After ~5000 inputs, the Vorbis fuzzer found an input that exploits the issue rygorous describes in nothings#937 (comment) . This should be a fairly fast fix:

• Add a STB_VORBIS_MAX_PACKET_SIZE define, or something named similarly
• Check the length returned by this against it:

   //file vendor
   len = get32_packet(f);