The following issues were found
libavcodec/apedec.c
11 issues
Line: 825
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize and zero the coefficients */
if (ctx->fileversion < 3930) {
if (ctx->compression_level == COMPRESSION_LEVEL_FAST) {
memcpy(p->coeffsA[0], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
Reported by FlawFinder.
Line: 827
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->compression_level == COMPRESSION_LEVEL_FAST) {
memcpy(p->coeffsA[0], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
Reported by FlawFinder.
Line: 830
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
}
} else {
Reported by FlawFinder.
Line: 832
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
Reported by FlawFinder.
Line: 836
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(initial_coeffs_a_3800));
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
Reported by FlawFinder.
Line: 837
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
Reported by FlawFinder.
Line: 838
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
Reported by FlawFinder.
Line: 839
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
Reported by FlawFinder.
Line: 844
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
memcpy(p->coeffsB[1], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
}
Reported by FlawFinder.
Line: 846
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
memcpy(p->coeffsB[1], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
}
p->filterA[0] = p->filterA[1] = 0;
p->filterB[0] = p->filterB[1] = 0;
Reported by FlawFinder.
libavcodec/wmavoice.c
10 issues
Line: 405
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
ff_sine_window_init(s->cos, 256);
memcpy(&s->sin[255], s->cos, 256 * sizeof(s->cos[0]));
for (n = 0; n < 255; n++) {
s->sin[n] = -s->sin[510 - n];
s->cos[510 - n] = s->cos[n];
}
}
Reported by FlawFinder.
Line: 736
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*coeffs = s->denoise_coeffs_pf, tilt_mem = 0;
tilted_lpcs[0] = 1.0;
memcpy(&tilted_lpcs[1], lpcs, sizeof(lpcs[0]) * s->lsps);
memset(&tilted_lpcs[s->lsps + 1], 0,
sizeof(tilted_lpcs[0]) * (128 - s->lsps - 1));
ff_tilt_compensation(&tilt_mem, 0.7 * tilt_factor(lpcs, s->lsps),
tilted_lpcs, s->lsps + 2);
Reported by FlawFinder.
Line: 780
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (n = 0; n < lim; n++)
s->denoise_filter_cache[n] += synth_pf[size + n];
if (lim < remainder) {
memcpy(&s->denoise_filter_cache[lim], &synth_pf[size + lim],
sizeof(s->denoise_filter_cache[0]) * (remainder - lim));
s->denoise_filter_cache_size = remainder;
}
}
}
Reported by FlawFinder.
Line: 828
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* re-synthesize speech after smoothening, and keep history */
ff_celp_lp_synthesis_filterf(synth_pf, lpcs,
synth_filter_in, size, s->lsps);
memcpy(&synth_pf[-s->lsps], &synth_pf[size - s->lsps],
sizeof(synth_pf[0]) * s->lsps);
wiener_denoise(s, fcb_type, synth_pf, size, lpcs);
adaptive_gain_control(samples, synth_pf, synth, size, 0.99,
Reported by FlawFinder.
Line: 1626
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&s->zero_exc_pf[s->history_nsamples + MAX_FRAMESIZE * frame_idx + 80],
frame_descs[bd_idx].fcb_type, pitch[0]);
} else
memcpy(samples, synth, 160 * sizeof(synth[0]));
/* Cache values for next frame */
s->frame_cntr++;
if (s->frame_cntr >= 0xFFFF) s->frame_cntr -= 0xFFFF; // i.e. modulo (%)
s->last_acb_type = frame_descs[bd_idx].acb_type;
Reported by FlawFinder.
Line: 1718
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float synth[MAX_LSPS + MAX_SFRAMESIZE];
float *samples;
memcpy(synth, s->synth_history,
s->lsps * sizeof(*synth));
memcpy(excitation, s->excitation_history,
s->history_nsamples * sizeof(*excitation));
if (s->sframe_cache_size > 0) {
Reported by FlawFinder.
