starred/ccextractor
1
0
Fork 0
mirror of https://github.com/CCExtractor/ccextractor.git synced 2026-02-03 21:23:48 +00:00
Code Issues 1.5k Packages Projects Releases 20 Wiki Activity

[PR #1807] [MERGED] fix(lib_ccx): replace unsafe string functions with bounds-checked versions #2544

New Issue
Open
opened 2026-01-29 17:22:43 +00:00 by claunia · 0 comments
claunia commented 2026-01-29 17:22:43 +00:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1807
Author: @cfsmp3
Created: 12/13/2025
Status: Merged
Merged: 12/13/2025
Merged by: @cfsmp3

Base: masterHead: fix/phase3-buffer-safety-medium-priority

📝 Commits (9)

  • bff08be fix(encoders): replace unsafe string functions with bounds-checked versions
  • 8af19df fix(lib_ccx): replace remaining unsafe string functions with bounds-checked versions
  • 6e295ac fix(ccx_encoders_spupng): add NULL checks and fix memory leaks
  • b3c3bdc fix(ocr): add NULL checks and fix memory leaks
  • 1869c4c fix(mcc_encoder): prevent buffer overruns and add OOM checks
  • 8329257 fix(708_output): replace sprintf with snprintf for buffer safety
  • af5e36c style: fix clang-format issues in macro definitions
  • 87b0d22 fix(ts_tables_epg): add NULL checks and fix memory leaks
  • 68da0a0 style: fix clang-format issues

📊 Changes

20 files changed (+466 additions, -150 deletions)

View changed files

📝 src/lib_ccx/asf_functions.c (+6 -6)
📝 src/lib_ccx/ccx_common_timing.c (+8 -2)
📝 src/lib_ccx/ccx_decoders_708_output.c (+170 -64)
📝 src/lib_ccx/ccx_decoders_708_output.h (+1 -1)
📝 src/lib_ccx/ccx_encoders_common.c (+4 -4)
📝 src/lib_ccx/ccx_encoders_curl.c (+8 -4)
📝 src/lib_ccx/ccx_encoders_g608.c (+3 -3)
📝 src/lib_ccx/ccx_encoders_helpers.c (+4 -4)
📝 src/lib_ccx/ccx_encoders_mcc.c (+40 -21)
📝 src/lib_ccx/ccx_encoders_splitbysentence.c (+7 -3)
📝 src/lib_ccx/ccx_encoders_spupng.c (+28 -5)
📝 src/lib_ccx/ccx_encoders_ssa.c (+6 -6)
📝 src/lib_ccx/general_loop.c (+9 -1)
📝 src/lib_ccx/lib_ccx.c (+10 -8)
📝 src/lib_ccx/matroska.c (+7 -1)
📝 src/lib_ccx/ocr.c (+83 -9)
📝 src/lib_ccx/output.c (+4 -2)
📝 src/lib_ccx/telxcc.c (+3 -3)
📝 src/lib_ccx/ts_functions.c (+1 -1)
📝 src/lib_ccx/ts_tables_epg.c (+64 -2)

📄 Description

Summary

Replace sprintf/strcpy/strcat with bounds-checked versions in files identified in Phase 3.1 of the buffer safety audit. This completes all dangerous function pattern fixes.

Files Modified

Medium Priority (previous commit)

File Changes
ccx_encoders_common.c 4 sprintf → snprintf
ccx_encoders_helpers.c 3 strcat → strncat, 1 strcpy → memcpy
telxcc.c 3 sprintf → snprintf
asf_functions.c 3 sprintf → snprintf
ccx_encoders_ssa.c 3 sprintf → snprintf
ccx_encoders_curl.c 1 sprintf → snprintf, strcpy+strcat → snprintf with OOM check
ccx_encoders_splitbysentence.c 1 strcpy → memmove (overlapping memory fix), 2 strcat → strncat

Low Priority (latest commit)

File Changes
general_loop.c Proper buffer allocation with OOM check, snprintf
ccx_encoders_g608.c snprintf with sizeof for timeline buffer
lib_ccx.c Fix buffer size calculation (was 2 bytes short), add missing null check, snprintf
ccx_common_timing.c snprintf with documented max size for time functions
ts_functions.c snprintf with sizeof in debug code
matroska.c Bounded memcpy to prevent overflow from malformed language codes
output.c snprintf with known allocated size

Notable Fixes

  1. ccx_encoders_splitbysentence.c: Fixed undefined behavior where strcpy() was used with overlapping memory regions. Replaced with memmove().

  2. ccx_encoders_curl.c: Added OOM check for malloc allocation that was previously unchecked.

  3. lib_ccx.c: Fixed buffer size calculation - was allocating strlen + 10 but needed strlen + 12 for the format string.

  4. matroska.c: Protected against malformed language codes that could cause buffer overflow from untrusted file input.

