From 6486588d79c5468bfe1077bb32e4db4e92094e1c Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 1 Nov 2025 01:29:32 +0100
Subject: [PATCH] avfilter/vf_drawtext: Account for bbox text seperator

Fixes: out of array access
no test case

Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad956ff076ea808e5d64c9ac17c1bfc1ba7d0cc0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/vf_drawtext.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c
index daaa1fd83a..232e4015fb 100644
--- a/libavfilter/vf_drawtext.c
+++ b/libavfilter/vf_drawtext.c
@@ -1017,7 +1017,7 @@ static av_cold int init(AVFilterContext *ctx)
             av_log(ctx, AV_LOG_WARNING, "Multiple texts provided, will use text_source only\n");
             av_free(s->text);
         }
-        s->text = av_mallocz(AV_DETECTION_BBOX_LABEL_NAME_MAX_SIZE *
+        s->text = av_mallocz((AV_DETECTION_BBOX_LABEL_NAME_MAX_SIZE + 1) *
                              (AV_NUM_DETECTION_BBOX_CLASSIFY + 1));
         if (!s->text)
             return AVERROR(ENOMEM);