Minor FFI hardening fixes by kinetiknz · Pull Request #443 · mozilla/mp4parse-rust

kinetiknz · 2026-03-13T20:44:12Z

Tiny defensive changes:

avoid exposing invalid heap pointers to FFI if the cache insert fails. The caller would've still received an error and should not expect the pointers to be valid, but it's better to avoid exposing them in this error case.
init avif_info and avif_image with defaults to match other code and avoid exposing uninitialized structs on error paths
make sample_info conversion failure explicit rather than silent
add missing nullptr checks in some FFI functions
avoid truncating timescale silently
add an assert to catch read callback misbehaviour

Tiny defensive change: avoids exposing invalid heap pointers to FFI if the cache insert fails. The caller would've still received an error and should not expect the pointers to be valid, but it's better to avoid exposing them in this error case.

…ary. QuickTime v2 audio sample entries can carry a u32 channel count and f64 sample rate that don't fit the u16/u32 C-API fields. Replace the silent truncating casts with checked conversions that return Invalid.

…mented. Both functions dereferenced their out-pointer without first checking for null, unlike every other C API entry point. Add the missing guards so callers that pass null get BadArg instead of a null-deref.

Matches the pattern used by all other FFI getters, ensuring C callers always see valid (zeroed) fields even on error paths.

…quested.

kinetiknz requested review from ashleyz and padenot March 13, 2026 20:44

kinetiknz self-assigned this Mar 13, 2026

kinetiknz added 2 commits March 14, 2026 10:25

ffi: Add null checks for out-pointers in get_indice_table and is_frag…

0f3d086

…mented. Both functions dereferenced their out-pointer without first checking for null, unlike every other C API entry point. Add the missing guards so callers that pass null get BadArg instead of a null-deref.

kinetiknz changed the title ~~ffi: Perform cache insert before initializing indices.~~ Minor FFI hardening fixes Mar 13, 2026

kinetiknz added 4 commits March 14, 2026 11:25

ffi: Initialize AVIF output structs to defaults before populating.

88caba9

Matches the pattern used by all other FFI getters, ensuring C callers always see valid (zeroed) fields even on error paths.

ffi: Reject timescales that don't fit in u32 instead of truncating.

e7eb51b

ffi: Assert that the read callback does not return more bytes than re…

0f0f1e3

…quested.

ffi: Document that thread safety is the caller's responsibility.

c3cf685

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minor FFI hardening fixes#443

Minor FFI hardening fixes#443
kinetiknz wants to merge 7 commits intomasterfrom
get_indice_table

kinetiknz commented Mar 13, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kinetiknz commented Mar 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

kinetiknz commented Mar 13, 2026 •

edited

Loading