[PR #1792] fix(matroska): add memory safety checks and fix memory leaks #2526

New Issue

claunia · 2026-01-29T17:22:36Z

claunia commented

2026-01-29 17:22:36 +00:00

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/1792

State: closed
Merged: Yes

Summary

This PR addresses multiple memory safety issues in the Matroska parser (src/lib_ccx/matroska.c) identified through static analysis using cppcheck.

Issues Fixed

Category	Count	Severity
Null pointer after malloc	15	HIGH
Buffer overflow risk	3	HIGH
Memory leaks	7	MEDIUM
Realloc error handling	3	HIGH
Use-after-free	1	CRITICAL
Missing free	2	MEDIUM

Details

Null pointer dereference after malloc (15 fixes)

Added null checks after all malloc/calloc calls
Uses EXIT_NOT_ENOUGH_MEMORY (exit code 500) for OOM conditions

Buffer overflow fixes (3 fixes)

generate_timestamp_ass_ssa(): Buffer 15→32 bytes, sprintf→snprintf
save_sub_track(): number[] buffer 9→16 bytes, sprintf→snprintf
generate_filename_from_track(): Dynamic buffer size calculation

Memory leak fixes (7 fixes)

Fixed leaks of read_vint_block_string() return values in parse_ebml() and parse_segment_info()
Fixed leak in parse_segment_track_entry() where lang was reassigned without freeing
Fixed leak in save_sub_track() where text pointer was advanced, losing original allocation

Realloc error handling (3 fixes)

Used temporary variable to preserve original pointer if realloc fails

Use-after-free fix (1 fix)

matroska_loop(): Saved values before matroska_free_all(), then used saved values

Missing free fixes (2 fixes)

Added free(track->sentences) in free_sub_track()
Added free(mkv_ctx->sub_tracks) in matroska_free_all()

Test plan

Code compiles without warnings from matroska.c
Test with sample MKV files containing subtitles
Run with valgrind to verify no memory leaks

🤖 Generated with Claude Code

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/1792 **State:** closed **Merged:** Yes --- ## Summary This PR addresses multiple memory safety issues in the Matroska parser (`src/lib_ccx/matroska.c`) identified through static analysis using cppcheck. ### Issues Fixed | Category | Count | Severity | |----------|-------|----------| | Null pointer after malloc | 15 | HIGH | | Buffer overflow risk | 3 | HIGH | | Memory leaks | 7 | MEDIUM | | Realloc error handling | 3 | HIGH | | Use-after-free | 1 | CRITICAL | | Missing free | 2 | MEDIUM | ### Details **Null pointer dereference after malloc (15 fixes)** - Added null checks after all `malloc`/`calloc` calls - Uses `EXIT_NOT_ENOUGH_MEMORY` (exit code 500) for OOM conditions **Buffer overflow fixes (3 fixes)** - `generate_timestamp_ass_ssa()`: Buffer 15→32 bytes, sprintf→snprintf - `save_sub_track()`: number[] buffer 9→16 bytes, sprintf→snprintf - `generate_filename_from_track()`: Dynamic buffer size calculation **Memory leak fixes (7 fixes)** - Fixed leaks of `read_vint_block_string()` return values in `parse_ebml()` and `parse_segment_info()` - Fixed leak in `parse_segment_track_entry()` where `lang` was reassigned without freeing - Fixed leak in `save_sub_track()` where text pointer was advanced, losing original allocation **Realloc error handling (3 fixes)** - Used temporary variable to preserve original pointer if realloc fails **Use-after-free fix (1 fix)** - `matroska_loop()`: Saved values before `matroska_free_all()`, then used saved values **Missing free fixes (2 fixes)** - Added `free(track->sentences)` in `free_sub_track()` - Added `free(mkv_ctx->sub_tracks)` in `matroska_free_all()` ## Test plan - [x] Code compiles without warnings from matroska.c - [ ] Test with sample MKV files containing subtitles - [ ] Run with valgrind to verify no memory leaks 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claunia added the pull-request label 2026-01-29 17:22:36 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2526