The following issues were found
libavcodec/get_bits.h
415 issues
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
Line: 640
CWE codes:
682
s->buffer = buffer;
s->size_in_bits = bit_size;
s->size_in_bits_plus8 = bit_size + 8;
s->buffer_end = buffer + buffer_size;
s->index = 0;
#if CACHED_BITSTREAM_READER
s->cache = 0;
s->bits_left = 0;
Reported by Cppcheck.
tools/python/convert_from_tensorflow.py
111 issues
Line: 20
Column: 1
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# ==============================================================================
import tensorflow as tf
import numpy as np
import sys, struct
import convert_header as header
__all__ = ['convert_from_tensorflow']
Reported by Pylint.
Line: 22
Column: 1
import tensorflow as tf
import numpy as np
import sys, struct
import convert_header as header
__all__ = ['convert_from_tensorflow']
class Operand(object):
Reported by Pylint.
Line: 87
Column: 33
self.name_operand_dict = {}
def add_operand(self, name, type):
node = self.name_node_dict[name]
if name not in self.name_operand_dict:
dtype = node.attr['dtype'].type
if dtype == 0:
dtype = node.attr['T'].type
Reported by Pylint.
Line: 100
Column: 1
dims[2] = node.attr['shape'].shape.dim[2].size
dims[3] = node.attr['shape'].shape.dim[3].size
operand = Operand(name, dtype, dims)
self.name_operand_dict[name] = operand;
self.name_operand_dict[name].add_iotype(type)
return self.name_operand_dict[name].index
def dump_for_tensorboard(self):
Reported by Pylint.
Line: 108
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html
def dump_for_tensorboard(self):
graph = tf.get_default_graph()
tf.import_graph_def(self.graph_def, name="")
tf.summary.FileWriter('/tmp/graph', graph)
print('graph saved, run "tensorboard --logdir=/tmp/graph" to see it')
def get_conv2d_params(self, conv2d_scope_name):
knode = self.name_node_dict[conv2d_scope_name + '/kernel']
Reported by Bandit.
Line: 379
Column: 9
assert(node.op == 'AvgPool')
self.layer_number = self.layer_number + 1
self.converted_nodes.add(node.name)
node0 = self.name_node_dict[node.input[0]]
strides = node.attr['strides']
# Tensorflow do not support pooling strides in batch dimension and
# current native NN do not support pooling strides in channel dimension, added assert() here.
assert(strides.list.i[1]==strides.list.i[2])
Reported by Pylint.
Line: 395
Column: 9
assert(filter_node.list.i[0]==1)
assert(filter_node.list.i[3]==1)
filter_height = filter_node.list.i[1]
filter_width = filter_node.list.i[2]
padding = node.attr['padding'].s.decode("utf-8")
np.array([self.op2code[node.op], strides, self.pool_paddings[padding], filter_height],
dtype=np.uint32).tofile(f)
Reported by Pylint.
Line: 470
Column: 17
def generate_output_names(self):
used_names = []
for node in self.nodes:
for input in node.input:
used_names.append(input)
for node in self.nodes:
if node.name not in used_names:
self.output_names.append(node.name)
Reported by Pylint.
Line: 479
Column: 9
def remove_identity(self):
self.id_different_scope_dict = {}
id_nodes = []
id_dict = {}
for node in self.nodes:
if node.op == 'Identity':
name = node.name
Reported by Pylint.
Line: 485
Column: 17
for node in self.nodes:
if node.op == 'Identity':
name = node.name
input = node.input[0]
id_nodes.append(node)
# do not change the output name
if name in self.output_names:
self.name_node_dict[input].name = name
self.name_node_dict[name] = self.name_node_dict[input]
Reported by Pylint.
libavcodec/wavpackenc.c
67 issues
Line: 601
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (m && dpp->value > 0 && dpp->value <= MAX_TERM) {
int32_t temp_A[MAX_TERM];
memcpy(temp_A, dpp->samplesA, sizeof(dpp->samplesA));
for (i = 0; i < MAX_TERM; i++) {
dpp->samplesA[i] = temp_A[m];
m = (m + 1) & (MAX_TERM - 1);
}
Reported by FlawFinder.
