[PR #2005] fix: Prevent NULL pointer dereference in DVB subtitle decoder #2809

New Issue

claunia · 2026-01-29T17:24:01Z

claunia commented

2026-01-29 17:24:01 +00:00

Original Pull Request: https://github.com/CCExtractor/ccextractor/pull/2005

State: closed
Merged: Yes

Summary

Add NULL check for region before accessing region->bgcolor in the OCR processing block of write_dvb_sub()

Problem

When processing DVB subtitles, the write_dvb_sub() function iterates through display items calling get_region(). After the loop, if all regions returned NULL, the region variable remains NULL. The code then attempts to access region->bgcolor in the OCR block, causing a segmentation fault.

Crash details:

Valgrind: "Invalid read of size 4 at address 0x18"
The 0x18 offset (24 bytes) corresponds to the bgcolor field in DVBSubRegion struct

Root Cause

for (display = ctx->display_list; display; display = display->next)
{
    region = get_region(ctx, display->region_id);
    if (!region)
        continue;  // region is still NULL here
    // ...
}
// After loop: region may be NULL

if (ctx->ocr_ctx)  // Missing check for region != NULL
{
    int ret = ocr_rect(..., region->bgcolor, ...);  // CRASH if region is NULL
}

Fix

Add && region to the condition before the OCR block.

Test Plan

Build completes successfully
bbc_small.ts: Before fix = SIGSEGV crash, After fix = 100% processed, 50+ subtitles extracted
No regressions expected - the change only adds a NULL guard

🤖 Generated with Claude Code

**Original Pull Request:** https://github.com/CCExtractor/ccextractor/pull/2005 **State:** closed **Merged:** Yes --- ## Summary - Add NULL check for `region` before accessing `region->bgcolor` in the OCR processing block of `write_dvb_sub()` ## Problem When processing DVB subtitles, the `write_dvb_sub()` function iterates through display items calling `get_region()`. After the loop, if all regions returned NULL, the `region` variable remains NULL. The code then attempts to access `region->bgcolor` in the OCR block, causing a segmentation fault. **Crash details:** - Valgrind: "Invalid read of size 4 at address 0x18" - The 0x18 offset (24 bytes) corresponds to the `bgcolor` field in `DVBSubRegion` struct ## Root Cause ```c for (display = ctx->display_list; display; display = display->next) { region = get_region(ctx, display->region_id); if (!region) continue; // region is still NULL here // ... } // After loop: region may be NULL if (ctx->ocr_ctx) // Missing check for region != NULL { int ret = ocr_rect(..., region->bgcolor, ...); // CRASH if region is NULL } ``` ## Fix Add `&& region` to the condition before the OCR block. ## Test Plan - [x] Build completes successfully - [x] bbc_small.ts: Before fix = SIGSEGV crash, After fix = 100% processed, 50+ subtitles extracted - [x] No regressions expected - the change only adds a NULL guard 🤖 Generated with [Claude Code](https://claude.com/claude-code)

claunia added the pull-request label 2026-01-29 17:24:01 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2809