From patchwork Sat Jul 27 14:58:48 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aaron Boushley <boushley@gmail.com>
X-Patchwork-Id: 14096
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id ADDE744A29F
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Sat, 27 Jul 2019 17:58:58 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8C894680BD3;
	Sat, 27 Jul 2019 17:58:58 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com
	[209.85.215.181])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7E829680A1D
	for <ffmpeg-devel@ffmpeg.org>; Sat, 27 Jul 2019 17:58:52 +0300 (EEST)
Received: by mail-pg1-f181.google.com with SMTP id i70so15378240pgd.4
	for <ffmpeg-devel@ffmpeg.org>; Sat, 27 Jul 2019 07:58:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=to:from:subject:message-id:date:user-agent:mime-version
	:content-language;
	bh=tt98tHdMl4hFwzmYSbe8tdl7n8/YnyRLO5b4nt4CX9g=;
	b=Qvgk+cCZny2crzN4ihEdpaUqsBxO3+22M0BtUOCncxvdUw6JKPDygNK+uol19dyEZ7
	Pb81WhVQ89Yvouec3V7dveeq+aOxUs9hJtrTT58INrwpWI9VXLLSglCkqg1ySsMRTsYH
	yszqhQnsJZaE0HQ8x83XizjzMESo8V59iupEWgqPB5mFm0qqu63o45gy6cc0mDDuDpkZ
	RVIuJF7EdfNwQZvIiA/2HUj/H7boPjNwZmiLkICCS0KDmKfus/838taCx7Conqztu8cM
	8PFwi3bkpzz2b9hqduIyDhyUpYr2O5KHQqfSFIxaZF4SWTnXGDjiIPstQISI+Q6IEp/k
	99kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:to:from:subject:message-id:date:user-agent
	:mime-version:content-language;
	bh=tt98tHdMl4hFwzmYSbe8tdl7n8/YnyRLO5b4nt4CX9g=;
	b=cLNCbVJqMviV7F6voV/LL5B+ihrmYZdkjGX4A9il/X1tTo1h+wRc3n5uQOQTTOHAIB
	fq7LPDH75JWSTJUhyayPQA0sHdj/Xv+1LbWyZqVIots70+n0ypU3rHzm+58ANVG2+P9L
	WAw4eKl9/87urOudusOsFBGqtLoHAfTtpqhUMCzCob/9CcmS3nBhPEP3gSK7dd2EevW+
	gKM+UyEeBOHCE+UjGpJ+NMNJfybYQ7OTZczeaivZL+KJkJGoFfXoEHmUsDj88c4TUBbE
	y5AlgVQKwYzwXbCRjTDExPU1TWIU+gGYqbSFibJzDXTJ2VlklMOGaX9h3ISHIun6GnP8
	I4tg==
X-Gm-Message-State: APjAAAVYlxHoD8mN/xxx2er+EMHhr1pu9CdT+GflXmus8V/7okeOV+AG
	4zgn4xafG+3+el+VW8tTSNygH+vpvRY=
X-Google-Smtp-Source: 
 APXvYqyKmBoq1pMEYUza8fPWn+tAJzMQ5hSlnYgtinoXRQq0nyaU22DW0zaIgJb1j4uLF0RmCA01Tg==
X-Received: by 2002:a17:90a:9f4a:: with SMTP id
	q10mr103102665pjv.95.1564239529936;
	Sat, 27 Jul 2019 07:58:49 -0700 (PDT)
Received: from WASEA-MLENGABO2.hsd1.wa.comcast.net
	([2601:600:9f80:854:b8fe:1c0f:3492:85ad])
	by smtp.gmail.com with ESMTPSA id
	c98sm54852209pje.1.2019.07.27.07.58.48
	for <ffmpeg-devel@ffmpeg.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 27 Jul 2019 07:58:49 -0700 (PDT)
To: ffmpeg-devel@ffmpeg.org
From: Aaron Boushley <boushley@gmail.com>
Message-ID: <d95c1bfa-10e8-95d1-4cfc-92ae4ed2293a@gmail.com>
Date: Sat, 27 Jul 2019 07:58:48 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0)
	Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Language: en-US
Subject: [FFmpeg-devel] [PATCH] libavfilter/vf_drawtext: Avoid undefined
	behavior from GET_UTF8
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The vf_drawtext filter uses the GET_UTF8 macro in multiple locations.
Each of these use `continue;` as the error handler. However the
documentation for the GET_UTF8 macro states "ERROR should not contain
a loop control statement which could interact with the internal while
loop, and should force an exit from the macro code (e.g. through a
goto or a return) in order to prevent undefined results."