Test plan

  • Builds successfully on Linux
  • CI tests pass

🤖 Generated with Claude Code

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1807 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 12/13/2025 **Status:** ✅ Merged **Merged:** 12/13/2025 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/phase3-buffer-safety-medium-priority` --- ### 📝 Commits (9) - [`bff08be`](https://github.com/CCExtractor/ccextractor/commit/bff08bec9ef6516a02fe41bb390fb5c338d74d8a) fix(encoders): replace unsafe string functions with bounds-checked versions - [`8af19df`](https://github.com/CCExtractor/ccextractor/commit/8af19df556f34182ebcd628cea04ee826b37064f) fix(lib_ccx): replace remaining unsafe string functions with bounds-checked versions - [`6e295ac`](https://github.com/CCExtractor/ccextractor/commit/6e295ac374233067f5a7246e5845f55513c8677e) fix(ccx_encoders_spupng): add NULL checks and fix memory leaks - [`b3c3bdc`](https://github.com/CCExtractor/ccextractor/commit/b3c3bdcdacda0709667ae78cc4f7b29169ff877b) fix(ocr): add NULL checks and fix memory leaks - [`1869c4c`](https://github.com/CCExtractor/ccextractor/commit/1869c4c713c1122ac4c1564cba72ffe6f48bb2b8) fix(mcc_encoder): prevent buffer overruns and add OOM checks - [`8329257`](https://github.com/CCExtractor/ccextractor/commit/8329257b991155504ddec188e43323247381b864) fix(708_output): replace sprintf with snprintf for buffer safety - [`af5e36c`](https://github.com/CCExtractor/ccextractor/commit/af5e36cdabd6c8f71ba36d59b1dd4586ebe974b3) style: fix clang-format issues in macro definitions - [`87b0d22`](https://github.com/CCExtractor/ccextractor/commit/87b0d2205705910532dfa2fbe240e0ba43480717) fix(ts_tables_epg): add NULL checks and fix memory leaks - [`68da0a0`](https://github.com/CCExtractor/ccextractor/commit/68da0a044d2848a50da220e6154c2ba7eaeed09e) style: fix clang-format issues ### 📊 Changes **20 files changed** (+466 additions, -150 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/asf_functions.c` (+6 -6) 📝 `src/lib_ccx/ccx_common_timing.c` (+8 -2) 📝 `src/lib_ccx/ccx_decoders_708_output.c` (+170 -64) 📝 `src/lib_ccx/ccx_decoders_708_output.h` (+1 -1) 📝 `src/lib_ccx/ccx_encoders_common.c` (+4 -4) 📝 `src/lib_ccx/ccx_encoders_curl.c` (+8 -4) 📝 `src/lib_ccx/ccx_encoders_g608.c` (+3 -3) 📝 `src/lib_ccx/ccx_encoders_helpers.c` (+4 -4) 📝 `src/lib_ccx/ccx_encoders_mcc.c` (+40 -21) 📝 `src/lib_ccx/ccx_encoders_splitbysentence.c` (+7 -3) 📝 `src/lib_ccx/ccx_encoders_spupng.c` (+28 -5) 📝 `src/lib_ccx/ccx_encoders_ssa.c` (+6 -6) 📝 `src/lib_ccx/general_loop.c` (+9 -1) 📝 `src/lib_ccx/lib_ccx.c` (+10 -8) 📝 `src/lib_ccx/matroska.c` (+7 -1) 📝 `src/lib_ccx/ocr.c` (+83 -9) 📝 `src/lib_ccx/output.c` (+4 -2) 📝 `src/lib_ccx/telxcc.c` (+3 -3) 📝 `src/lib_ccx/ts_functions.c` (+1 -1) 📝 `src/lib_ccx/ts_tables_epg.c` (+64 -2) </details> ### 📄 Description ## Summary Replace sprintf/strcpy/strcat with bounds-checked versions in files identified in Phase 3.1 of the buffer safety audit. This completes all dangerous function pattern fixes. ### Files Modified #### Medium Priority (previous commit) | File | Changes | |------|---------| | ccx_encoders_common.c | 4 sprintf → snprintf | | ccx_encoders_helpers.c | 3 strcat → strncat, 1 strcpy → memcpy | | telxcc.c | 3 sprintf → snprintf | | asf_functions.c | 3 sprintf → snprintf | | ccx_encoders_ssa.c | 3 sprintf → snprintf | | ccx_encoders_curl.c | 1 sprintf → snprintf, strcpy+strcat → snprintf with OOM check | | ccx_encoders_splitbysentence.c | 1 strcpy → memmove (overlapping memory fix), 2 strcat → strncat | #### Low Priority (latest commit) | File | Changes | |------|---------| | general_loop.c | Proper buffer allocation with OOM check, snprintf | | ccx_encoders_g608.c | snprintf with sizeof for timeline buffer | | lib_ccx.c | Fix buffer size calculation (was 2 bytes short), add missing null check, snprintf | | ccx_common_timing.c | snprintf with documented max size for time functions | | ts_functions.c | snprintf with sizeof in debug code | | matroska.c | Bounded memcpy to prevent overflow from malformed language codes | | output.c | snprintf with known allocated size | ### Notable Fixes 1. **ccx_encoders_splitbysentence.c**: Fixed undefined behavior where `strcpy()` was used with overlapping memory regions. Replaced with `memmove()`. 2. **ccx_encoders_curl.c**: Added OOM check for malloc allocation that was previously unchecked. 3. **lib_ccx.c**: Fixed buffer size calculation - was allocating `strlen + 10` but needed `strlen + 12` for the format string. 4. **matroska.c**: Protected against malformed language codes that could cause buffer overflow from untrusted file input. ## Test plan - [x] Builds successfully on Linux - [ ] CI tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:22:43 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
CEA-708
difficulty: easy
difficulty: hard
difficulty: medium
DTMB
DVB
enhancement
enhancement
Flutter GUI
GCI19
good-first-task
GSoC 2021
GSOC-2023
GSOC-2023
GSOC-2023
GSoC-related
Hacktoberfest
HardsubX
help wanted
invalid
JokerTV
Mac / OSX
more-info-needed
needs-commercial-sponsor
needs-commercial-sponsor
needs-commercial-sponsor
needs-confirmation-of-being-broken
OCR
pull-request
Mirrored from GitHub Pull Request
 Python
regression
Rust
teletext
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2544
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?