[BUG]: Segmentation fault in report-only(-out=report) mode when processing AVC/H.264 streams with Rust decoder #902

New Issue

Closed

opened 2026-01-29 16:56:32 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 16:56:32 +00:00

Owner

Copy Link

Originally created by @x15sr71 on GitHub (Jan 16, 2026).

Summary

CCExtractor crashes with a segmentation fault when running in report-only mode (-out=report) on files containing AVC/H.264 video streams when the Rust AVC decoder is enabled (default in recent builds).

Command used

./ccextractor -out=report input.ts

Where input.ts is any transport stream file containing H.264 video.

Segmentation fault

Opening file: 7236304cfcfce141c7cec31647c1268a3886063390ce43c2f71188c70f5494c4.ts
Analyzing data in general modetream
[1]    97365 segmentation fault  ccextractor  -out=null

Expected behavior

CCExtractor should generate a report without crashing, as report generation does not require video decoding.

Actual behavior

Segmentation fault (SIGSEGV) at address 0x50 when attempting to dereference encoder_ctx->timing inside the Rust AVC decoder.

Root cause

The crash occurs because:

1. Report-only mode (-out=report) does not initialize video decoding structures, specifically:

   • encoder_ctx->timing remains NULL
   • lib_cc_decode->avc_ctx may remain NULL

2. The Rust AVC decoder (ccxr_process_avc) assumes these structures are always initialized and dereferences them unconditionally

3. The C→Rust boundary in process_avc() does not validate these preconditions before calling into Rust

Technical details

Crash location(lldb):

Thread 1: EXC_BAD_ACCESS (code=1, address=0x50)
Frame: ccx_rust::avc::core::process_avc
Instruction: ldr x0, [x8, #0x50]  ; loading enc_ctx.timing

Call stack:

process_avc (avc_functions.c)
  └─ ccxr_process_avc (Rust FFI)
       └─ ccx_rust::avc::core::process_avc
            └─ ccxr_set_fts(enc_ctx.timing)  ← NULL dereference

Proposed Solution

Add a guard at the C-Rust boundary in process_avc() that skips AVC processing when the decoder isn't fully initialized (like in report-only mode).

Originally created by @x15sr71 on GitHub (Jan 16, 2026). ### Summary CCExtractor crashes with a segmentation fault when running in report-only mode (`-out=report`) on files containing `AVC/H.264` video streams when the Rust AVC decoder is enabled (default in recent builds). ### Command used ``` ./ccextractor -out=report input.ts ``` Where `input.ts` is any transport stream file containing [H.264 video](https://sampleplatform.ccextractor.org/sample/7236304cfcfce141c7cec31647c1268a3886063390ce43c2f71188c70f5494c4). ### Segmentation fault ``` Opening file: 7236304cfcfce141c7cec31647c1268a3886063390ce43c2f71188c70f5494c4.ts Analyzing data in general modetream [1] 97365 segmentation fault ccextractor -out=null ``` ### Expected behavior CCExtractor should generate a report without crashing, as report generation does not require video decoding. ### Actual behavior Segmentation fault (SIGSEGV) at address `0x50` when attempting to dereference `encoder_ctx->timing` inside the Rust AVC decoder. ### Root cause The crash occurs because: 1. **Report-only mode** (`-out=report`) does not initialize video decoding structures, specifically: - `encoder_ctx->timing` remains `NULL` - `lib_cc_decode->avc_ctx` may remain `NULL` 2. **The Rust AVC decoder** (`ccxr_process_avc`) assumes these structures are always initialized and dereferences them unconditionally 3. **The C→Rust boundary** in `process_avc()` does not validate these preconditions before calling into Rust ### Technical details **Crash location(lldb):** ``` Thread 1: EXC_BAD_ACCESS (code=1, address=0x50) Frame: ccx_rust::avc::core::process_avc Instruction: ldr x0, [x8, #0x50] ; loading enc_ctx.timing ``` **Call stack:** ``` process_avc (avc_functions.c) └─ ccxr_process_avc (Rust FFI) └─ ccx_rust::avc::core::process_avc └─ ccxr_set_fts(enc_ctx.timing) ← NULL dereference ``` ## Proposed Solution Add a guard at the C-Rust boundary in `process_avc()` that skips AVC processing when the decoder isn't fully initialized (like in report-only mode).

claunia closed this issue 2026-01-29 16:56:32 +00:00

claunia referenced this issue 2026-01-29 17:18:16 +00:00

[PR #902] [CLOSED] [FIX] Corrected the issue while compiling with cmake by commenting the line in ../src/lib_ccx/ccx_encoders_common.h #1740

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

fix/input-scc-option

fix/palette-crate-fedora

pr-1782

fix/flutter-gui-v0.7.0-files

docs/changelog-upcoming

fix/goptime-and-startcredits-bugs

fix/bindgen-upgrade-1608

fix/tesseract-version-check-future-proof

fix/ccx-encoders-spupng-memory-safety

fix/freebsd-remarks

compatibility/xp

v0.96.5

v0.96.4

v0.96.3

v0.96.2

v0.96.1

v0.96

v0.94

v0.93

v0.92

v0.91

v0.90

v0.89

v0.88

v0.87

v0.86

v0.85b

v0.85

v0.84

v0.83

v0.82

v0.81

v0.80

v0.79

v0.78

v0.77

v0.76

v0.75

v0.74

v0.73

v0.72

v0.71

v0.70

Labels

Clear labels

bug

CEA-708

difficulty: easy

difficulty: hard

difficulty: medium

DTMB

DVB

enhancement

enhancement

Flutter GUI

GCI19

good-first-task

GSoC 2021

GSOC-2023

GSOC-2023

GSOC-2023

GSoC-related

Hacktoberfest

HardsubX

help wanted

invalid

JokerTV

Mac / OSX

more-info-needed

needs-commercial-sponsor

needs-commercial-sponsor

needs-commercial-sponsor

needs-confirmation-of-being-broken

OCR

pull-request

Mirrored from GitHub Pull Request

Python

regression

Rust

teletext

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ccextractor#902