starred/ccextractor
1
0
Fork 0
mirror of https://github.com/CCExtractor/ccextractor.git synced 2026-04-18 12:03:00 +00:00
Code Issues 1.5k Packages Projects Releases 21 Wiki Activity

[PR #1805] fix(encoders): replace sprintf/strcpy with bounds-checked versions #2549

New Issue
Open
opened 2026-01-29 17:22:43 +00:00 by claunia · 0 comments
claunia commented 2026-01-29 17:22:43 +00:00
Owner
Copy Link

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/1805

State: closed
Merged: Yes

Summary

This PR continues the Phase 3 buffer safety work from the bug analysis plan, replacing unsafe string functions with bounds-checked alternatives:

  • ccx_encoders_sami.c: 10 sprintfsnprintf conversions
  • ccx_encoders_srt.c: 6 sprintfsnprintf conversions
  • mp4.c: 6 fixes including:
    • sprintf/strcpy/strcatsnprintf
    • Critical fix: Buffer overflow in format_duration() where 20-byte buffer was too small for long duration strings (e.g., "365 Days, 23:59:59.999" = 22+ chars)
    • Added size parameter to format_duration() function
  • ccx_encoders_webvtt.c: 6 sprintfsnprintf conversions, plus:
    • Fixed malloc size bug (+4 instead of +5 for null terminator)
    • Added OOM checks for css_file_name and outline_css_file
    • Fixed memory leaks (allocated strings were not freed)

Test plan

  • Build completes successfully
  • Test with SAMI output format
  • Test with SRT output format
  • Test with WebVTT output format (including CSS generation)
  • Test with MP4 files containing chapters

🤖 Generated with Claude Code

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/1805 **State:** closed **Merged:** Yes --- ## Summary This PR continues the Phase 3 buffer safety work from the bug analysis plan, replacing unsafe string functions with bounds-checked alternatives: - **ccx_encoders_sami.c**: 10 `sprintf` → `snprintf` conversions - **ccx_encoders_srt.c**: 6 `sprintf` → `snprintf` conversions - **mp4.c**: 6 fixes including: - `sprintf`/`strcpy`/`strcat` → `snprintf` - **Critical fix**: Buffer overflow in `format_duration()` where 20-byte buffer was too small for long duration strings (e.g., "365 Days, 23:59:59.999" = 22+ chars) - Added size parameter to `format_duration()` function - **ccx_encoders_webvtt.c**: 6 `sprintf` → `snprintf` conversions, plus: - Fixed malloc size bug (`+4` instead of `+5` for null terminator) - Added OOM checks for `css_file_name` and `outline_css_file` - Fixed memory leaks (allocated strings were not freed) ## Test plan - [x] Build completes successfully - [ ] Test with SAMI output format - [ ] Test with SRT output format - [ ] Test with WebVTT output format (including CSS generation) - [ ] Test with MP4 files containing chapters 🤖 Generated with [Claude Code](https://claude.com/claude-code)
claunia added the pull-request label 2026-01-29 17:22:43 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
CEA-708
difficulty: easy
difficulty: hard
difficulty: medium
DTMB
DVB
enhancement
enhancement
Flutter GUI
GCI19
good-first-task
GSoC 2021
GSOC-2023
GSOC-2023
GSOC-2023
GSoC-related
Hacktoberfest
HardsubX
help wanted
invalid
JokerTV
Mac / OSX
more-info-needed
needs-commercial-sponsor
needs-commercial-sponsor
needs-commercial-sponsor
needs-confirmation-of-being-broken
OCR
pull-request
Mirrored from GitHub Pull Request
 Python
regression
Rust
teletext
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2549
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?