[PR #2019] [MERGED] fix(matroska): prevent out-of-bounds NAL parsing in AVC/HEVC blocks #2822

New Issue

claunia · 2026-01-29T17:24:04Z

claunia commented

2026-01-29 17:24:04 +00:00

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/2019
Author: @Akki2005
Created: 1/14/2026
Status: ✅ Merged
Merged: 1/17/2026
Merged by: @cfsmp3

Base: master ← Head: gsoc-demuxer-audit

📝 Commits (2)

b1c2aab fix(matroska): prevent out-of-bounds NAL parsing in AVC/HEVC blocks
ed26a59 style(matroska): apply clang-format

📊 Changes

1 file changed (+26 additions, -5 deletions)

View changed files

📝 src/lib_ccx/matroska.c (+26 -5)

📄 Description

This patch hardens Matroska AVC/HEVC parsing by making NAL length extraction safe on malformed or truncated input.

Previously, NAL length was read via a direct cast to a long pointer, which could result in:

unaligned memory access
undefined behavior on some architectures
out-of-bounds reads when handling truncated frames

The updated logic:

verifies that enough bytes are available before reading the NAL length
validates the parsed NAL size before consuming the payload
exits parsing gracefully on malformed data

Behavior for valid Matroska streams remains unchanged.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/2019 **Author:** [@Akki2005](https://github.com/Akki2005) **Created:** 1/14/2026 **Status:** ✅ Merged **Merged:** 1/17/2026 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `gsoc-demuxer-audit` --- ### 📝 Commits (2) - [`b1c2aab`](https://github.com/CCExtractor/ccextractor/commit/b1c2aabb226553de9ec280d8ea8017459defa57e) fix(matroska): prevent out-of-bounds NAL parsing in AVC/HEVC blocks - [`ed26a59`](https://github.com/CCExtractor/ccextractor/commit/ed26a595bd032628c346a0b2713d4ba8ff66040c) style(matroska): apply clang-format ### 📊 Changes **1 file changed** (+26 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/matroska.c` (+26 -5) </details> ### 📄 Description This patch hardens Matroska AVC/HEVC parsing by making NAL length extraction safe on malformed or truncated input. Previously, NAL length was read via a direct cast to a long pointer, which could result in: - unaligned memory access - undefined behavior on some architectures - out-of-bounds reads when handling truncated frames The updated logic: - verifies that enough bytes are available before reading the NAL length - validates the parsed NAL size before consuming the payload - exits parsing gracefully on malformed data Behavior for valid Matroska streams remains unchanged. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia added the pull-request label 2026-01-29 17:24:04 +00:00

claunia closed this issue

2026-01-29 17:24:05 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2822