[PR #1797] [CLOSED] fix(ccx_encoders_spupng): add NULL checks and fix memory leaks #2534

Closed
opened 2026-01-29 17:22:38 +00:00 by claunia · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1797
Author: @cfsmp3
Created: 12/12/2025
Status: Closed

Base: masterHead: fix/ccx-encoders-spupng-memory-safety


📄 Description

Summary

This PR addresses 7 memory safety issues in ccx_encoders_spupng.c, identified as part of the systematic bug analysis effort (see Phase 2.1 in the bug analysis plan).

NULL Pointer Dereference Fixes (Crash Prevention)

Location Function Issue Fix
Line 440 write_cc_bitmap_as_spupng() pbuf not checked after malloc, then used in memset Added fatal() on NULL
Line 541 write_image() row not checked after malloc, then used in loop Added check with goto finalise cleanup
Line 611 center_justify() temp_buffer not checked after malloc Added fatal() on NULL
Line 718 utf8_to_utf32() string_utf32 not checked after calloc Added fatal() on NULL
Line 780 spupng_export_string2png() NULL check existed but did not return/exit - continued to memset(NULL, ...) Changed to fatal()

Memory Leak Fixes

Location Function Issue Fix
Line 789 spupng_export_string2png() buffer leaked when strdup(str) failed Added free(buffer) before return
Line 901 spupng_export_string2png() buffer, tmp, and string_utf32 leaked on realloc failure Added cleanup for all three before fatal()

Error Handling Pattern

All fatal() calls include diagnostic information to aid debugging:

  • Function name where the failure occurred
  • Number of bytes requested (where applicable)

Example:

fatal(EXIT_NOT_ENOUGH_MEMORY, "In spupng_export_string2png: Out of memory allocating buffer. Need %lu bytes.",
      (unsigned long)(canvas_width * canvas_height * sizeof(struct pixel_t)));

Context

This file was identified as a HIGH priority target in the bug analysis plan due to having 49 malloc/free occurrences. The SPUPNG encoder handles PNG subtitle generation and processes untrusted input data, making memory safety critical.

Test plan

  • Code compiles without warnings (related to these changes)
  • Build succeeds on Linux
  • Manual testing with SPUPNG output format

🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1797 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 12/12/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `fix/ccx-encoders-spupng-memory-safety` --- ### 📄 Description ## Summary This PR addresses **7 memory safety issues** in `ccx_encoders_spupng.c`, identified as part of the systematic bug analysis effort (see Phase 2.1 in the bug analysis plan). ### NULL Pointer Dereference Fixes (Crash Prevention) | Location | Function | Issue | Fix | |----------|----------|-------|-----| | Line 440 | `write_cc_bitmap_as_spupng()` | `pbuf` not checked after malloc, then used in memset | Added `fatal()` on NULL | | Line 541 | `write_image()` | `row` not checked after malloc, then used in loop | Added check with `goto finalise` cleanup | | Line 611 | `center_justify()` | `temp_buffer` not checked after malloc | Added `fatal()` on NULL | | Line 718 | `utf8_to_utf32()` | `string_utf32` not checked after calloc | Added `fatal()` on NULL | | Line 780 | `spupng_export_string2png()` | NULL check existed but **did not return/exit** - continued to `memset(NULL, ...)` | Changed to `fatal()` | ### Memory Leak Fixes | Location | Function | Issue | Fix | |----------|----------|-------|-----| | Line 789 | `spupng_export_string2png()` | `buffer` leaked when `strdup(str)` failed | Added `free(buffer)` before return | | Line 901 | `spupng_export_string2png()` | `buffer`, `tmp`, and `string_utf32` leaked on realloc failure | Added cleanup for all three before `fatal()` | ### Error Handling Pattern All `fatal()` calls include diagnostic information to aid debugging: - Function name where the failure occurred - Number of bytes requested (where applicable) Example: ```c fatal(EXIT_NOT_ENOUGH_MEMORY, "In spupng_export_string2png: Out of memory allocating buffer. Need %lu bytes.", (unsigned long)(canvas_width * canvas_height * sizeof(struct pixel_t))); ``` ### Context This file was identified as a HIGH priority target in the bug analysis plan due to having 49 malloc/free occurrences. The SPUPNG encoder handles PNG subtitle generation and processes untrusted input data, making memory safety critical. ## Test plan - [x] Code compiles without warnings (related to these changes) - [x] Build succeeds on Linux - [ ] Manual testing with SPUPNG output format 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:22:38 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2534