Line: 707
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
CLEAR(dp.samplesA);
memcpy(dppi->samplesA, dp.samplesA, sizeof(dp.samplesA));
dppi->weightA = dp.weightA;
if (delta == 0) {
dp.delta = 1;
decorr_mono(samples, outsamples, nb_samples, &dp, 1);
Reported by FlawFinder.
Line: 753
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bits < info->best_bits) {
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * (depth + 1));
memcpy(s->sampleptrs[info->nterms + 1][0],
s->sampleptrs[depth + 1][0], s->block_samples * 4);
}
term_bits[term + 3] = bits;
Reported by FlawFinder.
Line: 754
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * (depth + 1));
memcpy(s->sampleptrs[info->nterms + 1][0],
s->sampleptrs[depth + 1][0], s->block_samples * 4);
}
term_bits[term + 3] = bits;
}
Reported by FlawFinder.
Line: 792
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (reversed) {
int ri, i;
memcpy(info->dps, s->decorr_passes, sizeof(s->decorr_passes));
reversed = 0;
for (ri = 0; ri < info->nterms && s->decorr_passes[ri].value; ri++) {
if (ri + 1 >= info->nterms || !s->decorr_passes[ri+1].value)
Reported by FlawFinder.
Line: 818
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reversed = 1;
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * i);
memcpy(s->sampleptrs[info->nterms + 1][0], s->sampleptrs[i][0],
s->block_samples * 4);
} else {
info->dps[ri ] = s->decorr_passes[ri];
info->dps[ri+1] = s->decorr_passes[ri+1];
Reported by FlawFinder.
Line: 819
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * i);
memcpy(s->sampleptrs[info->nterms + 1][0], s->sampleptrs[i][0],
s->block_samples * 4);
} else {
info->dps[ri ] = s->decorr_passes[ri];
info->dps[ri+1] = s->decorr_passes[ri+1];
decorr_mono_buffer(s->sampleptrs[ri][0], s->sampleptrs[ri+1][0],
Reported by FlawFinder.
Line: 857
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lower = 1;
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * i);
memcpy(s->sampleptrs[info->nterms + 1][0], s->sampleptrs[i][0],
s->block_samples * 4);
}
for (d = delta + 1; !lower && d <= 7; d++) {
Reported by FlawFinder.
Line: 858
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * i);
memcpy(s->sampleptrs[info->nterms + 1][0], s->sampleptrs[i][0],
s->block_samples * 4);
}
for (d = delta + 1; !lower && d <= 7; d++) {
int i;
Reported by FlawFinder.
Line: 878
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->best_bits = bits;
CLEAR(s->decorr_passes);
memcpy(s->decorr_passes, info->dps, sizeof(info->dps[0]) * i);
memcpy(s->sampleptrs[info->nterms + 1][0], s->sampleptrs[i][0],
s->block_samples * 4);
}
}
Reported by FlawFinder.
libavformat/rtmpproto.c
58 issues
Line: 112
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int swfsize; ///< size of the decompressed SWF file
char* swfurl; ///< url of the swf player
char* swfverify; ///< URL to player swf file, compute hash/size automatically
char swfverification[42]; ///< hash of the SWF verification
char* pageurl; ///< url of the web page
char* subscribe; ///< name of live stream to subscribe
int max_sent_unacked; ///< max unacked sent bytes
int client_buffer_time; ///< client buffer time in ms
int flush_interval; ///< number of packets flushed in the same request (RTMPT only)
Reported by FlawFinder.
Line: 127
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nb_streamid; ///< The next stream id to return on createStream calls
double duration; ///< Duration of the stream in seconds as returned by the server (only valid if non-zero)
int tcp_nodelay; ///< Use TCP_NODELAY to disable Nagle's algorithm if set to 1
char username[50];
char password[50];
char auth_params[500];
int do_reconnect;
int auth_tried;
} RTMPContext;
Reported by FlawFinder.
Line: 128
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
double duration; ///< Duration of the stream in seconds as returned by the server (only valid if non-zero)
int tcp_nodelay; ///< Use TCP_NODELAY to disable Nagle's algorithm if set to 1
char username[50];
char password[50];
char auth_params[500];
int do_reconnect;
int auth_tried;
} RTMPContext;
Reported by FlawFinder.
