diff options
author | wm4 <wm4@nowhere> | 2015-09-07 12:43:40 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2015-09-07 13:17:45 +0200 |
commit | 373cb020aa96bf487d19ea3483db85fa22855ad0 (patch) | |
tree | 809e55b5e103dab6702d6edf67c3025cfde19558 | |
parent | 5eb0970a8d714cf69c5252dbfbf3df6e8d268f6a (diff) | |
download | libass-373cb020aa96bf487d19ea3483db85fa22855ad0.tar.bz2 libass-373cb020aa96bf487d19ea3483db85fa22855ad0.tar.xz |
ass_render: fix potential NULL deref
The logic here is pretty complicated. The caller of this function guards
it with "if(info->bm || info->bm_o){", and generally indeed only one of
them is set. But in some cases, both are needed. fix_outline()
definitely dereferences both. This is not necessarily guaranteed, e.g.
on out of memory errors. Add the missing checks.
Fixes CID 146125.
-rw-r--r-- | libass/ass_render.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libass/ass_render.c b/libass/ass_render.c index 5bc98d1..88ab734 100644 --- a/libass/ass_render.c +++ b/libass/ass_render.c @@ -1785,7 +1785,7 @@ static int is_new_bm_run(GlyphInfo *info, GlyphInfo *last) static void make_shadow_bitmap(CombinedBitmapInfo *info, ASS_Renderer *render_priv) { if (!(info->filter.flags & FILTER_NONZERO_SHADOW)) { - if (info->bm_o && !(info->filter.flags & FILTER_BORDER_STYLE_3)) { + if (info->bm && info->bm_o && !(info->filter.flags & FILTER_BORDER_STYLE_3)) { fix_outline(info->bm, info->bm_o); } else if (info->bm_o && !(info->filter.flags & FILTER_NONZERO_BORDER)) { ass_free_bitmap(info->bm_o); @@ -1795,7 +1795,7 @@ static void make_shadow_bitmap(CombinedBitmapInfo *info, ASS_Renderer *render_pr } // Create shadow and fix outline as needed - if (info->bm_o && !(info->filter.flags & FILTER_BORDER_STYLE_3)) { + if (info->bm && info->bm_o && !(info->filter.flags & FILTER_BORDER_STYLE_3)) { info->bm_s = copy_bitmap(render_priv->engine, info->bm_o); fix_outline(info->bm, info->bm_o); } else if (info->bm_o && (info->filter.flags & FILTER_NONZERO_BORDER)) { |