From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 55AE64BAF0
	for <ffmpegdev@gitmailbox.com>; Mon,  3 Mar 2025 02:48:41 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 98D5F68E434;
	Mon,  3 Mar 2025 04:48:27 +0200 (EET)
Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7ED4568E416
 for <ffmpeg-devel@ffmpeg.org>; Mon,  3 Mar 2025 04:48:21 +0200 (EET)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4Z5jtC272Gz9s01;
 Mon,  3 Mar 2025 03:48:19 +0100 (CET)
To: ffmpeg-devel@ffmpeg.org
Date: Sun,  2 Mar 2025 20:48:09 -0600
Message-ID: <20250303024809.1661352-2-yogi@velingker.com>
In-Reply-To: <20250303024809.1661352-1-yogi@velingker.com>
References: <20250303024809.1661352-1-yogi@velingker.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 2/2] avfilter/drawtext: fix memory bugs
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
From: Yogeshwar Velingker via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Yogeshwar Velingker <yogi@velingker.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250303024809.1661352-2-yogi@velingker.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Check for malloc failures, and fix error paths that leak memory.

Signed-off-by: Yogeshwar Velingker <yogi@velingker.com>
---
 libavfilter/vf_drawtext.c | 47 +++++++++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 17 deletions(-)

diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
index 8bf5a3cd49..62aeb272f3 100644
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -1447,7 +1447,16 @@ continue_on_failed:
 
     s->line_count = line_count;
     s->lines = av_mallocz(line_count * sizeof(TextLine));
+    if (!s->lines) {
+        ret = AVERROR(ENOMEM);
+        goto done;
+    }
+
     s->tab_clusters = av_mallocz(s->tab_count * sizeof(uint32_t));
+    if (!s->tab_clusters) {
+        ret = AVERROR(ENOMEM);
+        goto done;
+    }
     for (i = 0; i < s->tab_count; ++i) {
         s->tab_clusters[i] = -1;
     }
@@ -1732,6 +1741,10 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
         TextLine *line = &s->lines[l];
         HarfbuzzData *hb = &line->hb_data;
         line->glyphs = av_mallocz(hb->glyph_count * sizeof(GlyphInfo));
+        if (!line->glyphs) {
+            ret = AVERROR(ENOMEM);
+            goto done;
+        }
 
         for (int t = 0; t < hb->glyph_count; ++t) {
             GlyphInfo *g_info = &line->glyphs[t];
@@ -1747,9 +1760,9 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
             shift_y64 = ((4 - (((y64 + true_y) >> 4) & 0b0011)) & 0b0011) << 4;
 
             ret = load_glyph(ctx, &glyph, hb->glyph_info[t].codepoint, shift_x64, shift_y64);
-            if (ret != 0) {
-                return ret;
-            }
+            if (ret != 0)
+                goto done;
+
             g_info->code = hb->glyph_info[t].codepoint;
             g_info->x = (x64 + true_x) >> 6;
             g_info->y = ((y64 + true_y) >> 6) + (shift_y64 > 0 ? 1 : 0);
@@ -1809,31 +1822,31 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
 
         if (s->shadowx || s->shadowy) {
             if ((ret = draw_glyphs(s, frame, &shadowcolor, &metrics,
-                    s->shadowx, s->shadowy, s->borderw)) < 0) {
-                return ret;
-            }
+                    s->shadowx, s->shadowy, s->borderw)) < 0)
+                goto done;
         }
 
         if (s->borderw) {
             if ((ret = draw_glyphs(s, frame, &bordercolor, &metrics,
-                    0, 0, s->borderw)) < 0) {
-                return ret;
-            }
+                    0, 0, s->borderw)) < 0)
+                goto done;
         }
 
         if ((ret = draw_glyphs(s, frame, &fontcolor, &metrics, 0,
-                0, 0)) < 0) {
-            return ret;
-        }
+                0, 0)) < 0)
+            goto done;
     }
 
+done:
     // FREE data structures
-    for (int l = 0; l < s->line_count; ++l) {
-        TextLine *line = &s->lines[l];
-        av_freep(&line->glyphs);
-        hb_destroy(&line->hb_data);
+    if (s->lines) {
+        for (int l = 0; l < s->line_count; ++l) {
+            TextLine *line = &s->lines[l];
+            av_freep(&line->glyphs);
+            hb_destroy(&line->hb_data);
+        }
+        av_freep(&s->lines);
     }
-    av_freep(&s->lines);
     av_freep(&s->tab_clusters);
 
     return 0;
-- 
2.47.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".