Potential memory safety issues in Rust FFI exports (NULL pointer handling) #895

New Issue

Closed

opened 2026-01-29 16:56:26 +00:00 by claunia · 1 comment

claunia commented 2026-01-29 16:56:26 +00:00

Owner

Copy Link

Originally created by @THE-Amrit-mahto-05 on GitHub (Jan 5, 2026).

Description

While going through the Rust FFI layer, I noticed a few places where raw pointers coming from C are used without NULL checks. This can lead to undefined behavior if these functions are ever called with invalid inputs.

I’m still learning Rust FFI, so please correct me if I’m wrong, but based on my understanding these look like genuine safety issues.

What I found

ccxr_verify_crc32

• buf is used without a NULL check
• len is not checked for negative values before creating a slice

ccxr_levenshtein_dist and ccxr_levenshtein_dist_char

• Pointer arguments are assumed to be non-NULL

Functions in libccxr_exports/bitstream.rs

• Multiple exported FFI functions dereference *mut bitstream without checking for NULL (via copy_bitstream_c_to_rust)

Originally created by @THE-Amrit-mahto-05 on GitHub (Jan 5, 2026). ### Description While going through the Rust FFI layer, I noticed a few places where raw pointers coming from C are used without NULL checks. This can lead to undefined behavior if these functions are ever called with invalid inputs. I’m still learning Rust FFI, so please correct me if I’m wrong, but based on my understanding these look like genuine safety issues. ### What I found ccxr_verify_crc32 - buf is used without a NULL check - len is not checked for negative values before creating a slice ccxr_levenshtein_dist and ccxr_levenshtein_dist_char - Pointer arguments are assumed to be non-NULL Functions in libccxr_exports/bitstream.rs - Multiple exported FFI functions dereference *mut bitstream without checking for NULL (via copy_bitstream_c_to_rust)

claunia closed this issue 2026-01-29 16:56:26 +00:00

claunia commented 2026-01-29 16:56:27 +00:00

Author

Owner

Copy Link

@cfsmp3 commented on GitHub (Jan 5, 2026):

Closing, explanation in PR.

@cfsmp3 commented on GitHub (Jan 5, 2026): Closing, explanation in PR.

claunia referenced this issue 2026-01-29 17:18:16 +00:00

[PR #895] [MERGED] [FIX] Fix Travis CI not executing `linux/build` #1738

claunia referenced this issue 2026-01-29 17:18:16 +00:00

[PR #895] [FIX] Fix Travis CI not executing `linux/build` #1741

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

fix/input-scc-option

fix/palette-crate-fedora

pr-1782

fix/flutter-gui-v0.7.0-files

docs/changelog-upcoming

fix/goptime-and-startcredits-bugs

fix/bindgen-upgrade-1608

fix/tesseract-version-check-future-proof

fix/ccx-encoders-spupng-memory-safety

fix/freebsd-remarks

compatibility/xp

v0.96.5

v0.96.4

v0.96.3

v0.96.2

v0.96.1

v0.96

v0.94

v0.93

v0.92

v0.91

v0.90

v0.89

v0.88

v0.87

v0.86

v0.85b

v0.85

v0.84

v0.83

v0.82

v0.81

v0.80

v0.79

v0.78

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70

Labels

Clear labels

bug

CEA-708

difficulty: easy

difficulty: hard

difficulty: medium

DTMB

DVB

enhancement

enhancement

Flutter GUI

GCI19

good-first-task

GSoC 2021

GSOC-2023

GSOC-2023

GSOC-2023

GSoC-related

Hacktoberfest

HardsubX

help wanted

invalid

JokerTV

Mac / OSX

more-info-needed

needs-commercial-sponsor

needs-commercial-sponsor

needs-commercial-sponsor

needs-confirmation-of-being-broken

OCR

pull-request

Mirrored from GitHub Pull Request

Python

regression

Rust

teletext

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#895