opensource/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-05-17 06:58:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

libavfilter: guard against ff_draw_init/ff_draw_init2 failures

Browse Source 
The return value of ff_draw_init and ff_draw_init2 are not checked in
most usages. However, if they return an error, they don't get to the
point where they set the attributes of the FFDrawContext. These
functions are typically used in conjunction with ff_draw_color, which
checks draw->desc->flags, causing a null pointer dereference.

Signed-off-by: Nil Fons Miret <nilf@netflix.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Nil Fons Miret
2025-02-21 01:18:21 +00:00
committed by Michael Niedermayer
parent bdc07f372a
commit 9899da8175
12 changed files with 109 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
libavfilter/qrencode.c
View File

@ -636,11 +636,20 @@ static int qrencodesrc_config_props(AVFilterLink *outlink)
return AVERROR(EINVAL);
}
ff_draw_init(&qr->draw, AV_PIX_FMT_ARGB, FF_DRAW_PROCESS_ALPHA);
ret = ff_draw_init(&qr->draw, AV_PIX_FMT_ARGB, FF_DRAW_PROCESS_ALPHA);
if (ret < 0) {
// This call using constants should not fail. Checking its error code for completeness.
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&qr->draw, &qr->draw_foreground_color, (const uint8_t *)&qr->foreground_color);
ff_draw_color(&qr->draw, &qr->draw_background_color, (const uint8_t *)&qr->background_color);
ff_draw_init2(&qr->draw0, outlink->format, outlink->colorspace, outlink->color_range, FF_DRAW_PROCESS_ALPHA);
ret = ff_draw_init2(&qr->draw0, outlink->format, outlink->colorspace, outlink->color_range, FF_DRAW_PROCESS_ALPHA);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&qr->draw0, &qr->draw0_background_color, (const uint8_t *)&qr->background_color);
outlink->w = qr->rendered_padded_qrcode_width;
@ -734,8 +743,12 @@ static int qrencode_config_input(AVFilterLink *inlink)
qr->is_source = 0;
ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range,
FF_DRAW_PROCESS_ALPHA);
ret = ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range,
FF_DRAW_PROCESS_ALPHA);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
V(W) = V(main_w) = inlink->w;
V(H) = V(main_h) = inlink->h;
@ -764,8 +777,12 @@ static int qrencode_config_input(AVFilterLink *inlink)
PARSE_EXPR(rendered_qrcode_width);
PARSE_EXPR(rendered_padded_qrcode_width);
ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range,
ret = ff_draw_init2(&qr->draw, inlink->format, inlink->colorspace, inlink->color_range,
FF_DRAW_PROCESS_ALPHA);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&qr->draw, &qr->draw_foreground_color, (const uint8_t *)&qr->foreground_color);
ff_draw_color(&qr->draw, &qr->draw_background_color, (const uint8_t *)&qr->background_color);

7
libavfilter/src_avsynctest.c
View File

@ -147,6 +147,7 @@ static av_cold int config_props(AVFilterLink *outlink)
FilterLink *l = ff_filter_link(outlink);
AVFilterContext *ctx = outlink->src;
AVSyncTestContext *s = ctx->priv;
int ret;
outlink->w = s->w;
outlink->h = s->h;
@ -160,7 +161,11 @@ static av_cold int config_props(AVFilterLink *outlink)
s->dir = 1;
s->prev_intpart = INT64_MIN;
ff_draw_init2(&s->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
ret = ff_draw_init2(&s->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->fg, s->rgba[0]);
ff_draw_color(&s->draw, &s->bg, s->rgba[1]);

