[PR #1839] fix(rust-ffi): Prevent dangling pointers in copy_from_rust #2601

New Issue

Open

opened 2026-01-29 17:23:00 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 17:23:00 +00:00

Owner

Copy Link

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/1839

State: closed
Merged: Yes

---

Summary

• Fixed dangling pointer bug in Rust FFI copy_from_rust() function that caused memory corruption
• Added missing settings_dtvcc.timing = NULL initialization in C's init_options()

Problem

The to_ctype() implementations for DecoderDtvccSettings and Decoder608Settings were creating temporaries on the stack and returning pointers to them:

// In to_ctype():
report: if let Some(value) = self.report {
    &mut value.to_ctype()  // ← Creates temporary, returns dangling pointer!
} else { ... },
timing: &mut self.timing.to_ctype(),  // ← Same issue

When copy_from_rust() called to_ctype(), these dangling pointers were written to the C ccx_options struct. Later when C code tried to use settings_dtvcc.report or settings_dtvcc.timing, it accessed invalid memory.

Valgrind errors before this fix:

Invalid write of size 4
   at 0x1D44ED: dtvcc_init
   Address 0x... is on thread 1's stack, 4016 bytes below stack pointer

Invalid read of size 1
   at 0x32F426: ccx_rust::common::copy_to_rust
   Address 0x... is on thread 1's stack, 1280 bytes below stack pointer

Solution

Preserve the original C-managed pointers instead of overwriting them with dangling pointers:

// Save original C pointers
let saved_report = (*ccx_s_options).settings_dtvcc.report;
let saved_timing = (*ccx_s_options).settings_dtvcc.timing;

// Apply other fields from to_ctype()
(*ccx_s_options).settings_dtvcc = options.settings_dtvcc.to_ctype();

// Restore the C-managed pointers
(*ccx_s_options).settings_dtvcc.report = saved_report;
(*ccx_s_options).settings_dtvcc.timing = saved_timing;

Test plan

• Verified all 21 Teletext tests pass (tests 63-83)
• Verified test 18 and 19 pass with exit code 0
• Verified valgrind no longer reports "Invalid read/write" errors
• Error summary reduced from 131,099 errors (15 contexts) to 131,074 errors (4 contexts) - the remaining warnings are unrelated uninitialized memory issues

🤖 Generated with Claude Code

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/1839 **State:** closed **Merged:** Yes --- ## Summary - Fixed dangling pointer bug in Rust FFI `copy_from_rust()` function that caused memory corruption - Added missing `settings_dtvcc.timing = NULL` initialization in C's `init_options()` ## Problem The `to_ctype()` implementations for `DecoderDtvccSettings` and `Decoder608Settings` were creating temporaries on the stack and returning pointers to them: ```rust // In to_ctype(): report: if let Some(value) = self.report { &mut value.to_ctype() // ← Creates temporary, returns dangling pointer! } else { ... }, timing: &mut self.timing.to_ctype(), // ← Same issue ``` When `copy_from_rust()` called `to_ctype()`, these dangling pointers were written to the C `ccx_options` struct. Later when C code tried to use `settings_dtvcc.report` or `settings_dtvcc.timing`, it accessed invalid memory. ### Valgrind errors before this fix: ``` Invalid write of size 4 at 0x1D44ED: dtvcc_init Address 0x... is on thread 1's stack, 4016 bytes below stack pointer Invalid read of size 1 at 0x32F426: ccx_rust::common::copy_to_rust Address 0x... is on thread 1's stack, 1280 bytes below stack pointer ``` ## Solution Preserve the original C-managed pointers instead of overwriting them with dangling pointers: ```rust // Save original C pointers let saved_report = (*ccx_s_options).settings_dtvcc.report; let saved_timing = (*ccx_s_options).settings_dtvcc.timing; // Apply other fields from to_ctype() (*ccx_s_options).settings_dtvcc = options.settings_dtvcc.to_ctype(); // Restore the C-managed pointers (*ccx_s_options).settings_dtvcc.report = saved_report; (*ccx_s_options).settings_dtvcc.timing = saved_timing; ``` ## Test plan - [x] Verified all 21 Teletext tests pass (tests 63-83) - [x] Verified test 18 and 19 pass with exit code 0 - [x] Verified valgrind no longer reports "Invalid read/write" errors - [x] Error summary reduced from 131,099 errors (15 contexts) to 131,074 errors (4 contexts) - the remaining warnings are unrelated uninitialized memory issues 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claunia added the pull-request label 2026-01-29 17:23:00 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

ci/dual-build-artifacts-windows

chore/update-pr-template

fix/teletext-json-report-cleanup

fix/wix-conditional-xml

fix/publish-workflow-timing

fix/input-scc-option

fix/palette-crate-fedora

pr-1782

fix/flutter-gui-v0.7.0-files

docs/changelog-upcoming

fix/goptime-and-startcredits-bugs

fix/bindgen-upgrade-1608

fix/tesseract-version-check-future-proof

fix/ccx-encoders-spupng-memory-safety

fix/freebsd-remarks

compatibility/xp

v0.96.6

v0.96.5

v0.96.4

v0.96.3

v0.96.2

v0.96.1

v0.96

v0.94

v0.93

v0.92

v0.91

v0.90

v0.89

v0.88

v0.87

v0.86

v0.85b

v0.85

v0.84

v0.83

v0.82

v0.81

v0.80

v0.79

v0.78

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70

Labels

Clear labels

bug

CEA-708

difficulty: easy

difficulty: hard

difficulty: medium

DTMB

DVB

enhancement

enhancement

Flutter GUI

GCI19

good-first-task

GSoC 2021

GSOC-2023

GSOC-2023

GSOC-2023

GSoC-related

Hacktoberfest

HardsubX

help wanted

invalid

JokerTV

Mac / OSX

more-info-needed

needs-commercial-sponsor

needs-commercial-sponsor

needs-commercial-sponsor

needs-confirmation-of-being-broken

OCR

pull-request

Mirrored from GitHub Pull Request

Python

regression

Rust

teletext

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2601