Line: 129
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int tcp_nodelay; ///< Use TCP_NODELAY to disable Nagle's algorithm if set to 1
char username[50];
char password[50];
char auth_params[500];
int do_reconnect;
int auth_tried;
} RTMPContext;
#define PLAYER_KEY_OPEN_PART_LEN 30 ///< length of partial key used for first client digest signing
Reported by FlawFinder.
Line: 233
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (pkt->type == RTMP_PT_INVOKE && track) {
GetByteContext gbc;
char name[128];
double pkt_id;
int len;
bytestream2_init(&gbc, pkt->data, pkt->size);
if ((ret = ff_amf_read_string(&gbc, name, sizeof(name), &len)) < 0)
Reported by FlawFinder.
Line: 415
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint8_t *p;
const uint8_t *cp;
int ret;
char command[64];
int stringlen;
double seqnum;
uint8_t tmpstr[256];
GetByteContext gbc;
Reported by FlawFinder.
Line: 907
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = pkt.data;
bytestream_put_be16(&p, 27);
memcpy(p, rt->swfverification, 42);
return rtmp_send_packet(rt, &pkt, 0);
}
/**
Reported by FlawFinder.
Line: 1100
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
*out_data = ptr;
memcpy(*out_data + *out_size, tmp_buf, size);
*out_size += size;
} while (zs.avail_out == 0);
fail:
inflateEnd(&zs);
Reported by FlawFinder.
Line: 1116
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint8_t *in_data = NULL, *out_data = NULL, *swfdata;
int64_t in_size;
URLContext *stream = NULL;
char swfhash[32];
int swfsize;
int ret = 0;
/* Get the SWF player file. */
if ((ret = ffurl_open_whitelist(&stream, rt->swfverify, AVIO_FLAG_READ,
Reported by FlawFinder.
Line: 1155
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
*in_data = 'F'; // magic stuff
memcpy(out_data, in_data, 8);
out_size = 8;
if ((ret = rtmp_uncompress_swfplayer(in_data + 8, in_size - 8,
&out_data, &out_size)) < 0)
goto fail;
Reported by FlawFinder.
libavformat/rtsp.c
56 issues
Line: 2597
CWE codes:
562
avcodec_parameters_free(&par);
ffio_init_context(&pb, sdp.str, sdp.len, 0, NULL, NULL, NULL, NULL);
s->pb = &pb;
/* if sdp_read_header() fails then following ff_network_close() cancels out */
/* ff_network_init() at the start of this function. Otherwise it cancels out */
/* ff_network_init() inside sdp_read_header() */
ff_network_close();
Reported by Cppcheck.
Line: 1935
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if (!av_strncasecmp(reply->server, "WMServer/", 9)) {
rt->server_type = RTSP_SERVER_WMS;
} else if (rt->server_type == RTSP_SERVER_REAL)
strcpy(real_challenge, reply->real_challenge);
break;
}
#if CONFIG_RTSP_DEMUXER
if (s->iformat) {
Reported by FlawFinder.
Line: 125
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static AVDictionary *map_to_opts(RTSPState *rt)
{
AVDictionary *opts = NULL;
char buf[256];
snprintf(buf, sizeof(buf), "%d", rt->buffer_size);
av_dict_set(&opts, "buffer_size", buf, 0);
snprintf(buf, sizeof(buf), "%d", rt->pkt_size);
av_dict_set(&opts, "pkt_size", buf, 0);
Reported by FlawFinder.
Line: 172
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static void rtsp_parse_range_npt(const char *p, int64_t *start, int64_t *end)
{
char buf[256];
p += strspn(p, SPACE_CHARS);
if (!av_stristart(p, "npt=", &p))
return;
Reported by FlawFinder.
Line: 205
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gai_strerror(ret));
return -1;
}
memcpy(sock, ai->ai_addr, FFMIN(sizeof(*sock), ai->ai_addrlen));
freeaddrinfo(ai);
return 0;
}
#if CONFIG_RTPDEC
Reported by FlawFinder.
Line: 283
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int payload_type, const char *p)
{
AVCodecParameters *par = st->codecpar;
char buf[256];
int i;
const AVCodecDescriptor *desc;
const char *c_name;
/* See if we can handle this kind of payload.
