From f5da2bee7fd3a97b2b88c76c7fb894fbeec27626 Mon Sep 17 00:00:00 2001 From: Amrit kumar Mahto Date: Wed, 8 Apr 2026 23:02:02 +0530 Subject: [PATCH 1/5] Fix memory safety bug in copy_demuxer_data_from_rust by copying buffer instead of reassigning pointer --- src/rust/src/libccxr_exports/demuxerdata.rs | 26 ++++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/rust/src/libccxr_exports/demuxerdata.rs b/src/rust/src/libccxr_exports/demuxerdata.rs index 2c53bf5b4..65dcaa613 100644 --- a/src/rust/src/libccxr_exports/demuxerdata.rs +++ b/src/rust/src/libccxr_exports/demuxerdata.rs @@ -37,6 +37,10 @@ pub unsafe fn copy_demuxer_data_to_rust(c_data: *const demuxer_data) -> DemuxerD /// - This function copies the buffer content, not just the pointer #[allow(clippy::unnecessary_cast)] pub unsafe fn copy_demuxer_data_from_rust(c_data: *mut demuxer_data, rust_data: &DemuxerData) { + if c_data.is_null() { + return; + } + (*c_data).program_number = rust_data.program_number as c_int; (*c_data).stream_pid = rust_data.stream_pid as c_int; if let Some(codec) = rust_data.codec { @@ -44,8 +48,13 @@ pub unsafe fn copy_demuxer_data_from_rust(c_data: *mut demuxer_data, rust_data: } (*c_data).bufferdatatype = rust_data.bufferdatatype.to_ctype(); - (*c_data).buffer = rust_data.buffer as *mut c_uchar; - (*c_data).len = rust_data.len; + if !rust_data.buffer.is_null() && !(*c_data).buffer.is_null() { + let copy_len = std::cmp::min((*c_data).len, rust_data.len); + std::ptr::copy_nonoverlapping(rust_data.buffer, (*c_data).buffer, copy_len); + (*c_data).len = copy_len; + } else { + (*c_data).len = 0; + } (*c_data).rollover_bits = rust_data.rollover_bits as c_uint; (*c_data).pts = rust_data.pts as i64; @@ -257,6 +266,8 @@ mod tests { // Verify buffer content was copied let copied_buffer = std::slice::from_raw_parts(c_data.buffer, c_data.len); assert_eq!(copied_buffer, test_buffer); + // Verify the underlying C buffer received the copied data + assert_eq!(c_buffer[0], 0xDE); } } @@ -332,14 +343,13 @@ mod tests { #[test] fn test_copy_demuxer_from_rust_buffer_size_limits() { - let mut large_buffer = vec![0x42; 1000]; // Large buffer + let mut large_buffer = vec![0x42; 1000]; let rust_data = DemuxerData { buffer: large_buffer.as_mut_ptr(), len: 100, ..Default::default() }; - // Create smaller C buffer let mut small_c_buffer = vec![0u8; 100]; let mut c_data = unsafe { demuxer_data { @@ -351,12 +361,10 @@ mod tests { unsafe { copy_demuxer_data_from_rust(&mut c_data, &rust_data); - - // Should only copy what fits - assert_eq!(c_data.len, 100); - let copied_buffer = std::slice::from_raw_parts(c_data.buffer, c_data.len); - assert_eq!(copied_buffer, &vec![0x42; 100]); } + + assert_eq!(c_data.len, 100); + assert_eq!(small_c_buffer, vec![0x42; 100]); } #[test] From dad113391b5c04ca6097dbffb6991db3df130cac Mon Sep 17 00:00:00 2001 From: Amrit kumar Mahto Date: Sat, 11 Apr 2026 12:51:00 +0530 Subject: [PATCH 2/5] formate --- src/rust/src/libccxr_exports/demuxerdata.