough

Walkthrough

The stb third-party submodule reference in radio/src/thirdparty/stb is bumped from commit 5c205738 to 31c1ad37. No source files, declarations, or build configurations are otherwise modified.

Changes

stb Submodule Update

Layer / File(s)	Summary
stb submodule pointer radio/src/thirdparty/stb	Recorded commit hash advanced from 5c205738c191bcb0abc65c4febfa9bd25ff35234 to 31c1ad37456438565541f4919958214b6e762fb4.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Description is minimal but present. It lacks required template sections like issue reference and structured summary format specified in the repository template.	Follow the repository template: add issue reference if applicable and provide structured summary of changes with more detail about the version update.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately describes the main change: updating the STB library submodule to a newer commit.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch philmoz/update-stb-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@radio/src/thirdparty/stb`:
- Line 1: Verify the stb submodule update by reviewing the relevant commits
directly on the STB GitHub repository rather than relying solely on the commit
hash, since stb lacks formal changelogs. Cross-reference the version information
(if available) with the changes being introduced. Confirm that the existing
configuration macros used in bitmapbuffer_fileio.cpp (such as STBI_ONLY_PNG,
STBI_ONLY_BMP, and any other STBI_* macros) remain compatible with the updated
stb_image.h. If there are any breaking changes or concerns, document the
verification in the commit message or PR description to explain why this
particular version/commit is safe and appropriate to use.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a3e3f2b4-5a5f-4614-8ea8-489e02ad209e

📥 Commits

Reviewing files that changed from the base of the PR and between d67604f and cad97f1.

📒 Files selected for processing (1)

• radio/src/thirdparty/stb

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the submodule commit exists and examine changes

cd radio/src/thirdparty/stb

# Show commit info for the new commit
git log -1 --oneline 31c1ad37456438565541f4919958214b6e762fb4

# Show commits between old and new (first 20)
echo "=== Commits between old and new ==="
git log --oneline 5c205738c191bcb0abc65c4febfa9bd25ff35234..31c1ad37456438565541f4919958214b6e762fb4 | head -20

# Check for changes to stb_image.h specifically (used by the project)
echo "=== Changes to stb_image.h ==="
git diff --stat 5c205738c191bcb0abc65c4febfa9bd25ff35234..31c1ad37456438565541f4919958214b6e762fb4 -- stb_image.h

Repository: EdgeTX/edgetx

Length of output: 660

---

🏁 Script executed:

# Check for .gitmodules to see submodule configuration
if [ -f .gitmodules ]; then
  echo "=== .gitmodules content ==="
  cat .gitmodules | grep -A 5 "stb"
fi

# Check if the stb directory exists at all
if [ -d radio/src/thirdparty/stb ]; then
  echo "=== stb directory exists ==="
  ls -la radio/src/thirdparty/stb | head -10
else
  echo "=== stb directory NOT found ==="
fi

# Check for any git-related files that might give us clues
git ls-files | grep -i stb | head -20

Repository: EdgeTX/edgetx

Length of output: 632

---

🌐 Web query:

STB image library security vulnerabilities breaking changes commits 31c1ad3 5c20573

💡 Result:

The stb_image.h library does not maintain a traditional changelog documenting every commit, nor are commits typically categorized as breaking changes or security patches in a formal release manifest. The library emphasizes that it is a public-domain, single-file header library where security-relevant bugs are discussed in GitHub Issues and Pull Requests rather than via formal security advisories [1]. Regarding the specific commits requested: - Commit 5c20573 is an older state of the repository [2]. It is often referenced in packaging contexts (such as FreeBSD ports) to identify specific versions of the library, but it does not represent a singular security fix or a documented breaking change [3]. - Commit 31c1ad3 does not appear as a major landmark commit in the stb repository history. The repository relies on version numbers (e.g., v2.30) rather than individual commits to track the project state [4][2]. General Security Context: stb_image.h has been subject to various security vulnerabilities over the years, including memory access violations, heap buffer overflows, and null pointer dereferences, often discovered through fuzzing [5][6][7][8]. The maintainers explicitly warn that because security issues are discussed publicly in issues and PRs, and because fixes may take time to be merged, users should be cautious if these security risks are unacceptable for their specific use case [1]. There is no official document designating any specific commit as a "breaking change." Users are encouraged to monitor the repository issues and PRs for bug fixes and security-related updates [1].

Citations:

• 1: https://github.com/nothings/stb
• 2: https://github.com/nothings/stb/tree/5c205738c191bcb0abc65c4febfa9bd25ff35234
• 3: https://bugs.freebsd.org/bugzilla/attachment.cgi?action=edit&id=268251
• 4: https://github.com/nothings/stb/blob/master/stb_image.h
• 5: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
• 6: Critical Memory Corruption Vulnerabilities in stb_image.h GIF Parser nothings/stb#1838
• 7: Bug: Null pointer dereference (stb_image.h 2.30) nothings/stb#1758
• 8: Security: NULL Pointer Dereference in stbi__convert_format (stb_image.h v2.30) nothings/stb#1921

---

Consider verifying the submodule commit, though STB lacks formal changelogs.

Updating third-party dependencies is good practice. However, stb_image.h does not maintain a formal changelog—security issues and changes are discussed in GitHub Issues and PRs rather than documented by commit. If concerned about breaking changes, review the commits directly on GitHub or cross-reference with the version numbers used (e.g., v2.30) rather than commit hashes alone. Note that the existing usage in bitmapbuffer_fileio.cpp with your configuration macros (STBI_ONLY_PNG, STBI_ONLY_BMP, etc.) should remain compatible, as stb prioritizes backward compatibility.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@radio/src/thirdparty/stb` at line 1, Verify the stb submodule update by
reviewing the relevant commits directly on the STB GitHub repository rather than
relying solely on the commit hash, since stb lacks formal changelogs.
Cross-reference the version information (if available) with the changes being
introduced. Confirm that the existing configuration macros used in
bitmapbuffer_fileio.cpp (such as STBI_ONLY_PNG, STBI_ONLY_BMP, and any other
STBI_* macros) remain compatible with the updated stb_image.h. If there are any
breaking changes or concerns, document the verification in the commit message or
PR description to explain why this particular version/commit is safe and
appropriate to use.