Reported by FlawFinder.
Line: 318
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
c_name = "(null)";
get_word_sep(buf, sizeof(buf), "/", &p);
i = atoi(buf);
switch (par->codec_type) {
case AVMEDIA_TYPE_AUDIO:
av_log(s, AV_LOG_DEBUG, "audio codec set to: %s\n", c_name);
par->sample_rate = RTSP_DEFAULT_AUDIO_SAMPLERATE;
par->channels = RTSP_DEFAULT_NB_AUDIO_CHANNELS;
Reported by FlawFinder.
Line: 328
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
par->sample_rate = i;
avpriv_set_pts_info(st, 32, 1, par->sample_rate);
get_word_sep(buf, sizeof(buf), "/", &p);
i = atoi(buf);
if (i > 0)
par->channels = i;
}
av_log(s, AV_LOG_DEBUG, "audio samplerate set to: %i\n",
par->sample_rate);
Reported by FlawFinder.
Line: 379
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct RTSPSource **default_exclude_source_addrs; /**< Source-specific multicast exclude source IP address (from SDP content) */
int seen_rtpmap;
int seen_fmtp;
char delayed_fmtp[2048];
} SDPParseState;
static void copy_default_source_addrs(struct RTSPSource **addrs, int count,
struct RTSPSource ***dest, int *dest_count)
{
Reported by FlawFinder.
Line: 392
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtsp_src2 = av_malloc(sizeof(*rtsp_src2));
if (!rtsp_src2)
continue;
memcpy(rtsp_src2, rtsp_src, sizeof(*rtsp_src));
dynarray_add(dest, dest_count, rtsp_src2);
}
}
static void parse_fmtp(AVFormatContext *s, RTSPState *rt,
Reported by FlawFinder.
libavformat/hls.c
52 issues
Line: 347
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (info) {
var->bandwidth = atoi(info->bandwidth);
strcpy(var->audio_group, info->audio);
strcpy(var->video_group, info->video);
strcpy(var->subtitles_group, info->subtitles);
}
dynarray_add(&c->variants, &c->n_variants, var);
Reported by FlawFinder.
Line: 348
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (info) {
var->bandwidth = atoi(info->bandwidth);
strcpy(var->audio_group, info->audio);
strcpy(var->video_group, info->video);
strcpy(var->subtitles_group, info->subtitles);
}
dynarray_add(&c->variants, &c->n_variants, var);
dynarray_add(&var->playlists, &var->n_playlists, pls);
Reported by FlawFinder.
Line: 349
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
var->bandwidth = atoi(info->bandwidth);
strcpy(var->audio_group, info->audio);
strcpy(var->video_group, info->video);
strcpy(var->subtitles_group, info->subtitles);
}
dynarray_add(&c->variants, &c->n_variants, var);
dynarray_add(&var->playlists, &var->n_playlists, pls);
return var;
Reported by FlawFinder.
Line: 514
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
dynarray_add(&c->renditions, &c->n_renditions, rend);
rend->type = type;
strcpy(rend->group_id, info->group_id);
strcpy(rend->language, info->language);
strcpy(rend->name, info->name);
/* add the playlist if this is an external rendition */
if (info->uri[0]) {
Reported by FlawFinder.
Line: 515
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
rend->type = type;
strcpy(rend->group_id, info->group_id);
strcpy(rend->language, info->language);
strcpy(rend->name, info->name);
/* add the playlist if this is an external rendition */
if (info->uri[0]) {
rend->playlist = new_playlist(c, info->uri, url_base);
Reported by FlawFinder.
Line: 516
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
rend->type = type;
strcpy(rend->group_id, info->group_id);
strcpy(rend->language, info->language);
strcpy(rend->name, info->name);
/* add the playlist if this is an external rendition */
if (info->uri[0]) {
rend->playlist = new_playlist(c, info->uri, url_base);
if (rend->playlist)
Reported by FlawFinder.
Line: 2219
CWE codes:
476
minplaylist = i;
} else {
int64_t dts = pls->pkt->dts;
int64_t mindts = minpls->pkt->dts;
if (dts == AV_NOPTS_VALUE ||
(mindts != AV_NOPTS_VALUE && compare_ts_with_wrapdetect(dts, pls, mindts, minpls) < 0))
minplaylist = i;
}
Reported by Cppcheck.
