vf_drawtext: Do not leak the mmapped textfile

author Luca Barbato <lu_zero@gentoo.org>

Fri, 17 Oct 2014 09:07:10 +0000 (10:07 +0100)

committer Vittorio Giovara <vittorio.giovara@gmail.com>

Mon, 12 Jan 2015 22:59:15 +0000 (23:59 +0100)
author Luca Barbato <lu_zero@gentoo.org>
Fri, 17 Oct 2014 09:07:10 +0000 (10:07 +0100)
committer Vittorio Giovara <vittorio.giovara@gmail.com>
Mon, 12 Jan 2015 22:59:15 +0000 (23:59 +0100)
diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c

index 892104d..d954fdf 100644 (file)
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -398,8 +398,11 @@ static av_cold int init(AVFilterContext *ctx)
              return err;
          }
  
-        if (!(s->text = av_malloc(textbuf_size+1)))
+        if (textbuf_size > SIZE_MAX - 1 ||
+            !(s->text = av_malloc(textbuf_size + 1))) {
+            av_file_unmap(textbuf, textbuf_size);
              return AVERROR(ENOMEM);
+        }
          memcpy(s->text, textbuf, textbuf_size);
          s->text[textbuf_size] = 0;
          av_file_unmap(textbuf, textbuf_size);
author	Luca Barbato <lu_zero@gentoo.org>
	Fri, 17 Oct 2014 09:07:10 +0000 (10:07 +0100)
committer	Vittorio Giovara <vittorio.giovara@gmail.com>
	Mon, 12 Jan 2015 22:59:15 +0000 (23:59 +0100)