From 608e8d8dd754199b657b439f9e722e0b45f84461 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Fri, 17 Oct 2014 10:07:10 +0100 Subject: [PATCH] vf_drawtext: Do not leak the mmapped textfile And validate its size while at it. CC: libav-stable@libav.org Bug-Id: CID 1244189 --- libavfilter/vf_drawtext.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index 892104dad..d954fdf2c 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -398,8 +398,11 @@ static av_cold int init(AVFilterContext *ctx) return err; } - if (!(s->text = av_malloc(textbuf_size+1))) + if (textbuf_size > SIZE_MAX - 1 || + !(s->text = av_malloc(textbuf_size + 1))) { + av_file_unmap(textbuf, textbuf_size); return AVERROR(ENOMEM); + } memcpy(s->text, textbuf, textbuf_size); s->text[textbuf_size] = 0; av_file_unmap(textbuf, textbuf_size); -- 2.34.1