On 01/08/15 20:46, Anton Khirnov wrote:
> Quoting Luca Barbato (2015-08-01 11:22:12)
>> And make sure to not have dangling pointers.
>> ---
>> libavfilter/vf_drawtext.c | 17 ++++++++++-------
>> 1 file changed, 10 insertions(+), 7 deletions(-)
>>
>> diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
>> index 15c994f..62993cf 100644
>> --- a/libavfilter/vf_drawtext.c
>> +++ b/libavfilter/vf_drawtext.c
>> @@ -524,28 +524,31 @@ static inline int is_newline(uint32_t c)
>> static int expand_strftime(DrawTextContext *s)
>> {
>> struct tm ltime;
>> - time_t now = time(0);
>> - uint8_t *buf = s->expanded_text;
>> - int buf_size = s->expanded_text_size;
>> + time_t now = time(0);
>> + uint8_t *buf = s->expanded_text;
>> + int64_t buf_size = s->expanded_text_size;
>
> Why signed?
I just needed something large enough, unsigned probably is a better idea.
>
>> + int ret;
>>
>> if (!buf)
>> buf_size = 2 * strlen(s->text) + 1;
>>
>> localtime_r(&now, <ime);
>>
>> - while ((buf = av_realloc(buf, buf_size))) {
>> + while ((ret = av_reallocp(&buf, buf_size)) >= 0) {
>> *buf = 1;
>> if (strftime(buf, buf_size, s->text, <ime) != 0 || *buf == 0)
>> break;
>> buf_size *= 2;
>> + if (buf_size > SIZE_MAX) {
>> + ret = AVERROR(EINVAL);
>> + break;
>> + }
>
> I think it'd be better to a standard overflow check before modifying
> buf_size and not assume some relationships between size_t and int64.
Sure.
> When buf is NULL, buf_size is still a random number. Better to
> explicitly write zero on failure here.
Yeah it is a better idea.
lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
