[PR #1801] fix(smptett): replace unsafe string operations with bounds-checked versions #2540

New Issue

Open

opened 2026-01-29 17:22:41 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 17:22:41 +00:00

Owner

Copy Link

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/1801

State: closed
Merged: Yes

---

Summary

• Replace all sprintf, strcpy, and strcat calls with bounds-checked versions
• Add NULL checks after malloc allocations
• Prevent potential buffer overflows in SMPTE Timed Text encoder

Changes

Function	Change
write_stringz_as_smptett	Use snprintf with sizeof(str) for timestamp formatting
write_cc_bitmap_as_smptett	Use snprintf with INITIAL_ENC_BUFFER_CAPACITY
write_cc_buffer_as_smptett	Major rewrite:
	- Add NULL checks for final and temp malloc
	- Track buf_size and use throughout
	- Replace strcpy/strcat chains with memcpy/snprintf
	- Use snprintf for style tags and color code formatting

Test plan

• Build succeeds without errors
• Verify SMPTE-TT output format is unchanged for basic subtitles
• Verify styled subtitles (italic, bold, underline) render correctly
• Verify font color subtitles render correctly

🤖 Generated with Claude Code

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/1801 **State:** closed **Merged:** Yes --- ## Summary - Replace all `sprintf`, `strcpy`, and `strcat` calls with bounds-checked versions - Add NULL checks after malloc allocations - Prevent potential buffer overflows in SMPTE Timed Text encoder ## Changes | Function | Change | |----------|--------| | `write_stringz_as_smptett` | Use `snprintf` with `sizeof(str)` for timestamp formatting | | `write_cc_bitmap_as_smptett` | Use `snprintf` with `INITIAL_ENC_BUFFER_CAPACITY` | | `write_cc_buffer_as_smptett` | Major rewrite: | | | - Add NULL checks for `final` and `temp` malloc | | | - Track `buf_size` and use throughout | | | - Replace `strcpy/strcat` chains with `memcpy/snprintf` | | | - Use `snprintf` for style tags and color code formatting | ## Test plan - [x] Build succeeds without errors - [ ] Verify SMPTE-TT output format is unchanged for basic subtitles - [ ] Verify styled subtitles (italic, bold, underline) render correctly - [ ] Verify font color subtitles render correctly 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claunia added the pull-request label 2026-01-29 17:22:41 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

fix/input-scc-option

fix/palette-crate-fedora

pr-1782

fix/flutter-gui-v0.7.0-files

docs/changelog-upcoming

fix/goptime-and-startcredits-bugs

fix/bindgen-upgrade-1608

fix/tesseract-version-check-future-proof

fix/ccx-encoders-spupng-memory-safety

fix/freebsd-remarks

compatibility/xp

v0.96.5

v0.96.4

v0.96.3

v0.96.2

v0.96.1

v0.96

v0.94

v0.93

v0.92

v0.91

v0.90

v0.89

v0.88

v0.87

v0.86

v0.85b

v0.85

v0.84

v0.83

v0.82

v0.81

v0.80

v0.79

v0.78

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70

Labels

Clear labels

bug

CEA-708

difficulty: easy

difficulty: hard

difficulty: medium

DTMB

DVB

enhancement

enhancement

Flutter GUI

GCI19

good-first-task

GSoC 2021

GSOC-2023

GSOC-2023

GSOC-2023

GSoC-related

Hacktoberfest

HardsubX

help wanted

invalid

JokerTV

Mac / OSX

more-info-needed

needs-commercial-sponsor

needs-commercial-sponsor

needs-commercial-sponsor

needs-confirmation-of-being-broken

OCR

pull-request

Mirrored from GitHub Pull Request

Python

regression

Rust

teletext

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2540