Skip to content

Fix 25 C audit issues (security, safety, memory)#4

Merged
farkasmark merged 1 commit intomainfrom
c-audit-fixes
Feb 22, 2026
Merged

Fix 25 C audit issues (security, safety, memory)#4
farkasmark merged 1 commit intomainfrom
c-audit-fixes

Conversation

@farkasmark
Copy link
Copy Markdown
Contributor

@farkasmark farkasmark commented Feb 22, 2026
edited
Loading

Summary

  • Fixes 25 issues identified by /c-audit across 16 files (2 critical, 6 high, 10 medium, 7 low)
  • All 185 existing tests pass with zero regressions
  • 3 issues documented as intentional/safe and skipped (v4l2 write best-effort, font_len parameter, OpenMP lums)

Critical fixes

  • sRGB LUT data race — replaced atomic flag with CAS-based 3-state init (uninit → in-progress → ready) to prevent concurrent threads from reading a partially-initialized LUT
  • Integer overflow in grid allocation — added size_t casts and INT_MAX bounds check on cols * rows before allocation

High fixes

  • Bounds checks on direct ANSI byte writes, fread return validation in tools, snprintf truncation safety via helper function, blip encoder overflow guards, use-after-free on audio stats

Medium fixes

  • atoistrtol with validation in all tools, ftell error checks, malloc NULL checks, division-by-zero guard, negative frame check in WASM player, re-encode return validation, BLIP v1 skip OOB fix, NaN filtering before quickselect

Low fixes

  • Updated bench.c to current codecs, blip accessor NULL checks, encapsulated struct access, -Wall -Wextra on emcc builds, removed dead variable

Test plan

  • make clean && make compiles without errors
  • make test — all 185 tests pass (0 failures)
  • No new compiler warnings in src/ or tools/

@farkasmark
Fix 25 issues from C security/safety audit
3d3cd11 
Critical:
- Fix sRGB LUT data race with CAS-based init (image.c)
- Fix integer overflow in cols*rows grid computation (output.c)

High:
- Add bounds checks on direct byte writes in ANSI output (output.c)
- Add fread return value checks in tools (glif_compare, glif_verify)
- Fix snprintf truncation handling with safe helper (output.c)
- Fix ensure_cap/pre-alloc overflow in blip encoder (blip.c)
- Fix use-after-free on audio stats after writer finish (main.c)

Medium:
- Replace atoi with strtol+validation in all tools
- Add ftell error checks in all tools
- Add malloc NULL checks in glif_codec_stats
- Add pipeline return value checks in glif_compare
- Guard division by zero on fps=0 (main.c)
- Add negative frame check in WASM player
- Check re-encode return value in writer (output.c)
- Fix BLIP v1 section skip OOB read (glif.c)
- Filter NaN before quickselect (contrast.c, temporal.c)

Low:
- Update bench.c to use current deflate codecs
- Add NULL checks to blip encoder accessors
- Use accessor functions for blip struct fields (output.c)
- Add -Wall -Wextra to emcc builds (Makefile)
- Remove unused font_size variable (font.c)
@farkasmark farkasmark merged commit fbfef64 into main Feb 22, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@farkasmark