[PR #2049] Add safety checks to ccxr_verify_crc32 to prevent invalid pointer/length access #2862

New Issue

claunia · 2026-01-29T17:24:18Z

claunia commented

2026-01-29 17:24:18 +00:00

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/2049
Author: @THE-Amrit-mahto-05
Created: 1/20/2026
Status: 🔄 Open

Base: master ← Head: fix-null-len-guard

📝 Commits (1)

f147ac2 re running for CI to pass checks

📊 Changes

1 file changed (+4 additions, -0 deletions)

View changed files

📝 src/rust/src/libccxr_exports/mod.rs (+4 -0)

📄 Description

…rc32

In raising this pull request, I confirm the following (please check boxes):

I have read and understood the contributors guide.
I have checked that another pull request for this purpose does not exist.
I have considered, and confirmed that this submission will be valuable to others.
I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
I give this submission freely, and claim no ownership to its content.
I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

I have never used CCExtractor.
I have used CCExtractor just a couple of times.
I absolutely love CCExtractor, but have not contributed previously.
I am an active contributor to CCExtractor.

Description

ccxr_verify_crc32 is an extern "C" function that receives a raw pointer and a signed length from external (C) callers.
Previously, the function directly converted the inputs into a Rust slice using:

std::slice::from_raw_parts(buf, len as usize)

This is unsafe if:

buf is NULL
len is negative
A negative length cast to usize can wrap to a very large value, causing undefined behavior and potential crashes.

Fix

Added minimal input validation at the beginning of the function:
Return failure (0) if the buffer pointer is NULL
Return failure (0) if the length is negative

if buf.is_null() || len < 0 {
    return 0;
}

This prevents invalid inputs from reaching from_raw_parts and avoids potential crashes or memory safety issues.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/2049 **Author:** [@THE-Amrit-mahto-05](https://github.com/THE-Amrit-mahto-05) **Created:** 1/20/2026 **Status:** 🔄 Open **Base:** `master` ← **Head:** `fix-null-len-guard` --- ### 📝 Commits (1) - [`f147ac2`](https://github.com/CCExtractor/ccextractor/commit/f147ac27f89f2eb0bed4120b38e31a4169f98efd) re running for CI to pass checks ### 📊 Changes **1 file changed** (+4 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/rust/src/libccxr_exports/mod.rs` (+4 -0) </details> ### 📄 Description …rc32  **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [x] **I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT).** **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [ ] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [x] I am an active contributor to CCExtractor. --- ### Description ccxr_verify_crc32 is an extern "C" function that receives a raw pointer and a signed length from external (C) callers. Previously, the function directly converted the inputs into a Rust slice using: ```rust std::slice::from_raw_parts(buf, len as usize) ``` This is unsafe if: - buf is NULL - len is negative A negative length cast to usize can wrap to a very large value, causing undefined behavior and potential crashes. ### Fix - Added minimal input validation at the beginning of the function: - Return failure (0) if the buffer pointer is NULL - Return failure (0) if the length is negative ```rust if buf.is_null() || len < 0 { return 0; } ``` This prevents invalid inputs from reaching from_raw_parts and avoids potential crashes or memory safety issues. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia added the pull-request label 2026-01-29 17:24:18 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2862