This patch adjusts vf_drawtext to use goto error handlers similar to
other locations in ffmpeg.

Aaron

PS Sorry for having to send again, sent from the wrong address last
time, so patchwork didn't pick it up.
From efdc96ace59d676e76434499a399d1d7df7fa093 Mon Sep 17 00:00:00 2001
From: Aaron Boushley <boushley@gmail.com>
Date: Fri, 26 Jul 2019 15:49:36 -0700
Subject: [PATCH] libavfilter/drawtext: avoid undefined behavior with GET_UTF8

Currently the GET_UTF8 usage in drawtext use a continue to skip invalid
characters in a string. The macro definition states that using a loop
control statement results in undefined behavior since the macro itself
uses a loop.

This switches drawtext to use a goto statement similar to other usages
of GET_UTF8 in other parts of ffmpeg.

Signed-off-by: Aaron Boushley <boushley@gmail.com>
---
 libavfilter/vf_drawtext.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
index 8f4badbdb5..fd2ba84d12 100644
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -1223,7 +1223,7 @@ static int draw_glyphs(DrawTextContext *s, AVFrame *frame,
     for (i = 0, p = text; *p; i++) {
         FT_Bitmap bitmap;
         Glyph dummy = { 0 };
-        GET_UTF8(code, *p++, continue;);
+        GET_UTF8(code, *p++, goto invalid_drawing;);
 
         /* skip new line chars, just go to new line */
         if (code == '\n' || code == '\r' || code == '\t')
@@ -1248,6 +1248,9 @@ static int draw_glyphs(DrawTextContext *s, AVFrame *frame,
                       bitmap.width, bitmap.rows,
                       bitmap.pixel_mode == FT_PIXEL_MODE_MONO ? 0 : 3,
                       0, x1, y1);
+        continue;
+invalid_drawing:
+        av_log(s, AV_LOG_DEBUG, "Invalid UTF8 character while drawing glyphs\n");
     }
 
     return 0;
@@ -1361,7 +1364,7 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame,
 
     /* load and cache glyphs */
     for (i = 0, p = text; *p; i++) {
-        GET_UTF8(code, *p++, continue;);
+        GET_UTF8(code, *p++, goto invalid_caching;);
 
         /* get glyph */
         dummy.code = code;
@@ -1377,6 +1380,10 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame,
         y_max = FFMAX(glyph->bbox.yMax, y_max);
         x_min = FFMIN(glyph->bbox.xMin, x_min);
         x_max = FFMAX(glyph->bbox.xMax, x_max);
+
+        continue;
+invalid_caching:
+        av_log(ctx, AV_LOG_DEBUG, "Invalid UTF8 character while caching glyphs\n");
     }
     s->max_glyph_h = y_max - y_min;
     s->max_glyph_w = x_max - x_min;
@@ -1384,7 +1391,7 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame,
     /* compute and save position for each glyph */
     glyph = NULL;
     for (i = 0, p = text; *p; i++) {
-        GET_UTF8(code, *p++, continue;);
+        GET_UTF8(code, *p++, goto invalid_positioning;);
 
         /* skip the \n in the sequence \r\n */
         if (prev_code == '\r' && code == '\n')
@@ -1417,6 +1424,10 @@ static int draw_text(AVFilterContext *ctx, AVFrame *frame,
         s->positions[i].y = y - glyph->bitmap_top + y_max;
         if (code == '\t') x  = (x / s->tabsize + 1)*s->tabsize;
         else              x += glyph->advance;
+
+        continue;
+invalid_positioning:
+        av_log(ctx, AV_LOG_DEBUG, "Invalid UTF8 character while positioning glyphs\n");
     }
 
     max_text_line_w = FFMAX(x, max_text_line_w);