From 608e8d8dd754199b657b439f9e722e0b45f84461 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Fri, 17 Oct 2014 10:07:10 +0100
Subject: [PATCH] vf_drawtext: Do not leak the mmapped textfile

And validate its size while at it.

CC: libav-stable@libav.org
Bug-Id: CID 1244189
---
 libavfilter/vf_drawtext.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
index 892104d..d954fdf 100644
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -398,8 +398,11 @@ static av_cold int init(AVFilterContext *ctx)
             return err;
         }
 
-        if (!(s->text = av_malloc(textbuf_size+1)))
+        if (textbuf_size > SIZE_MAX - 1 ||
+            !(s->text = av_malloc(textbuf_size + 1))) {
+            av_file_unmap(textbuf, textbuf_size);
             return AVERROR(ENOMEM);
+        }
         memcpy(s->text, textbuf, textbuf_size);
         s->text[textbuf_size] = 0;
         av_file_unmap(textbuf, textbuf_size);
-- 
2.7.4