[PR #1801] [MERGED] fix(smptett): replace unsafe string operations with bounds-checked versions #2538

Open
opened 2026-01-29 17:22:40 +00:00 by claunia · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1801
Author: @cfsmp3
Created: 12/12/2025
Status: Merged
Merged: 12/13/2025
Merged by: @cfsmp3

Base: masterHead: fix/smptett-buffer-safety


📝 Commits (1)

  • d4642c1 fix(smptett): replace unsafe string operations with bounds-checked versions

📊 Changes

1 file changed (+104 additions, -44 deletions)

View changed files

📝 src/lib_ccx/ccx_encoders_smptett.c (+104 -44)

📄 Description

Summary

  • Replace all sprintf, strcpy, and strcat calls with bounds-checked versions
  • Add NULL checks after malloc allocations
  • Prevent potential buffer overflows in SMPTE Timed Text encoder

Changes

Function Change
write_stringz_as_smptett Use snprintf with sizeof(str) for timestamp formatting
write_cc_bitmap_as_smptett Use snprintf with INITIAL_ENC_BUFFER_CAPACITY
write_cc_buffer_as_smptett Major rewrite:
- Add NULL checks for final and temp malloc
- Track buf_size and use throughout
- Replace strcpy/strcat chains with memcpy/snprintf
- Use snprintf for style tags and color code formatting

Test plan

  • Build succeeds without errors
  • Verify SMPTE-TT output format is unchanged for basic subtitles
  • Verify styled subtitles (italic, bold, underline) render correctly
  • Verify font color subtitles render correctly

🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1801 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 12/12/2025 **Status:** ✅ Merged **Merged:** 12/13/2025 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/smptett-buffer-safety` --- ### 📝 Commits (1) - [`d4642c1`](https://github.com/CCExtractor/ccextractor/commit/d4642c18c6ec959854d070ea1949044b4950d003) fix(smptett): replace unsafe string operations with bounds-checked versions ### 📊 Changes **1 file changed** (+104 additions, -44 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/ccx_encoders_smptett.c` (+104 -44) </details> ### 📄 Description ## Summary - Replace all `sprintf`, `strcpy`, and `strcat` calls with bounds-checked versions - Add NULL checks after malloc allocations - Prevent potential buffer overflows in SMPTE Timed Text encoder ## Changes | Function | Change | |----------|--------| | `write_stringz_as_smptett` | Use `snprintf` with `sizeof(str)` for timestamp formatting | | `write_cc_bitmap_as_smptett` | Use `snprintf` with `INITIAL_ENC_BUFFER_CAPACITY` | | `write_cc_buffer_as_smptett` | Major rewrite: | | | - Add NULL checks for `final` and `temp` malloc | | | - Track `buf_size` and use throughout | | | - Replace `strcpy/strcat` chains with `memcpy/snprintf` | | | - Use `snprintf` for style tags and color code formatting | ## Test plan - [x] Build succeeds without errors - [ ] Verify SMPTE-TT output format is unchanged for basic subtitles - [ ] Verify styled subtitles (italic, bold, underline) render correctly - [ ] Verify font color subtitles render correctly 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:22:40 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2538