From 43ee251308b6ff92688f19179d0e5df0d27604e7 Mon Sep 17 00:00:00 2001 From: Apoorv Darshan Date: Wed, 4 Mar 2026 19:25:08 +0530 Subject: [PATCH] Fix null pointer dereference in Matroska parser on file open failure create_file() returns the result of fopen() which can be NULL if the file cannot be opened. matroska_loop() never checked this, passing the NULL pointer into matroska_parse() where it is immediately used in feof(), causing a crash. Add a NULL check that calls fatal(EXIT_READ_ERROR, ...) on failure, consistent with other file-open error handling in the codebase. --- src/lib_ccx/matroska.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib_ccx/matroska.c b/src/lib_ccx/matroska.c index 231c1da5b..787d438ec 100644 --- a/src/lib_ccx/matroska.c +++ b/src/lib_ccx/matroska.c @@ -2035,6 +2035,12 @@ int matroska_loop(struct lib_ccx_ctx *ctx) mkv_ctx->current_second = 0; mkv_ctx->filename = ctx->inputfile[ctx->current_file]; mkv_ctx->file = create_file(ctx); + if (mkv_ctx->file == NULL) + { + char *fname = mkv_ctx->filename; + free(mkv_ctx); + fatal(EXIT_READ_ERROR, "Could not open MKV file: %s\n", fname); + } mkv_ctx->sub_tracks = malloc(sizeof(struct matroska_sub_track **)); if (mkv_ctx->sub_tracks == NULL) fatal(EXIT_NOT_ENOUGH_MEMORY, "In matroska_loop: Out of memory allocating sub_tracks.");