31
libavfilter/vf_datascope.c
View File

@ -382,11 +382,18 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
static int config_input(AVFilterLink *inlink)
{
DatascopeContext *s = inlink->dst->priv;
AVFilterContext *ctx = inlink->dst;
DatascopeContext *s = ctx->priv;
uint8_t alpha = s->opacity * 255;
int ret;
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
ret = ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->white, (uint8_t[]){ 255, 255, 255, 255} );
ff_draw_color(&s->draw, &s->black, (uint8_t[]){ 0, 0, 0, alpha} );
ff_draw_color(&s->draw, &s->yellow, (uint8_t[]){ 255, 255, 0, 255} );
@ -509,10 +516,16 @@ AVFILTER_DEFINE_CLASS(pixscope);
static int pixscope_config_input(AVFilterLink *inlink)
{
PixscopeContext *s = inlink->dst->priv;
AVFilterContext *ctx = inlink->dst;
PixscopeContext *s = ctx->priv;
int ret;
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
ff_draw_init(&s->draw, inlink->format, 0);
ret = ff_draw_init(&s->draw, inlink->format, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->dark, (uint8_t[]){ 0, 0, 0, s->o * 255} );
ff_draw_color(&s->draw, &s->black, (uint8_t[]){ 0, 0, 0, 255} );
ff_draw_color(&s->draw, &s->white, (uint8_t[]){ 255, 255, 255, 255} );
@ -927,11 +940,17 @@ static void update_oscilloscope(AVFilterContext *ctx)
static int oscilloscope_config_input(AVFilterLink *inlink)
{
OscilloscopeContext *s = inlink->dst->priv;
AVFilterContext *ctx = inlink->dst;
OscilloscopeContext *s = ctx->priv;
int size;
int ret;
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
ff_draw_init(&s->draw, inlink->format, 0);
ret = ff_draw_init(&s->draw, inlink->format, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->black, (uint8_t[]){ 0, 0, 0, 255} );
ff_draw_color(&s->draw, &s->white, (uint8_t[]){ 255, 255, 255, 255} );
ff_draw_color(&s->draw, &s->green, (uint8_t[]){ 0, 255, 0, 255} );

6
libavfilter/vf_drawtext.c
View File

@ -1156,7 +1156,11 @@ static int config_input(AVFilterLink *inlink)
char *expr;
int ret;
ff_draw_init2(&s->dc, inlink->format, inlink->colorspace, inlink->color_range, FF_DRAW_PROCESS_ALPHA);
ret = ff_draw_init2(&s->dc, inlink->format, inlink->colorspace, inlink->color_range, FF_DRAW_PROCESS_ALPHA);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->dc, &s->fontcolor, s->fontcolor.rgba);
ff_draw_color(&s->dc, &s->shadowcolor, s->shadowcolor.rgba);
ff_draw_color(&s->dc, &s->bordercolor, s->bordercolor.rgba);

6
libavfilter/vf_pad.c
View File

@ -114,7 +114,11 @@ static int config_input(AVFilterLink *inlink)
double var_values[VARS_NB], res;
char *expr;
ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
ret = ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->color, s->rgba_color);
var_values[VAR_IN_W] = var_values[VAR_IW] = inlink->w;

7
libavfilter/vf_shear.c
View File

@ -250,6 +250,7 @@ static int config_output(AVFilterLink *outlink)
AVFilterContext *ctx = outlink->src;
ShearContext *s = ctx->priv;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(outlink->format);
int ret;
s->nb_planes = av_pix_fmt_count_planes(outlink->format);
s->depth = desc->comp[0].depth;
@ -260,7 +261,11 @@ static int config_output(AVFilterLink *outlink)
s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(ctx->inputs[0]->h, desc->log2_chroma_h);
s->planeheight[0] = s->planeheight[3] = ctx->inputs[0]->h;
ff_draw_init2(&s->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
ret = ff_draw_init2(&s->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->color, s->fillcolor);
s->filter_slice[0] = s->depth <= 8 ? filter_slice_nn8 : filter_slice_nn16;

6
libavfilter/vf_stack.c
View File

@ -312,7 +312,11 @@ static int config_output(AVFilterLink *outlink)
if (s->fillcolor_enable) {
const AVFilterLink *inlink = ctx->inputs[0];
ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
ret = ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->color, s->fillcolor);
}