Line: 94
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* containing the next packet from this stream.
*/
struct playlist {
char url[MAX_URL_SIZE];
AVIOContext pb;
uint8_t* read_buffer;
AVIOContext *input;
int input_read_done;
AVIOContext *input_next;
Reported by FlawFinder.
Line: 133
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int init_sec_data_len;
unsigned int init_sec_buf_read_offset;
char key_url[MAX_URL_SIZE];
uint8_t key[16];
/* ID3 timestamp handling (elementary audio streams have ID3 timestamps
* (and possibly other ID3 tags) in the beginning of each segment) */
int is_id3_timestamped; /* -1: not yet known */
Reported by FlawFinder.
Line: 174
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rendition {
enum AVMediaType type;
struct playlist *playlist;
char group_id[MAX_FIELD_LEN];
char language[MAX_FIELD_LEN];
char name[MAX_FIELD_LEN];
int disposition;
};
Reported by FlawFinder.
libavformat/hlsenc.c
52 issues
Line: 1398
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
set_http_options(s, &options, hls);
snprintf(temp_filename, sizeof(temp_filename), use_temp_file ? "%s.tmp" : "%s", hls->master_m3u8_url);
ret = hlsenc_io_open(s, &hls->m3u8_out, temp_filename, &options);
av_dict_free(&options);
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "Failed to open master play list file '%s'\n",
temp_filename);
Reported by FlawFinder.
Line: 1573
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
av_log(s, AV_LOG_ERROR, "Cannot use rename on non file protocol, this may lead to races and temporary partial files\n");
set_http_options(s, &options, hls);
snprintf(temp_filename, sizeof(temp_filename), use_temp_file ? "%s.tmp" : "%s", vs->m3u8_name);
if ((ret = hlsenc_io_open(s, byterange_mode ? &hls->m3u8_out : &vs->out, temp_filename, &options)) < 0) {
if (hls->ignore_io_errors)
ret = 0;
goto fail;
}
Reported by FlawFinder.
Line: 1629
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
ff_hls_write_end_list(byterange_mode ? hls->m3u8_out : vs->out);
if (vs->vtt_m3u8_name) {
snprintf(temp_vtt_filename, sizeof(temp_vtt_filename), use_temp_file ? "%s.tmp" : "%s", vs->vtt_m3u8_name);
if ((ret = hlsenc_io_open(s, &hls->sub_m3u8_out, temp_vtt_filename, &options)) < 0) {
if (hls->ignore_io_errors)
ret = 0;
goto fail;
}
Reported by FlawFinder.
Line: 1792
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
err = av_strlcpy(iv_string, vs->iv_string, sizeof(iv_string));
if (!err) {
snprintf(iv_string, sizeof(iv_string), "%032"PRIx64, vs->sequence);
memset(vs->iv_string, 0, sizeof(vs->iv_string));
memcpy(vs->iv_string, iv_string, sizeof(iv_string));
}
}
if (c->segment_type != SEGMENT_TYPE_FMP4) {
Reported by FlawFinder.
Line: 1882
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
*p = '\0';
}
snprintf(name + strlen(name), name_buf_len - strlen(name), POSTFIX_PATTERN, i);
if (strlen(extension))
av_strlcat(name, extension, name_buf_len);
return 0;
Reported by FlawFinder.
Line: 78
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define POSTFIX_PATTERN "_%d"
typedef struct HLSSegment {
char filename[MAX_URL_SIZE];
char sub_filename[MAX_URL_SIZE];
double duration; /* in seconds */
int discont;
int64_t pos;
int64_t size;
Reported by FlawFinder.
Line: 79
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct HLSSegment {
char filename[MAX_URL_SIZE];
char sub_filename[MAX_URL_SIZE];
double duration; /* in seconds */
int discont;
int64_t pos;
int64_t size;
int64_t keyframe_pos;
Reported by FlawFinder.
