Skip to content

Fix memory safety bug in copy_demuxer_data_from_rust#2261

Open
THE-Amrit-mahto-05 wants to merge 5 commits intoCCExtractor:masterfrom
THE-Amrit-mahto-05:demuxer-buffer
Open

Fix memory safety bug in copy_demuxer_data_from_rust#2261
THE-Amrit-mahto-05 wants to merge 5 commits intoCCExtractor:masterfrom
THE-Amrit-mahto-05:demuxer-buffer

Conversation

@THE-Amrit-mahto-05
Copy link
Copy Markdown
Contributor

@THE-Amrit-mahto-05 THE-Amrit-mahto-05 commented Apr 11, 2026

In raising this pull request, I confirm the following (please check boxes):

Reason for this PR:

  • This PR adds new functionality.
  • This PR fixes a bug that I have personally experienced or that a real user has reported and for which a sample exists.
  • This PR is porting code from C to Rust.

Sanity check:

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • If the PR adds new functionality, I've added it to the changelog. If it's just a bug fix, I have NOT added it to the changelog.
  • I am NOT adding new C code unless it's to fix an existing, reproducible bug.

Problem

The function copy_demuxer_data_from_rust is documented to copy buffer contents, but the implementation was incorrectly reassigning the buffer pointer:

(*c_data).buffer = rust_data.buffer as *mut c_uchar;

This leads to:

  • Use-after-free if the Rust buffer is deallocated
  • Dangling pointers in the C layer
  • Corrupted demuxed data (affecting subtitle extraction)

Reproduction

  1. Build the project:
mkdir build && cd build
cmake ..
make -j
  1. Run with any TS/MKV input that triggers Rust → C demuxer data transfer.
  2. Before this fix:
  • Buffer pointer is reassigned instead of copied
  • Leads to undefined behavior depending on memory lifecycle
  • Tests do not guarantee actual memory copy into C buffer

Fix

  • Replaced pointer reassignment with safe memory copy using:
std::ptr::copy_nonoverlapping
  • Ensured safe copy using:
min(source_len, dest_len)
  • Added null pointer checks
  • Set length to 0 when buffers are invalid

Test Improvements

Previously, the tests for copy_demuxer_data_from_rust only validated high-level properties such as buffer length. They did not verify whether the buffer contents were actually copied into the destination C memory.

As a result, the incorrect implementation:

(*c_data).buffer = rust_data.buffer as *mut c_uchar;

could still pass the tests despite not performing a real memory copy.

Changes Made

The tests have been improved to explicitly validate the contents of the destination buffer. For example:

assert_eq!(small_c_buffer, vec![0x42; 100]);

Impact

  • Ensures that data is properly copied into C-managed memory
  • Detects incorrect pointer reassignment behavior
  • Prevents similar issues in future changes
  • Aligns test coverage with the documented behavior of the function

cfsmp3
cfsmp3 requested changes Apr 12, 2026
View reviewed changes
Comment thread src/rust/src/libccxr_exports/demuxerdata.rs Outdated
@THE-Amrit-mahto-05
Copy link
Copy Markdown
Contributor Author

THE-Amrit-mahto-05 commented Apr 12, 2026

@cfsmp3 done can you review it

@ccextractor-bot
Copy link
Copy Markdown
Collaborator

ccextractor-bot commented Apr 12, 2026

CCExtractor CI platform finished running the test files on linux. Below is a summary of the test results, when compared to test for commit ad4886e...:
Report Name Tests Passed
Broken 9/13
CEA-708 1/14
DVB 2/7
DVD 3/3
DVR-MS 2/2
General 22/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 77/86
Teletext 20/21
WTV 13/13
XDS 31/34

Your PR breaks these cases:

  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 8e8229b88b...
  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2...
  • ccextractor --autoprogram --out=ttxt --latin1 99e5eaafdc...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla 7aad20907e...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65...
  • ccextractor --autoprogram --out=ttxt --latin1 01509e4d27...
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b...
  • ccextractor --out=spupng c83f765c66...
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --autoprogram --out=ttxt --xds --latin1 --ucla 85058ad37e...
  • ccextractor --autoprogram --out=srt --latin1 --ucla b22260d065...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 7f41299cc7...

NOTE: The following tests have been failing on the master branch as well as the PR:

Congratulations: Merging this PR would fix the following tests:

  • ccextractor --autoprogram --out=ttxt --latin1 132d7df7e9..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 b22260d065..., Last passed: Never
  • ccextractor --startcreditsnotafter 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

@ccextractor-bot
Copy link
Copy Markdown
Collaborator

ccextractor-bot commented Apr 12, 2026

CCExtractor CI platform finished running the test files on windows. Below is a summary of the test results, when compared to test for commit ad4886e...:
Report Name Tests Passed
Broken 9/13
CEA-708 1/14
DVB 3/7
DVD 3/3
DVR-MS 2/2
General 22/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 81/86
Teletext 20/21
WTV 13/13
XDS 31/34

Your PR breaks these cases:

  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 8e8229b88b...
  • ccextractor --autoprogram --out=ttxt --latin1 132d7df7e9...
  • ccextractor --autoprogram --out=ttxt --latin1 99e5eaafdc...
  • ccextractor --autoprogram --out=srt --latin1 b22260d065...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla 7aad20907e...
  • ccextractor --autoprogram --out=ttxt --latin1 01509e4d27...
  • ccextractor --autoprogram --out=ttxt --xds --latin1 --ucla 85058ad37e...
  • ccextractor --autoprogram --out=srt --latin1 --ucla b22260d065...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 7f41299cc7...

NOTE: The following tests have been failing on the master branch as well as the PR:

Congratulations: Merging this PR would fix the following tests:

  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65..., Last passed: Never
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b..., Last passed: Never
  • ccextractor --out=spupng c83f765c66..., Last passed: Never
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsnotafter 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfsmp3 cfsmp3 cfsmp3 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@THE-Amrit-mahto-05 @ccextractor-bot @cfsmp3