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rust/src/libccxr_exports/demuxerdata.rs b/src/rust/src/libccxr_exports/demuxerdata.rs index 65dcaa613..8ac6f5f31 100644 --- a/src/rust/src/libccxr_exports/demuxerdata.rs +++ b/src/rust/src/libccxr_exports/demuxerdata.rs @@ -362,7 +362,7 @@ mod tests { unsafe { copy_demuxer_data_from_rust(&mut c_data, &rust_data); } - + assert_eq!(c_data.len, 100); assert_eq!(small_c_buffer, vec![0x42; 100]); } From 9856ac117ccd7662eeae3ca449096cd79264217a Mon Sep 17 00:00:00 2001 From: Amrit kumar Mahto Date: Sat, 11 Apr 2026 12:57:41 +0530 Subject: [PATCH 3/5] remove unused import and ensure buffer pointer is not reassigned --- src/rust/src/libccxr_exports/demuxerdata.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/rust/src/libccxr_exports/demuxerdata.rs b/src/rust/src/libccxr_exports/demuxerdata.rs index 8ac6f5f31..dfd1c2cc4 100644 --- a/src/rust/src/libccxr_exports/demuxerdata.rs +++ b/src/rust/src/libccxr_exports/demuxerdata.rs @@ -4,7 +4,6 @@ use crate::ctorust::FromCType; use crate::demuxer::common_types::CcxRational; use crate::demuxer::demuxer_data::DemuxerData; use lib_ccxr::common::{BufferdataType, Codec}; -use std::os::raw::c_uchar; use std::os::raw::{c_int, c_uint}; /// Convert from C demuxer_data to Rust DemuxerData @@ -254,8 +253,12 @@ mod tests { }; unsafe { + let original_ptr = c_data.buffer; copy_demuxer_data_from_rust(&mut c_data, &rust_data); + // Verify the pointer was NOT reassigned (the bug we're fixing) + assert_eq!(c_data.buffer, original_ptr); + // Verify all fields were copied correctly assert_eq!(c_data.program_number, rust_data.program_number); assert_eq!(c_data.stream_pid, rust_data.stream_pid); From cfa663d091f5e41c976057146c98e1b8452650d8 Mon Sep 17 00:00:00 2001 From: THE-Amrit-mahto-05 Date: Mon, 13 Apr 2026 01:54:36 +0530 Subject: [PATCH 4/5] Update demuxerdata.rs --- src/rust/src/libccxr_exports/demuxerdata.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rust/src/libccxr_exports/demuxerdata.rs b/src/rust/src/libccxr_exports/demuxerdata.rs index dfd1c2cc4..790d9c58b 100644 --- a/src/rust/src/libccxr_exports/demuxerdata.rs +++ b/src/rust/src/libccxr_exports/demuxerdata.rs @@ -256,7 +256,7 @@ mod tests { let original_ptr = c_data.buffer; copy_demuxer_data_from_rust(&mut c_data, &rust_data); - // Verify the pointer was NOT reassigned (the bug we're fixing) + assert_eq!(c_data.buffer, original_ptr); // Verify all fields were copied correctly From dd45ccb3e110e66490f155f16afdc09f4e4d4e11 Mon Sep 17 00:00:00 2001 From: Amrit kumar Mahto Date: Mon, 13 Apr 2026 02:06:59 +0530 Subject: [PATCH 5/5] formate --- src/rust/src/libccxr_exports/demuxerdata.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/rust/src/libccxr_exports/demuxerdata.rs b/src/rust/src/libccxr_exports/demuxerdata.rs index 790d9c58b..aef564637 100644 --- a/src/rust/src/libccxr_exports/demuxerdata.rs +++ b/src/rust/src/libccxr_exports/demuxerdata.rs @@ -256,7 +256,6 @@ mod tests { let original_ptr = c_data.buffer; copy_demuxer_data_from_rust(&mut c_data, &rust_data); - assert_eq!(c_data.buffer, original_ptr); // Verify all fields were copied correctly