Line: 88
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t keyframe_size;
unsigned var_stream_idx;
char key_uri[LINE_BUFFER_SIZE + 1];
char iv_string[KEYSIZE*2 + 1];
struct HLSSegment *next;
double discont_program_date_time;
} HLSSegment;
Reported by FlawFinder.
Line: 89
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned var_stream_idx;
char key_uri[LINE_BUFFER_SIZE + 1];
char iv_string[KEYSIZE*2 + 1];
struct HLSSegment *next;
double discont_program_date_time;
} HLSSegment;
Reported by FlawFinder.
Line: 164
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *m3u8_name;
double initial_prog_date_time;
char current_segment_final_filename_fmt[MAX_URL_SIZE]; // when renaming segments
char *fmp4_init_filename;
char *base_output_dirname;
int encrypt_started;
Reported by FlawFinder.
libavformat/dashenc.c
47 issues
Line: 529
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
get_hls_playlist_name(filename_hls, sizeof(filename_hls),
c->dirname, representation_id);
snprintf(temp_filename_hls, sizeof(temp_filename_hls), use_rename ? "%s.tmp" : "%s", filename_hls);
set_http_options(&http_opts, c);
ret = dashenc_io_open(s, &c->m3u8_out, temp_filename_hls, &http_opts);
av_dict_free(&http_opts);
if (ret < 0) {
Reported by FlawFinder.
Line: 1147
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!use_rename && !warned_non_file++)
av_log(s, AV_LOG_ERROR, "Cannot use rename on non file protocol, this may lead to races and temporary partial files\n");
snprintf(temp_filename, sizeof(temp_filename), use_rename ? "%s.tmp" : "%s", s->url);
set_http_options(&opts, c);
ret = dashenc_io_open(s, &c->mpd_out, temp_filename, &opts);
av_dict_free(&opts);
if (ret < 0) {
return handle_io_open_error(s, ret, temp_filename);
Reported by FlawFinder.
Line: 1261
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
else
snprintf(filename_hls, sizeof(filename_hls), "%s", c->hls_master_name);
snprintf(temp_filename, sizeof(temp_filename), use_rename ? "%s.tmp" : "%s", filename_hls);
set_http_options(&opts, c);
ret = dashenc_io_open(s, &c->m3u8_out, temp_filename, &opts);
av_dict_free(&opts);
if (ret < 0) {
Reported by FlawFinder.
Line: 2256
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
os->segment_index, os->bit_rate, os->start_pts);
snprintf(os->full_path, sizeof(os->full_path), "%s%s", c->dirname,
os->filename);
snprintf(os->temp_path, sizeof(os->temp_path),
use_rename ? "%s.tmp" : "%s", os->full_path);
set_http_options(&opts, c);
ret = dashenc_io_open(s, &os->out, os->temp_path, &opts);
av_dict_free(&opts);
if (ret < 0) {
Reported by FlawFinder.
Line: 74
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MPD_PROFILE_DVB 2
typedef struct Segment {
char file[1024];
int64_t start_pos;
int range_length, index_length;
int64_t time;
double prog_date_time;
int64_t duration;
Reported by FlawFinder.
Line: 107
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVCodecParserContext *parser;
AVCodecContext *parser_avctx;
int packets_written;
char initfile[1024];
int64_t init_start_pos, pos;
int init_range_length;
int nb_segments, segments_size, segment_index;
int64_t seg_duration;
int64_t frag_duration;
Reported by FlawFinder.
Line: 127
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *init_seg_name;
const char *media_seg_name;
char codec_str[100];
int written_len;
char filename[1024];
char full_path[1024];
char temp_path[1024];
double availability_time_offset;
Reported by FlawFinder.
Line: 129
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char codec_str[100];
int written_len;
char filename[1024];
char full_path[1024];
char temp_path[1024];
double availability_time_offset;
AVProducerReferenceTime producer_reference_time;
char producer_reference_time_str[100];
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char codec_str[100];
int written_len;
char filename[1024];
char full_path[1024];
char temp_path[1024];
double availability_time_offset;
AVProducerReferenceTime producer_reference_time;
char producer_reference_time_str[100];
int total_pkt_size;
Reported by FlawFinder.