16
libavfilter/vf_subtitles.c
View File

@ -182,12 +182,18 @@ static int query_formats(const AVFilterContext *ctx,
static int config_input(AVFilterLink *inlink)
{
AssContext *ass = inlink->dst->priv;
AVFilterContext *ctx = inlink->dst;
AssContext *ass = ctx->priv;
int ret;
ff_draw_init2(&ass->draw, inlink->format,
ass_get_color_space(ass->track->YCbCrMatrix, inlink->colorspace),
ass_get_color_range(ass->track->YCbCrMatrix, inlink->color_range),
ass->alpha ? FF_DRAW_PROCESS_ALPHA : 0);
ret = ff_draw_init2(&ass->draw, inlink->format,
ass_get_color_space(ass->track->YCbCrMatrix, inlink->colorspace),
ass_get_color_range(ass->track->YCbCrMatrix, inlink->color_range),
ass->alpha ? FF_DRAW_PROCESS_ALPHA : 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ass_set_frame_size (ass->renderer, inlink->w, inlink->h);
if (ass->original_w && ass->original_h) {

7
libavfilter/vf_tile.c
View File

@ -128,6 +128,7 @@ static int config_props(AVFilterLink *outlink)
FilterLink *ol = ff_filter_link(outlink);
const unsigned total_margin_w = (tile->w - 1) * tile->padding + 2*tile->margin;
const unsigned total_margin_h = (tile->h - 1) * tile->padding + 2*tile->margin;
int ret;
if (inlink->w > (INT_MAX - total_margin_w) / tile->w) {
av_log(ctx, AV_LOG_ERROR, "Total width %ux%u is too much.\n",
@ -143,7 +144,11 @@ static int config_props(AVFilterLink *outlink)
outlink->h = tile->h * inlink->h + total_margin_h;
outlink->sample_aspect_ratio = inlink->sample_aspect_ratio;
ol->frame_rate = av_mul_q(il->frame_rate, av_make_q(1, tile->nb_frames - tile->overlap));
ff_draw_init2(&tile->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
ret = ff_draw_init2(&tile->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&tile->draw, &tile->blank, tile->rgba_color);
return 0;

6
libavfilter/vf_tinterlace.c
View File

@ -228,7 +228,11 @@ static int config_out_props(AVFilterLink *outlink)
if (tinterlace->mode == MODE_PAD) {
uint8_t black[4] = { 0, 0, 0, 16 };
ff_draw_init2(&tinterlace->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
ret = ff_draw_init2(&tinterlace->draw, outlink->format, outlink->colorspace, outlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&tinterlace->draw, &tinterlace->color, black);
/* limited range */
if (!ff_fmt_is_in(outlink->format, full_scale_yuvj_pix_fmts)) {

7
libavfilter/vf_tpad.c
View File

@ -206,9 +206,14 @@ static int config_input(AVFilterLink *inlink)
AVFilterContext *ctx = inlink->dst;
FilterLink *l = ff_filter_link(inlink);
TPadContext *s = ctx->priv;
int ret;
if (needs_drawing(s)) {
ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
ret = ff_draw_init2(&s->draw, inlink->format, inlink->colorspace, inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&s->draw, &s->color, s->rgba_color);
}

9
libavfilter/vsrc_testsrc.c
View File

@ -262,8 +262,13 @@ static int color_config_props(AVFilterLink *inlink)
TestSourceContext *test = ctx->priv;
int ret;
ff_draw_init2(&test->draw, inlink->format, inlink->colorspace,
inlink->color_range, 0);
ret = ff_draw_init2(&test->draw, inlink->format, inlink->colorspace,
inlink->color_range, 0);
if (ret < 0) {
av_log(ctx, AV_LOG_ERROR, "Failed to initialize FFDrawContext\n");
return ret;
}
ff_draw_color(&test->draw, &test->color, test->color_rgba);
if (av_image_check_size(test->w, test->h, 0, ctx) < 0)