starred/ccextractor
1
0
Fork 0
mirror of https://github.com/CCExtractor/ccextractor.git synced 2026-02-04 05:44:53 +00:00
Code Issues 1.5k Packages Projects Releases 20 Wiki Activity

[PR #1980] [MERGED] Fix OOB read/write in Teletext G0 charset remapping #2779

New Issue
Open
opened 2026-01-29 17:23:52 +00:00 by claunia · 0 comments
claunia commented 2026-01-29 17:23:52 +00:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1980
Author: @THE-Amrit-mahto-05
Created: 1/4/2026
Status: Merged
Merged: 1/5/2026
Merged by: @cfsmp3

Base: masterHead: fix/telxcc-oob

📝 Commits (1)

  • 694b61f Fix OOB read/write in Teletext G0 charset remapping

📊 Changes

1 file changed (+11 additions, -0 deletions)

View changed files

📝 src/lib_ccx/telxcc.c (+11 -0)

📄 Description

In raising this pull request, I confirm the following (please check boxes):

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.
  • I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

  • I have never used CCExtractor.
  • I have used CCExtractor just a couple of times.
  • I absolutely love CCExtractor, but have not contributed previously.
  • I am an active contributor to CCExtractor.

Summary

This PR fixes an out-of-bounds read/write in the Teletext decoder, specifically in the function remap_g0_charset(uint8_t c).

Root Cause

  • The input value c was used as an index into G0_LATIN_NATIONAL_SUBSETS_MAP (size 56) without bounds checking.
  • The resulting value m was then used as an index into another table (size 14) without validation.
  • Malformed input could trigger out-of-bounds reads/writes, potentially corrupting global tables.

Fix

  • Added bounds checks for both c and m.
  • Added early returns to prevent unsafe memory access.

Impact

  • Prevents memory corruption on malformed Teletext input.
  • Maintains decoder stability without affecting normal operation.

fixed Issue: #1979

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1980 **Author:** [@THE-Amrit-mahto-05](https://github.com/THE-Amrit-mahto-05) **Created:** 1/4/2026 **Status:** ✅ Merged **Merged:** 1/5/2026 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/telxcc-oob` --- ### 📝 Commits (1) - [`694b61f`](https://github.com/CCExtractor/ccextractor/commit/694b61f862370bda67e3bb175d1e66af61cf7087) Fix OOB read/write in Teletext G0 charset remapping ### 📊 Changes **1 file changed** (+11 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/telxcc.c` (+11 -0) </details> ### 📄 Description **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [x] I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT). **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [ ] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [x] I am an active contributor to CCExtractor. ### Summary This PR fixes an out-of-bounds read/write in the Teletext decoder, specifically in the function `remap_g0_charset(uint8_t c)`. ### Root Cause - The input value `c` was used as an index into `G0_LATIN_NATIONAL_SUBSETS_MAP` (size 56) without bounds checking. - The resulting value `m` was then used as an index into another table (size 14) without validation. - Malformed input could trigger out-of-bounds reads/writes, potentially corrupting global tables. ### Fix - Added bounds checks for both `c` and `m`. - Added early returns to prevent unsafe memory access. ### Impact - Prevents memory corruption on malformed Teletext input. - Maintains decoder stability without affecting normal operation. fixed Issue: #1979 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:23:52 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
CEA-708
difficulty: easy
difficulty: hard
difficulty: medium
DTMB
DVB
enhancement
enhancement
Flutter GUI
GCI19
good-first-task
GSoC 2021
GSOC-2023
GSOC-2023
GSOC-2023
GSoC-related
Hacktoberfest
HardsubX
help wanted
invalid
JokerTV
Mac / OSX
more-info-needed
needs-commercial-sponsor
needs-commercial-sponsor
needs-commercial-sponsor
needs-confirmation-of-being-broken
OCR
pull-request
Mirrored from GitHub Pull Request
 Python
regression
Rust
teletext
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2779
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?