Line: 131
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int written_len;
char filename[1024];
char full_path[1024];
char temp_path[1024];
double availability_time_offset;
AVProducerReferenceTime producer_reference_time;
char producer_reference_time_str[100];
int total_pkt_size;
int64_t total_pkt_duration;
Reported by FlawFinder.
libavfilter/vf_ciescope.c
47 issues
Line: 771
CWE codes:
908
double xc, double yc, double zc,
double * const r, double * const g, double * const b)
{
*r = m[0][0]*xc + m[0][1]*yc + m[0][2]*zc;
*g = m[1][0]*xc + m[1][1]*yc + m[1][2]*zc;
*b = m[2][0]*xc + m[2][1]*yc + m[2][2]*zc;
}
static void invert_matrix3x3(double in[3][3], double out[3][3])
Reported by Cppcheck.
Line: 772
CWE codes:
908
double * const r, double * const g, double * const b)
{
*r = m[0][0]*xc + m[0][1]*yc + m[0][2]*zc;
*g = m[1][0]*xc + m[1][1]*yc + m[1][2]*zc;
*b = m[2][0]*xc + m[2][1]*yc + m[2][2]*zc;
}
static void invert_matrix3x3(double in[3][3], double out[3][3])
{
Reported by Cppcheck.
Line: 773
CWE codes:
908
{
*r = m[0][0]*xc + m[0][1]*yc + m[0][2]*zc;
*g = m[1][0]*xc + m[1][1]*yc + m[1][2]*zc;
*b = m[2][0]*xc + m[2][1]*yc + m[2][2]*zc;
}
static void invert_matrix3x3(double in[3][3], double out[3][3])
{
double m00 = in[0][0], m01 = in[0][1], m02 = in[0][2],
Reported by Cppcheck.
Line: 1037
CWE codes:
908
int x0, int y0, int x1, int y1,
int w, int h)
{
int dx = FFABS(x1 - x0), sx = x0 < x1 ? 1 : -1;
int dy = FFABS(y1 - y0), sy = y0 < y1 ? 1 : -1;
int err = (dx > dy ? dx : -dy) / 2, e2;
for (;;) {
pixels[y0 * linesize + x0 * 4 + 0] = 65535 - pixels[y0 * linesize + x0 * 4 + 0];
Reported by Cppcheck.
Line: 1038
CWE codes:
908
int w, int h)
{
int dx = FFABS(x1 - x0), sx = x0 < x1 ? 1 : -1;
int dy = FFABS(y1 - y0), sy = y0 < y1 ? 1 : -1;
int err = (dx > dy ? dx : -dy) / 2, e2;
for (;;) {
pixels[y0 * linesize + x0 * 4 + 0] = 65535 - pixels[y0 * linesize + x0 * 4 + 0];
pixels[y0 * linesize + x0 * 4 + 1] = 65535 - pixels[y0 * linesize + x0 * 4 + 1];
Reported by Cppcheck.
Line: 1148
CWE codes:
908
av_assert0(0);
}
xyz_to_rgb(m, cx, cy, cz, &jr, &jg, &jb);
/* Check whether the requested color is within the
gamut achievable with the given color system. If
not, draw it in a reduced intensity, interpolated
by desaturation to the closest within-gamut color. */
Reported by Cppcheck.
Line: 1209
CWE codes:
908
}
draw_rline(pixels, linesize,
wx + Sz(3), wy, wx + Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx - Sz(3), wy, wx - Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
Reported by Cppcheck.
Line: 1209
CWE codes:
908
}
draw_rline(pixels, linesize,
wx + Sz(3), wy, wx + Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx - Sz(3), wy, wx - Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
Reported by Cppcheck.
Line: 1212
CWE codes:
908
wx + Sz(3), wy, wx + Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx - Sz(3), wy, wx - Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx, wy + Sz(3), wx, wy + Sz(10),
w, h);
draw_rline(pixels, linesize,
Reported by Cppcheck.
Line: 1212
CWE codes:
908
wx + Sz(3), wy, wx + Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx - Sz(3), wy, wx - Sz(10), wy,
w, h);
draw_rline(pixels, linesize,
wx, wy + Sz(3), wx, wy + Sz(10),
w, h);
draw_rline(pixels, linesize,
Reported by Cppcheck.
libavformat/movenc.c
46 issues
Line: 525
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
if ((ret = av_grow_packet(info->pkt, pkt->size)) < 0)
goto end;
memcpy(info->pkt->data + info->pkt->size - pkt->size, pkt->data, pkt->size);
info->num_blocks += num_blocks;
info->pkt->duration += pkt->duration;
if (info->num_blocks != 6)
goto end;
av_packet_unref(pkt);
Reported by FlawFinder.
