[PR #1796] [MERGED] fix(ccx_decoders_common): add NULL checks and fix memory safety issues #2533

Closed
opened 2026-01-29 17:22:38 +00:00 by claunia · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1796
Author: @cfsmp3
Created: 12/12/2025
Status: Merged
Merged: 12/13/2025
Merged by: @cfsmp3

Base: masterHead: fix/ccx-decoders-common-memory-leaks


📝 Commits (1)

  • 1c955d5 fix(ccx_decoders_common): add NULL checks and fix memory safety issues

📊 Changes

1 file changed (+95 additions, -13 deletions)

View changed files

📝 src/lib_ccx/ccx_decoders_common.c (+95 -13)

📄 Description

Summary

This PR fixes multiple memory safety issues in src/lib_ccx/ccx_decoders_common.c:

Bug Fixes

1. Buffer Overflows in copy_encoder_context() (Critical)

String allocations were missing +1 for the null terminator, causing buffer overflows when copying:

  • first_input_file - allocated strlen() bytes but copied strlen() bytes (should be strlen() + 1)
  • start_credits_text - allocated strlen() bytes but memcpy copied strlen() + 1 bytes
  • end_credits_text - allocated strlen() bytes but memcpy copied strlen() + 1 bytes

Before:

ctx_copy->first_input_file = malloc(strlen(ctx->first_input_file) * sizeof(char));
memcpy(ctx_copy->first_input_file, ctx->first_input_file, strlen(ctx->first_input_file) * sizeof(char));

After:

size_t len = strlen(ctx->first_input_file) + 1;
ctx_copy->first_input_file = malloc(len);
if (!ctx_copy->first_input_file)
    fatal(EXIT_NOT_ENOUGH_MEMORY, "In copy_encoder_context: Out of memory allocating first_input_file.");
memcpy(ctx_copy->first_input_file, ctx->first_input_file, len);

2. Missing NULL Checks After malloc (High)

Added NULL checks with fatal(EXIT_NOT_ENOUGH_MEMORY, ...) calls (following the pattern in matroska.c) in:

  • init_cc_decode() - 6 allocations now checked
  • copy_encoder_context() - 9 allocations now checked
  • copy_decoder_context() - 8 allocations now checked
  • copy_subtitle() - 2 allocations now checked

3. Potential NULL Pointer Dereference in init_cc_decode() (High)

Line ctx->dtvcc->is_active = setting->settings_dtvcc->enabled; would crash if dtvcc_init() returned NULL. Now properly checked before dereferencing.

4. Stale Pointer Prevention

After memcpy() copies the source structure, the copied pointers point to the original's memory. These are now explicitly set to NULL before re-allocation to prevent accidental use of stale pointers.

Functions Modified

Function Allocations Issue Type
init_cc_decode() 6 Missing NULL checks, NULL deref
copy_encoder_context() 9 Buffer overflows, missing NULL checks
copy_decoder_context() 8 Missing NULL checks
copy_subtitle() 2 Missing NULL checks

Test plan

  • Code compiles without errors
  • Run existing test suite
  • Test with sample media files to verify no regressions

🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1796 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 12/12/2025 **Status:** ✅ Merged **Merged:** 12/13/2025 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/ccx-decoders-common-memory-leaks` --- ### 📝 Commits (1) - [`1c955d5`](https://github.com/CCExtractor/ccextractor/commit/1c955d5e199e1c16a3d887ebec231c07c7d80c70) fix(ccx_decoders_common): add NULL checks and fix memory safety issues ### 📊 Changes **1 file changed** (+95 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/ccx_decoders_common.c` (+95 -13) </details> ### 📄 Description ## Summary This PR fixes multiple memory safety issues in `src/lib_ccx/ccx_decoders_common.c`: ### Bug Fixes #### 1. Buffer Overflows in `copy_encoder_context()` (Critical) String allocations were missing `+1` for the null terminator, causing buffer overflows when copying: - `first_input_file` - allocated `strlen()` bytes but copied `strlen()` bytes (should be `strlen() + 1`) - `start_credits_text` - allocated `strlen()` bytes but `memcpy` copied `strlen() + 1` bytes - `end_credits_text` - allocated `strlen()` bytes but `memcpy` copied `strlen() + 1` bytes **Before:** ```c ctx_copy->first_input_file = malloc(strlen(ctx->first_input_file) * sizeof(char)); memcpy(ctx_copy->first_input_file, ctx->first_input_file, strlen(ctx->first_input_file) * sizeof(char)); ``` **After:** ```c size_t len = strlen(ctx->first_input_file) + 1; ctx_copy->first_input_file = malloc(len); if (!ctx_copy->first_input_file) fatal(EXIT_NOT_ENOUGH_MEMORY, "In copy_encoder_context: Out of memory allocating first_input_file."); memcpy(ctx_copy->first_input_file, ctx->first_input_file, len); ``` #### 2. Missing NULL Checks After malloc (High) Added NULL checks with `fatal(EXIT_NOT_ENOUGH_MEMORY, ...)` calls (following the pattern in `matroska.c`) in: - `init_cc_decode()` - 6 allocations now checked - `copy_encoder_context()` - 9 allocations now checked - `copy_decoder_context()` - 8 allocations now checked - `copy_subtitle()` - 2 allocations now checked #### 3. Potential NULL Pointer Dereference in `init_cc_decode()` (High) Line `ctx->dtvcc->is_active = setting->settings_dtvcc->enabled;` would crash if `dtvcc_init()` returned NULL. Now properly checked before dereferencing. #### 4. Stale Pointer Prevention After `memcpy()` copies the source structure, the copied pointers point to the original's memory. These are now explicitly set to NULL before re-allocation to prevent accidental use of stale pointers. ### Functions Modified | Function | Allocations | Issue Type | |----------|-------------|------------| | `init_cc_decode()` | 6 | Missing NULL checks, NULL deref | | `copy_encoder_context()` | 9 | Buffer overflows, missing NULL checks | | `copy_decoder_context()` | 8 | Missing NULL checks | | `copy_subtitle()` | 2 | Missing NULL checks | ## Test plan - [x] Code compiles without errors - [ ] Run existing test suite - [ ] Test with sample media files to verify no regressions 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:22:38 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2533