From 3865385763a105babdcf9cdd4e238982bb0c7b9a Mon Sep 17 00:00:00 2001 From: Apoorv Darshan Date: Mon, 23 Feb 2026 00:14:31 +0530 Subject: [PATCH] Fix configuration file parsing bugs and typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix multiple bugs in parse_file(): heap buffer overflow on long lines (no bounds check on 128-byte buffer), broken EOF detection (fgetc() return stored in char instead of int), missing NULL check after malloc, missing null-terminator on accumulated string, and last line silently dropped if file lacks trailing newline. Also fix typos in configuration_map[]: FIX_PADDINDG → FIX_PADDING, INVASTIGATE_PACKET → INVESTIGATE_PACKET. --- docs/CHANGES.TXT | 5 +++++ src/lib_ccx/configuration.c | 24 ++++++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/docs/CHANGES.TXT b/docs/CHANGES.TXT index ebe2a4fc7..18caf5260 100644 --- a/docs/CHANGES.TXT +++ b/docs/CHANGES.TXT @@ -26,6 +26,11 @@ - Fix: Spurious numbers printed to console during processing - Fix: Heap overflow in Transport Stream PAT/PMT parsing (security fix) - Fix: Various memory safety and stability fixes in demuxers (MP4, PS, MKV, DVB) +- Fix: Configuration file parser bugs — heap buffer overflow on long lines, broken EOF + detection due to incorrect fgetc() return type, and last line dropped if file lacks + trailing newline +- Fix: Typos in configuration keys: FIX_PADDINDG → FIX_PADDING, + INVASTIGATE_PACKET → INVESTIGATE_PACKET 0.96.5 (2026-01-05) ------------------- diff --git a/src/lib_ccx/configuration.c b/src/lib_ccx/configuration.c index c32aa9586..76da5a2ba 100644 --- a/src/lib_ccx/configuration.c +++ b/src/lib_ccx/configuration.c @@ -48,14 +48,14 @@ struct conf_map configuration_map[] = { {"OUTPUT_FORMAT", offsetof(struct ccx_s_options, write_format), set_int}, {"VIDEO_EDITED", offsetof(struct ccx_s_options, binary_concat), set_int}, {"GOP_TIME", offsetof(struct ccx_s_options, use_gop_as_pts), set_int}, - {"FIX_PADDINDG", offsetof(struct ccx_s_options, fix_padding), set_int}, + {"FIX_PADDING", offsetof(struct ccx_s_options, fix_padding), set_int}, {"GUI_MODE_REPORTS", offsetof(struct ccx_s_options, gui_mode_reports), set_int}, {"NO_PROGRESS_BAR", offsetof(struct ccx_s_options, no_progress_bar), set_int}, {"CAP_FILE", offsetof(struct ccx_s_options, sentence_cap_file), set_string}, {"PROFANITY_FILE", offsetof(struct ccx_s_options, filter_profanity_file), set_string}, {"START_AT", offsetof(struct ccx_s_options, extraction_start), set_time}, {"END_AT", offsetof(struct ccx_s_options, extraction_end), set_time}, - {"INVASTIGATE_PACKET", offsetof(struct ccx_s_options, investigate_packets), set_int}, + {"INVESTIGATE_PACKET", offsetof(struct ccx_s_options, investigate_packets), set_int}, {"FULL_BIN", offsetof(struct ccx_s_options, fullbin), set_int}, {"NO_SYNC", offsetof(struct ccx_s_options, nosync), set_int}, {"HAUPPAUGE_MODE", offsetof(struct ccx_s_options, hauppauge_mode), set_int}, @@ -91,12 +91,14 @@ static int parse_opts(char *str, struct ccx_s_options *opt) static void parse_file(FILE *f, struct ccx_s_options *opt) { char *str = (char *)malloc(128); - char c = '\0'; + if (!str) + return; + int c = '\0'; int comments = 0; int i = 0; int ret = 0; *str = '\0'; - while ((c = (char)fgetc(f)) != EOF) + while ((c = fgetc(f)) != EOF) { if (c == '\n') { @@ -116,8 +118,18 @@ static void parse_file(FILE *f, struct ccx_s_options *opt) comments = 1; continue; } - str[i] = c; - i++; + if (i < 127) + { + str[i] = c; + str[i + 1] = '\0'; + i++; + } + } + if (str[0] != '\0') + { + ret = parse_opts(str, opt); + if (ret < 0) + mprint("invalid configuration file\n"); } free(str); }