diff options
| author | Nil Fons Miret <[email protected]> | 2025-02-21 01:18:21 +0000 |
|---|---|---|
| committer | Michael Niedermayer <[email protected]> | 2025-03-11 14:17:01 +0100 |
| commit | 9899da8175f059aa8bf21e45ad1b5e7cfd33b786 (patch) | |
| tree | 8fcde38cefed933102af93a7ef2057bcf76497f8 /libavfilter/qrencode.c | |
| parent | bdc07f372ac14ad9cb6d4f7f356d4c7a47c251fe (diff) | |
libavfilter: guard against ff_draw_init/ff_draw_init2 failures
The return value of ff_draw_init and ff_draw_init2 are not checked in
most usages. However, if they return an error, they don't get to the
point where they set the attributes of the FFDrawContext. These
functions are typically used in conjunction with ff_draw_color, which
checks draw->desc->flags, causing a null pointer dereference.
Signed-off-by: Nil Fons Miret <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
Diffstat (limited to 'libavfilter/qrencode.c')
| -rw-r--r-- | libavfilter/qrencode.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/libavfilter/qrencode.c b/libavfilter/qrencode.c index f96cc8dc93..8c09b605ad 100644 --- a/libavfilter/qrencode.c +++ b/libavfilter/qrencode.c @@ -636,11 +636,20 @@ static int qrencodesrc_config_props(AVFilterLink *outlink) return AVERROR(EINVAL); } - ff_draw_init(&qr->draw, AV_PIX_FMT_ARGB, FF_DRAW_PROCESS_ALPHA); + ret = ff_draw_init(&qr->draw, AV_PIX_FMT_ARGB, FF_DRAW_PROCESS_ALPHA); + if (ret < 0) { + // This call using constants should not fail. Checking its error code for completeness. + av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n"); + return ret; + } ff_draw_color(&qr->draw, &qr->draw_foreground_color, (const uint8_t *)&qr->foreground_color); ff_draw_color(&qr->draw, &qr->draw_background_color, (const uint8_t *)&qr->background_color); - ff_draw_init2(&qr->draw0, outlink->format, outlink->colorspace, outlink->color_range, FF_DRAW_PROCESS_ALPHA); + ret = ff_draw_init2(&qr->draw0, outlink->format, outlink->colorspace, outlink->color_range, FF_DRAW_PROCESS_ALPHA); + if (ret < 0) { + av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n"); + return ret; + } ff_draw_color(&qr->draw0, &qr->draw0_background_color, (const uint8_t *)&qr->background_color); outlink->w = qr->rendered_padded_qrcode_width; @@ -734,8 +743,12 @@ static int qrencode_config_input(AVFilterLink *inlink) qr->is_source = 0; - ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range, - FF_DRAW_PROCESS_ALPHA); + ret = ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range, + FF_DRAW_PROCESS_ALPHA); + if (ret < 0) { + av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n"); + return ret; + } V(W) = V(main_w) = inlink->w; V(H) = V(main_h) = inlink->h; @@ -764,8 +777,12 @@ static int qrencode_config_input(AVFilterLink *inlink) PARSE_EXPR(rendered_qrcode_width); PARSE_EXPR(rendered_padded_qrcode_width); - ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range, + ret = ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range, FF_DRAW_PROCESS_ALPHA); + if (ret < 0) { + av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n"); + return ret; + } ff_draw_color(&qr->draw, &qr->draw_foreground_color, (const uint8_t *)&qr->foreground_color); ff_draw_color(&qr->draw, &qr->draw_background_color, (const uint8_t *)&qr->background_color); |