[PR #2000] [MERGED] prevent unsafe Vec::set_len causing heap corruption

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/2000 **Author:** [@THE-Amrit-mahto-05](https://github.com/THE-Amrit-mahto-05) **Created:** 1/8/2026 **Status:** ✅ Merged **Merged:** 1/9/2026 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/avc-safe-vec-resize` --- ### 📝 Commits (1) - [`6578f0f`](https://github.com/CCExtractor/ccextractor/commit/6578f0ff34bae8b66abe70f29205a4c7f3863a8c) fix(avc): prevent unsafe Vec::set_len causing heap corruption ### 📊 Changes **1 file changed** (+3 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `src/rust/src/avc/sei.rs` (+3 -5) </details> ### 📄 Description **In raising this pull request, I confirm the following:** - [x] I have read and understood the contributors guide. - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [x] I have mentioned this change in the changelog. **My familiarity with the project is as follows:** - [ ] I have never used CCExtractor. - [ ] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [x] I am an active contributor to CCExtractor. --- ### Summary fixes an unsafe memory handling issue in `avc/sei.rs` where `Vec::set_len` was used without ensuring sufficient capacity, which could lead to heap corruption and undefined behavior. ### Details - Replaced unsafe `Vec::set_len` + `reserve` logic with safe `Vec::resize` - Ensures capacity is allocated and memory is initialized before use - Removes unsafe code while preserving existing behavior ### Impact - Prevents potential heap corruption - Improves memory safety in AVC SEI parsing - No functional or behavioral change expected ### Testing - Code builds successfully - No existing tests are affected --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia commented

2026-01-29 17:23:58 +00:00

Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/2000
Author: @THE-Amrit-mahto-05
Created: 1/8/2026
Status: ✅ Merged
Merged: 1/9/2026
Merged by: @cfsmp3

Base: master ← Head: fix/avc-safe-vec-resize

📝 Commits (1)

6578f0f fix(avc): prevent unsafe Vec::set_len causing heap corruption

📊 Changes

1 file changed (+3 additions, -5 deletions)

View changed files

📝 src/rust/src/avc/sei.rs (+3 -5)

📄 Description

In raising this pull request, I confirm the following:

I have read and understood the contributors guide.
I have checked that another pull request for this purpose does not exist.
I have considered, and confirmed that this submission will be valuable to others.
I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
I give this submission freely, and claim no ownership to its content.
I have mentioned this change in the changelog.

My familiarity with the project is as follows:

I have never used CCExtractor.
I have used CCExtractor just a couple of times.
I absolutely love CCExtractor, but have not contributed previously.
I am an active contributor to CCExtractor.

Summary

fixes an unsafe memory handling issue in avc/sei.rs where Vec::set_len
was used without ensuring sufficient capacity, which could lead to heap
corruption and undefined behavior.

Details

Replaced unsafe Vec::set_len + reserve logic with safe Vec::resize
Ensures capacity is allocated and memory is initialized before use
Removes unsafe code while preserving existing behavior

Impact

Prevents potential heap corruption
Improves memory safety in AVC SEI parsing
No functional or behavioral change expected

Testing

Code builds successfully
No existing tests are affected

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 17:23:58 +00:00

claunia closed this issue

[PR #2000] [MERGED] prevent unsafe Vec::set_len causing heap corruption #2800