Skip to content

[FIX] Check strdup() return values in lib_ccx; remove strdup of string literals#2213

Open
NexionisJake wants to merge 1 commit intoCCExtractor:masterfrom
NexionisJake:fix/unchecked-strdup-lib-ccx
Open

[FIX] Check strdup() return values in lib_ccx; remove strdup of string literals#2213
NexionisJake wants to merge 1 commit intoCCExtractor:masterfrom
NexionisJake:fix/unchecked-strdup-lib-ccx

Conversation

@NexionisJake
Copy link

@NexionisJake NexionisJake commented Mar 22, 2026
edited
Loading

Two related strdup bugs across multiple lib_ccx files:

  1. strdup(variable) return not checked for NULL — use after potential NULL dereference causes undefined behavior /
    segfault on OOM. Fixed by adding NULL check + fatal(EXIT_NOT_ENOUGH_MEMORY, ...).

  2. strdup("literal") in get_buffer_type_str returned directly as function result — unchecked and leaks memory on every
    call since the function has no callers that free it. Fixed by removing strdup and returning string literals directly;
    return type changed from char * to const char * (no callers exist, no header declaration).

Files changed:
src/lib_ccx/ccx_common_common.c
src/lib_ccx/ccx_encoders_common.c
src/lib_ccx/ccx_encoders_helpers.c
src/lib_ccx/configuration.c
src/lib_ccx/hardsubx.c
src/lib_ccx/hardsubx_decoder.c
src/lib_ccx/ocr.c
src/lib_ccx/output.c
src/lib_ccx/ts_functions.c

Fixes #2194

In raising this pull request, I confirm the following (please check boxes):

Reason for this PR:

  • This PR adds new functionality.
  • This PR fixes a bug that I have personally experienced or that a real user has reported and for which a sample
    exists.
  • This PR is porting code from C to Rust.

Sanity check:

  • I have read and understood the contributors
    guide    .
  • I have checked that another pull request for this purpose does not exist.
  • If the PR adds new functionality, I've added it to the changelog. If it's just a bug fix, I have NOT added it to
    the changelog.
  • I am NOT adding new C code unless it's to fix an existing, reproducible bug.

Repro instructions:

The bug is reproducible on any system where malloc can fail (e.g. under memory pressure or with a malloc-failing wrapper
like libfakemem). The affected call sites pass the raw strdup() return value directly into functions or use it
immediately without a NULL check:

// Example — output.c init_write():
wb->original_filename = strdup(filename);
// If OOM: wb->original_filename is NULL, later dereference → segfault
                                                                                                                         
// Example — ts_functions.c get_buffer_type_str():                                                                       
return strdup("MPG");                                                                                                    
// Heap-allocates on every call, return value never freed by any caller                                                  
// (grep confirms zero callers in the source tree)                                                                       
                                                                                                                         
Each fixed site either adds if (ptr == NULL) fatal(EXIT_NOT_ENOUGH_MEMORY, ...) immediately after the strdup(), or (for  
get_buffer_type_str) eliminates the strdup() entirely by returning the string literal directly.

@NexionisJake @claude
Fix unchecked strdup() return values in lib_ccx
755984e 
Two related strdup bugs across multiple lib_ccx files:

1. strdup(variable) return not checked for NULL — use after potential
   NULL dereference causes undefined behavior / segfault on OOM.
   Fixed by adding NULL check + fatal(EXIT_NOT_ENOUGH_MEMORY, ...).

2. strdup("literal") in get_buffer_type_str returned directly as
   function result — unchecked and leaks memory on every call since
   the function has no callers that free it.  Fixed by removing strdup
   and returning string literals directly; return type changed from
   char * to const char * (no callers exist, no header declaration).

Files changed:
  src/lib_ccx/ccx_common_common.c
  src/lib_ccx/ccx_encoders_common.c
  src/lib_ccx/ccx_encoders_helpers.c
  src/lib_ccx/configuration.c
  src/lib_ccx/hardsubx.c
  src/lib_ccx/hardsubx_decoder.c
  src/lib_ccx/ocr.c
  src/lib_ccx/output.c
  src/lib_ccx/ts_functions.c

Fixes CCExtractor#2194

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ccextractor-bot
Copy link
Collaborator

ccextractor-bot commented Mar 22, 2026

CCExtractor CI platform finished running the test files on linux. Below is a summary of the test results, when compared to test for commit 03ad9e8...:
Report Name Tests Passed
Broken 10/13
CEA-708 1/14
DVB 4/7
DVD 3/3
DVR-MS 2/2
General 27/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 79/86
Teletext 20/21
WTV 13/13
XDS 34/34

Your PR breaks these cases:

  • ccextractor --startcreditsnotafter 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...

NOTE: The following tests have been failing on the master branch as well as the PR:

Congratulations: Merging this PR would fix the following tests:

  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 8e8229b88b..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 132d7df7e9..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 99e5eaafdc..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 b22260d065..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla 7aad20907e..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 01509e4d27..., Last passed: Never
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b..., Last passed: Never
  • ccextractor --out=spupng c83f765c66..., Last passed: Never
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --xds --latin1 --ucla 85058ad37e..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 --ucla b22260d065..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 7f41299cc7..., Last passed: Never

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

@ccextractor-bot
Copy link
Collaborator

ccextractor-bot commented Mar 22, 2026

CCExtractor CI platform finished running the test files on windows. Below is a summary of the test results, when compared to test for commit 03ad9e8...:
Report Name Tests Passed
Broken 10/13
CEA-708 1/14
DVB 3/7
DVD 3/3
DVR-MS 2/2
General 25/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 75/86
Teletext 20/21
WTV 13/13
XDS 34/34

Your PR breaks these cases:

  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65...
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b...
  • ccextractor --out=spupng c83f765c66...
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsnotafter 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...

NOTE: The following tests have been failing on the master branch as well as the PR:

Congratulations: Merging this PR would fix the following tests:

  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 8e8229b88b..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 132d7df7e9..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 99e5eaafdc..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 b22260d065..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla 7aad20907e..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 01509e4d27..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --xds --latin1 --ucla 85058ad37e..., Last passed: Never
  • ccextractor --autoprogram --out=srt --latin1 --ucla b22260d065..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla --xds 7f41299cc7..., Last passed: Never

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

@NexionisJake NexionisJake marked this pull request as draft March 22, 2026 18:40
@NexionisJake NexionisJake changed the title Fix unchecked strdup() return values in lib_ccx [FIX] Check strdup() return values in lib_ccx; remove strdup of string literals Mar 22, 2026
@NexionisJake NexionisJake marked this pull request as ready for review March 22, 2026 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Unchecked strdup() return values in multiple lib_ccx files.

2 participants

@NexionisJake @ccextractor-bot