[PR #1984] [CLOSED] fix: add NULL checks to Rust FFI exports #2788

Closed
opened 2026-01-29 17:23:54 +00:00 by claunia · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1984
Author: @THE-Amrit-mahto-05
Created: 1/5/2026
Status: Closed

Base: masterHead: fix-rust-ffi-null-checks


📝 Commits (2)

  • 5c5bc36 fix: add NULL checks to Rust FFI exports
  • 25f6c39 rustfmt: format FFI NULL safety tests

📊 Changes

2 files changed (+82 additions, -28 deletions)

View changed files

📝 src/rust/src/libccxr_exports/bitstream.rs (+49 -28)
📝 src/rust/src/libccxr_exports/mod.rs (+33 -0)

📄 Description

In raising this pull request, I confirm the following (please check boxes):

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.
  • I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

  • I have never used CCExtractor.
  • I have used CCExtractor just a couple of times.
  • I absolutely love CCExtractor, but have not contributed previously.
  • I am an active contributor to CCExtractor.

Description

While reviewing the Rust FFI layer, I noticed several exported functions that
dereference raw pointers coming from C without checking for NULL.
If these functions are ever called with invalid inputs, this can lead to
undefined behavior.

I’m still learning Rust FFI, so please correct me if I’m misunderstanding
anything, but based on my understanding these look like genuine safety issues.

What this PR changes

  • Adds defensive NULL checks to Rust FFI exports in:
    • libccxr_exports/mod.rs
    • libccxr_exports/bitstream.rs
  • Adds a negative-length check to ccxr_verify_crc32
  • Ensures FFI functions return safe defaults (0 or NULL) instead of causing UB
  • Adds tests to verify safe behavior when called with NULL pointers

Testing

  • Ran cargo test in src/rust
  • All existing and newly added tests are passing

fixed #1983


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1984 **Author:** [@THE-Amrit-mahto-05](https://github.com/THE-Amrit-mahto-05) **Created:** 1/5/2026 **Status:** ❌ Closed **Base:** `master` ← **Head:** `fix-rust-ffi-null-checks` --- ### 📝 Commits (2) - [`5c5bc36`](https://github.com/CCExtractor/ccextractor/commit/5c5bc3686d22a96703de1841f8689838c5d8c77f) fix: add NULL checks to Rust FFI exports - [`25f6c39`](https://github.com/CCExtractor/ccextractor/commit/25f6c39933841a4f924bc169af1a412e9045e5bc) rustfmt: format FFI NULL safety tests ### 📊 Changes **2 files changed** (+82 additions, -28 deletions) <details> <summary>View changed files</summary> 📝 `src/rust/src/libccxr_exports/bitstream.rs` (+49 -28) 📝 `src/rust/src/libccxr_exports/mod.rs` (+33 -0) </details> ### 📄 Description <!-- Please prefix your pull request with one of the following: **[FEATURE]** **[FIX]** **[IMPROVEMENT]**. --> **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [ ] I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT). **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [ ] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [x] I am an active contributor to CCExtractor. --- ### Description While reviewing the Rust FFI layer, I noticed several exported functions that dereference raw pointers coming from C without checking for `NULL`. If these functions are ever called with invalid inputs, this can lead to undefined behavior. I’m still learning Rust FFI, so please correct me if I’m misunderstanding anything, but based on my understanding these look like genuine safety issues. ### What this PR changes - Adds defensive `NULL` checks to Rust FFI exports in: - `libccxr_exports/mod.rs` - `libccxr_exports/bitstream.rs` - Adds a negative-length check to `ccxr_verify_crc32` - Ensures FFI functions return safe defaults (`0` or `NULL`) instead of causing UB - Adds tests to verify safe behavior when called with `NULL` pointers ### Testing - Ran `cargo test` in `src/rust` - All existing and newly added tests are passing fixed #1983 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
claunia added the pull-request label 2026-01-29 17:23:54 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ccextractor#2788