This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 425b858266ce0eaf98e753cc41207560fea82a28 Author: Michael Niedermayer <[email protected]> AuthorDate: Sun May 17 13:49:39 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:05 2026 +0200 avfilter/vf_drawtext: avoid double-free of aliased FT_Glyph in glyph_enu_free For glyphs whose source is already in bitmap form (color emoji fonts such as NotoColorEmoji.ttf), FT_Glyph_To_Bitmap(..., destroy=0) returns the input pointer unchanged. The result is that glyph->bglyph[idx] aliases glyph->glyph (and analogously border_bglyph[t] may alias border_glyph). glyph_enu_free then called FT_Done_Glyph on both, double-freeing the underlying object. Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9efca1d94634c36499ca6e9ff37bddc94a61d605) Signed-off-by: Michael Niedermayer <[email protected]> --- libavfilter/vf_drawtext.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index ec344cd6ac..2360db0ff5 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -1108,16 +1108,17 @@ static int glyph_enu_free(void *opaque, void *elem) { Glyph *glyph = elem; - FT_Done_Glyph(glyph->glyph); - FT_Done_Glyph(glyph->border_glyph); for (int t = 0; t < 16; ++t) { - if (glyph->bglyph[t] != NULL) { - FT_Done_Glyph((FT_Glyph)glyph->bglyph[t]); - } - if (glyph->border_bglyph[t] != NULL) { - FT_Done_Glyph((FT_Glyph)glyph->border_bglyph[t]); - } - } + FT_Glyph bg = (FT_Glyph)glyph->bglyph[t]; + FT_Glyph bbg = (FT_Glyph)glyph->border_bglyph[t]; + if (bg && bg != glyph->glyph && bg != glyph->border_glyph) + FT_Done_Glyph(bg); + if (bbg && bbg != glyph->glyph && bbg != glyph->border_glyph) + FT_Done_Glyph(bbg); + } + if (glyph->border_glyph && glyph->border_glyph != glyph->glyph) + FT_Done_Glyph(glyph->border_glyph); + FT_Done_Glyph(glyph->glyph); av_free(elem); return 0; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
