[PR #2005] [MERGED] fix: Prevent NULL pointer dereference in DVB subtitle decoder #2805

New Issue

Open

opened 2026-01-29 17:23:59 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 17:23:59 +00:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/2005
Author: @cfsmp3
Created: 1/10/2026
Status: ✅ Merged
Merged: 1/10/2026
Merged by: @cfsmp3

Base: master ← Head: fix/dvb-subtitle-null-region-crash

---

📝 Commits (1)

• 1bd4cd5 fix: Prevent NULL pointer dereference in DVB subtitle decoder

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 src/lib_ccx/dvb_subtitle_decoder.c (+1 -1)

📄 Description

Summary

• Add NULL check for region before accessing region->bgcolor in the OCR processing block of write_dvb_sub()

Problem

When processing DVB subtitles, the write_dvb_sub() function iterates through display items calling get_region(). After the loop, if all regions returned NULL, the region variable remains NULL. The code then attempts to access region->bgcolor in the OCR block, causing a segmentation fault.

Crash details:

• Valgrind: "Invalid read of size 4 at address 0x18"
• The 0x18 offset (24 bytes) corresponds to the bgcolor field in DVBSubRegion struct

Root Cause

for (display = ctx->display_list; display; display = display->next)
{
    region = get_region(ctx, display->region_id);
    if (!region)
        continue;  // region is still NULL here
    // ...
}
// After loop: region may be NULL

if (ctx->ocr_ctx)  // Missing check for region != NULL
{
    int ret = ocr_rect(..., region->bgcolor, ...);  // CRASH if region is NULL
}

Fix

Add && region to the condition before the OCR block.

Test Plan

• Build completes successfully
• bbc_small.ts: Before fix = SIGSEGV crash, After fix = 100% processed, 50+ subtitles extracted
• No regressions expected - the change only adds a NULL guard

🤖 Generated with Claude Code

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/2005 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 1/10/2026 **Status:** ✅ Merged **Merged:** 1/10/2026 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/dvb-subtitle-null-region-crash` --- ### 📝 Commits (1) - [`1bd4cd5`](https://github.com/CCExtractor/ccextractor/commit/1bd4cd5c0a3747b3fdfadb4e18358814b2ed6cb0) fix: Prevent NULL pointer dereference in DVB subtitle decoder ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/dvb_subtitle_decoder.c` (+1 -1) </details> ### 📄 Description ## Summary - Add NULL check for `region` before accessing `region->bgcolor` in the OCR processing block of `write_dvb_sub()` ## Problem When processing DVB subtitles, the `write_dvb_sub()` function iterates through display items calling `get_region()`. After the loop, if all regions returned NULL, the `region` variable remains NULL. The code then attempts to access `region->bgcolor` in the OCR block, causing a segmentation fault. **Crash details:** - Valgrind: "Invalid read of size 4 at address 0x18" - The 0x18 offset (24 bytes) corresponds to the `bgcolor` field in `DVBSubRegion` struct ## Root Cause ```c for (display = ctx->display_list; display; display = display->next) { region = get_region(ctx, display->region_id); if (!region) continue; // region is still NULL here // ... } // After loop: region may be NULL if (ctx->ocr_ctx) // Missing check for region != NULL { int ret = ocr_rect(..., region->bgcolor, ...); // CRASH if region is NULL } ``` ## Fix Add `&& region` to the condition before the OCR block. ## Test Plan - [x] Build completes successfully - [x] bbc_small.ts: Before fix = SIGSEGV crash, After fix = 100% processed, 50+ subtitles extracted - [x] No regressions expected - the change only adds a NULL guard 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 17:23:59 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

fix/input-scc-option

fix/palette-crate-fedora

pr-1782

fix/flutter-gui-v0.7.0-files

docs/changelog-upcoming

fix/goptime-and-startcredits-bugs

fix/bindgen-upgrade-1608

fix/tesseract-version-check-future-proof

fix/ccx-encoders-spupng-memory-safety

fix/freebsd-remarks

compatibility/xp

v0.96.5

v0.96.4

v0.96.3

v0.96.2

v0.96.1

v0.96

v0.94

v0.93

v0.92

v0.91

v0.90

v0.89

v0.88

v0.87

v0.86

v0.85b

v0.85

v0.84

v0.83

v0.82

v0.81

v0.80

v0.79

v0.78

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70

Labels

Clear labels

bug

CEA-708

difficulty: easy

difficulty: hard

difficulty: medium

DTMB

DVB

enhancement

enhancement

Flutter GUI

GCI19

good-first-task

GSoC 2021

GSOC-2023

GSOC-2023

GSOC-2023

GSoC-related

Hacktoberfest

HardsubX

help wanted

invalid

JokerTV

Mac / OSX

more-info-needed

needs-commercial-sponsor

needs-commercial-sponsor

needs-commercial-sponsor

needs-confirmation-of-being-broken

OCR

pull-request

Mirrored from GitHub Pull Request

Python

regression

Rust

teletext

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2805