[PR #2057] [MERGED] fix: prevent heap overflow in parse_PAT/parse_PMT and null deref in processmp4 #2864

New Issue

claunia · 2026-01-29T17:24:19Z

claunia commented

2026-01-29 17:24:19 +00:00

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/2057
Author: @cfsmp3
Created: 1/24/2026
Status: ✅ Merged
Merged: 1/24/2026
Merged by: @cfsmp3

Base: master ← Head: fix/heap-overflow-and-null-pointer-2053-2054-2055

📝 Commits (3)

fd7271b fix: prevent heap overflow in parse_PAT/parse_PMT and null deref in processmp4
5c19c7b style: fix Rust formatting in parser.rs test
d0a8244 fix(rust): resolve clippy unnecessary_unwrap warnings for Rust 1.93

📊 Changes

5 files changed (+53 additions, -26 deletions)

View changed files

📝 src/lib_ccx/mp4.c (+5 -0)
📝 src/lib_ccx/ts_tables.c (+24 -2)
📝 src/rust/src/common.rs (+12 -19)
📝 src/rust/src/file_functions/file.rs (+8 -4)
📝 src/rust/src/parser.rs (+4 -1)

📄 Description

Summary

parse_PAT: Add bounds check for payload_length >= 8 before accessing header fields (fixes #2053)
parse_PMT: Add ES_info_length validation and 2-byte minimum check before reading descriptor_tag and desc_len in PRIVATE_USER_MPEG2 and teletext parsing loops (fixes #2054)
processmp4: Add NULL check for file parameter before passing to mprint (fixes #2055)

These are security fixes for heap-buffer-overflow and null pointer dereference vulnerabilities reported by @oneafter.

Test plan

Build with ASAN enabled and test with the reproducer files from the issues
Verify normal TS and MP4 file processing still works

Fixes #2053, #2054, #2055

🤖 Generated with Claude Code

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/2057 **Author:** [@cfsmp3](https://github.com/cfsmp3) **Created:** 1/24/2026 **Status:** ✅ Merged **Merged:** 1/24/2026 **Merged by:** [@cfsmp3](https://github.com/cfsmp3) **Base:** `master` ← **Head:** `fix/heap-overflow-and-null-pointer-2053-2054-2055` --- ### 📝 Commits (3) - [`fd7271b`](https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925) fix: prevent heap overflow in parse_PAT/parse_PMT and null deref in processmp4 - [`5c19c7b`](https://github.com/CCExtractor/ccextractor/commit/5c19c7b9320c4ca79397e6ec50300842cb02ffd8) style: fix Rust formatting in parser.rs test - [`d0a8244`](https://github.com/CCExtractor/ccextractor/commit/d0a82447ff48c633f56fe06c3e4ef9862bfb7353) fix(rust): resolve clippy unnecessary_unwrap warnings for Rust 1.93 ### 📊 Changes **5 files changed** (+53 additions, -26 deletions) <details> <summary>View changed files</summary> 📝 `src/lib_ccx/mp4.c` (+5 -0) 📝 `src/lib_ccx/ts_tables.c` (+24 -2) 📝 `src/rust/src/common.rs` (+12 -19) 📝 `src/rust/src/file_functions/file.rs` (+8 -4) 📝 `src/rust/src/parser.rs` (+4 -1) </details> ### 📄 Description ## Summary - **parse_PAT**: Add bounds check for `payload_length >= 8` before accessing header fields (fixes #2053) - **parse_PMT**: Add `ES_info_length` validation and 2-byte minimum check before reading `descriptor_tag` and `desc_len` in `PRIVATE_USER_MPEG2` and teletext parsing loops (fixes #2054) - **processmp4**: Add NULL check for `file` parameter before passing to `mprint` (fixes #2055) These are security fixes for heap-buffer-overflow and null pointer dereference vulnerabilities reported by @oneafter. ## Test plan - [ ] Build with ASAN enabled and test with the reproducer files from the issues - [ ] Verify normal TS and MP4 file processing still works Fixes #2053, #2054, #2055 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia added the pull-request label 2026-01-29 17:24:19 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#2864