Skip to content
This repository has been archived by the owner on Dec 11, 2024. It is now read-only.

Maybe unsound in VideoDataSourceContext::pointer #52

Open
lwz23 opened this issue Dec 9, 2024 · 3 comments
Open

Maybe unsound in VideoDataSourceContext::pointer #52

lwz23 opened this issue Dec 9, 2024 · 3 comments

Comments

@lwz23
Copy link

lwz23 commented Dec 9, 2024
edited
Loading

hello, thank you for your contribution in this project, I am scanning the unsoundness problem in rust project.
I notice the following code:

pub struct VideoDataSourceContext {
    pointer: *mut obs_source_frame,
}

impl VideoDataSourceContext {
    pub fn from_raw(pointer: *mut obs_source_frame) -> Self {
        Self { pointer }
    }

    pub fn format(&self) -> Option<VideoFormat> {
        let raw = unsafe { (*self.pointer).format };

        VideoFormat::from_raw(raw).ok()
    }

    pub fn width(&self) -> u32 {
        unsafe { (*self.pointer).width }
    }

    pub fn height(&self) -> u32 {
        unsafe { (*self.pointer).height }
    }

    pub fn data_buffer(&self, idx: usize) -> *mut u8 {
        unsafe { (*self.pointer).data[idx] }
    }

    pub fn linesize(&self, idx: usize) -> u32 {
        unsafe { (*self.pointer).linesize[idx] }
    }

    pub fn timestamp(&self) -> u64 {
        unsafe { (*self.pointer).timestamp }
    }
}

Considering that pub mod media, pointer can be passed a null pointer though from_raw, and format timestamp........ are also pub function. I assume that users can directly manipulate this field. This potential situation could result in *self.pointer being dereference a null pointer, and directly dereferencing it might trigger undefined behavior (UB). For safety reasons, I felt it necessary to report this issue. If you have performed checks elsewhere that ensure this is safe, please don’t take offense at my raising this issue.
If there is no external usage for VideoDataSourceContext, I suggest it should not marked as pub, at least its field should not marked as pub.
@lwz23
Copy link
Author

lwz23 commented Dec 10, 2024

maybe same problem for

rust-obs-plugins/src/graphics/display.rs

Line 165 in 694466f

pub fn new(data: *mut S, callback: *const std::ffi::c_void, display: &'a DisplayRef) -> Self {

user could crate a null pointer through the new method and may cause UB in

rust-obs-plugins/src/graphics/display.rs

Line 180 in 694466f

Some(std::mem::transmute(self.callback)),
or

rust-obs-plugins/src/graphics/display.rs

Line 185 in 694466f

unsafe { *Box::from_raw(ptr) }

@lwz23
Copy link
Author

lwz23 commented Dec 10, 2024

same problem for VideoDataOutputContext

rust-obs-plugins/src/media/video.rs

Line 107 in 694466f

pub fn from_raw(pointer: *mut video_data) -> Self {

@lwz23
Copy link
Author

lwz23 commented Dec 10, 2024

and VideoRef

rust-obs-plugins/src/media/video.rs

Line 197 in 694466f

pub fn from_raw(pointer: *mut video_t) -> Self {

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lwz23