[FFmpeg-devel] [PATCH 2/2] avfilter/drawtext: fix memory bugs
Yogeshwar Velingker
yogi at velingker.com
Mon Mar 3 04:48:09 EET 2025
Check for malloc failures, and fix error paths that leak memory.
Signed-off-by: Yogeshwar Velingker <yogi at velingker.com>
---
libavfilter/vf_drawtext.c | 47 +++++++++++++++++++++++++--------------
1 file changed, 30 insertions(+), 17 deletions(-)
diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
index 8bf5a3cd49..62aeb272f3 100644
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -1447,7 +1447,16 @@ continue_on_failed:
s->line_count = line_count;
s->lines = av_mallocz(line_count * sizeof(TextLine));
+ if (!s->lines) {
+ ret = AVERROR(ENOMEM);
+ goto done;
+ }
+
s->tab_clusters = av_mallocz(s->tab_count * sizeof(uint32_t));
+ if (!s->tab_clusters) {
+ ret = AVERROR(ENOMEM);
+ goto done;
+ }
for (i = 0; i < s->tab_count; ++i) {
s->tab_clusters[i] = -1;
}
@@ -1732,6 +1741,10 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
TextLine *line = &s->lines[l];
HarfbuzzData *hb = &line->hb_data;
line->glyphs = av_mallocz(hb->glyph_count * sizeof(GlyphInfo));
+ if (!line->glyphs) {
+ ret = AVERROR(ENOMEM);
+ goto done;
+ }
for (int t = 0; t < hb->glyph_count; ++t) {
GlyphInfo *g_info = &line->glyphs[t];
@@ -1747,9 +1760,9 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
shift_y64 = ((4 - (((y64 + true_y) >> 4) & 0b0011)) & 0b0011) << 4;
ret = load_glyph(ctx, &glyph, hb->glyph_info[t].codepoint, shift_x64, shift_y64);
- if (ret != 0) {
- return ret;
- }
+ if (ret != 0)
+ goto done;
+
g_info->code = hb->glyph_info[t].codepoint;
g_info->x = (x64 + true_x) >> 6;
g_info->y = ((y64 + true_y) >> 6) + (shift_y64 > 0 ? 1 : 0);
@@ -1809,31 +1822,31 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame)
if (s->shadowx || s->shadowy) {
if ((ret = draw_glyphs(s, frame, &shadowcolor, &metrics,
- s->shadowx, s->shadowy, s->borderw)) < 0) {
- return ret;
- }
+ s->shadowx, s->shadowy, s->borderw)) < 0)
+ goto done;
}
if (s->borderw) {
if ((ret = draw_glyphs(s, frame, &bordercolor, &metrics,
- 0, 0, s->borderw)) < 0) {
- return ret;
- }
+ 0, 0, s->borderw)) < 0)
+ goto done;
}
if ((ret = draw_glyphs(s, frame, &fontcolor, &metrics, 0,
- 0, 0)) < 0) {
- return ret;
- }
+ 0, 0)) < 0)
+ goto done;
}
+done:
// FREE data structures
- for (int l = 0; l < s->line_count; ++l) {
- TextLine *line = &s->lines[l];
- av_freep(&line->glyphs);
- hb_destroy(&line->hb_data);
+ if (s->lines) {
+ for (int l = 0; l < s->line_count; ++l) {
+ TextLine *line = &s->lines[l];
+ av_freep(&line->glyphs);
+ hb_destroy(&line->hb_data);
+ }
+ av_freep(&s->lines);
}
- av_freep(&s->lines);
av_freep(&s->tab_clusters);
return 0;
--
2.47.2
More information about the ffmpeg-devel
mailing list