Line: 2101
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = AVERROR_BUG;
int64_t pos = avio_tell(pb);
char compressor_name[32] = { 0 };
int avid = 0;
int uncompressed_ycbcr = ((track->par->codec_id == AV_CODEC_ID_RAWVIDEO && track->par->format == AV_PIX_FMT_UYVY422)
|| (track->par->codec_id == AV_CODEC_ID_RAWVIDEO && track->par->format == AV_PIX_FMT_YUYV422)
|| track->par->codec_id == AV_CODEC_ID_V308
Reported by FlawFinder.
Line: 3261
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_write_udta_sdp(AVIOContext *pb, MOVTrack *track)
{
AVFormatContext *ctx = track->rtp_ctx;
char buf[1000] = "";
int len;
ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0], track->src_track,
NULL, NULL, 0, 0, ctx);
av_strlcatf(buf, sizeof(buf), "a=control:streamid=%d\r\n", track->track_id);
Reported by FlawFinder.
Line: 3542
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int l, len, len2;
AVDictionaryEntry *t, *t2 = NULL;
char tag2[16];
*lang = 0;
if (!(t = av_dict_get(s->metadata, tag, NULL, 0)))
return NULL;
Reported by FlawFinder.
Line: 3577
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
static int mov_write_tmpo_tag(AVIOContext *pb, AVFormatContext *s)
{
AVDictionaryEntry *t = av_dict_get(s->metadata, "tmpo", NULL, 0);
int size = 0, tmpo = t ? atoi(t->value) : 0;
if (tmpo) {
size = 26;
avio_wb32(pb, size);
ffio_wfourcc(pb, "tmpo");
avio_wb32(pb, size-8); /* size */
Reported by FlawFinder.
Line: 3649
Column: 31
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
AVDictionaryEntry *t = av_dict_get(s->metadata,
disc ? "disc" : "track",
NULL, 0);
int size = 0, track = t ? atoi(t->value) : 0;
if (track) {
int tracks = 0;
char *slash = strchr(t->value, '/');
if (slash)
tracks = atoi(slash + 1);
Reported by FlawFinder.
Line: 3654
Column: 22
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int tracks = 0;
char *slash = strchr(t->value, '/');
if (slash)
tracks = atoi(slash + 1);
avio_wb32(pb, 32); /* size */
ffio_wfourcc(pb, disc ? "disk" : "trkn");
avio_wb32(pb, 24); /* size */
ffio_wfourcc(pb, "data");
avio_wb32(pb, 0); // 8 bytes empty
Reported by FlawFinder.
Line: 3683
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (!(t = av_dict_get(s->metadata, tag, NULL, 0)))
return 0;
num = atoi(t->value);
avio_wb32(pb, size);
ffio_wfourcc(pb, name);
avio_wb32(pb, size - 8);
ffio_wfourcc(pb, "data");
Reported by FlawFinder.
Line: 3901
Column: 23
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
ffio_wfourcc(pb, tag); /* type */
avio_wb32(pb, 0); /* version + flags */
if (!strcmp(tag, "yrrc"))
avio_wb16(pb, atoi(t->value));
else {
avio_wb16(pb, language_code("eng")); /* language */
avio_write(pb, t->value, strlen(t->value) + 1); /* UTF8 string value */
if (!strcmp(tag, "albm") &&
(t = av_dict_get(s->metadata, "track", NULL, 0)))
Reported by FlawFinder.
Line: 3907
Column: 25
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
avio_write(pb, t->value, strlen(t->value) + 1); /* UTF8 string value */
if (!strcmp(tag, "albm") &&
(t = av_dict_get(s->metadata, "track", NULL, 0)))
avio_w8(pb, atoi(t->value));
}
return update_size(pb, pos);
}
static int mov_write_chpl_tag(AVIOContext *pb, AVFormatContext *s)
Reported by FlawFinder.