Line: 1720
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(synth, s->synth_history,
s->lsps * sizeof(*synth));
memcpy(excitation, s->excitation_history,
s->history_nsamples * sizeof(*excitation));
if (s->sframe_cache_size > 0) {
gb = &s_gb;
init_get_bits(gb, s->sframe_cache, s->sframe_cache_size);
Reported by FlawFinder.
Line: 1821
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*got_frame_ptr = 1;
/* Update history */
memcpy(s->prev_lsps, lsps[2],
s->lsps * sizeof(*s->prev_lsps));
memcpy(s->synth_history, &synth[MAX_SFRAMESIZE],
s->lsps * sizeof(*synth));
memcpy(s->excitation_history, &excitation[MAX_SFRAMESIZE],
s->history_nsamples * sizeof(*excitation));
Reported by FlawFinder.
Line: 1823
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update history */
memcpy(s->prev_lsps, lsps[2],
s->lsps * sizeof(*s->prev_lsps));
memcpy(s->synth_history, &synth[MAX_SFRAMESIZE],
s->lsps * sizeof(*synth));
memcpy(s->excitation_history, &excitation[MAX_SFRAMESIZE],
s->history_nsamples * sizeof(*excitation));
if (s->do_apf)
memmove(s->zero_exc_pf, &s->zero_exc_pf[MAX_SFRAMESIZE],
Reported by FlawFinder.
Line: 1825
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->lsps * sizeof(*s->prev_lsps));
memcpy(s->synth_history, &synth[MAX_SFRAMESIZE],
s->lsps * sizeof(*synth));
memcpy(s->excitation_history, &excitation[MAX_SFRAMESIZE],
s->history_nsamples * sizeof(*excitation));
if (s->do_apf)
memmove(s->zero_exc_pf, &s->zero_exc_pf[MAX_SFRAMESIZE],
s->history_nsamples * sizeof(*s->zero_exc_pf));
Reported by FlawFinder.
tests/checkasm/aacpsdsp.c
10 issues
Line: 60
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
randomize((INTFLOAT *)src, BUF_SIZE * 2);
randomize(dst0, BUF_SIZE);
memcpy(dst1, dst0, BUF_SIZE * sizeof(INTFLOAT));
call_ref(dst0, src, BUF_SIZE);
call_new(dst1, src, BUF_SIZE);
if (!float_near_abs_eps_array(dst0, dst1, EPS, BUF_SIZE))
fail();
bench_new(dst1, src, BUF_SIZE);
Reported by FlawFinder.
Line: 102
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
randomize((INTFLOAT *)filter, N * 8 * 2);
randomize((INTFLOAT *)dst0, BUF_SIZE * 2);
memcpy(dst1, dst0, BUF_SIZE * 2 * sizeof(INTFLOAT));
call_ref(dst0, in, filter, STRIDE, N);
call_new(dst1, in, filter, STRIDE, N);
if (!float_near_abs_eps_array((float *)dst0, (float *)dst1, EPS, BUF_SIZE * 2))
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
randomize((INTFLOAT *)out0, 91 * 32 * 2);
randomize((INTFLOAT *)in, 2 * 38 * 64);
memcpy(out1, out0, 91 * 32 * 2 * sizeof(INTFLOAT));
/* len is hardcoded to 32 as that's the only value used in
libavcodec. asm functions are likely to be optimized
hardcoding this value in their loops and could fail with
anything else.
Reported by FlawFinder.
Line: 160
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
randomize((INTFLOAT *)in, 91 * 32 * 2);
randomize((INTFLOAT *)out0, 2 * 38 * 64);
memcpy(out1, out0, 2 * 38 * 64 * sizeof(INTFLOAT));
/* len is hardcoded to 32 as that's the only value used in
libavcodec. asm functions are likely to be optimized
hardcoding this value in their loops and could fail with
anything else.
Reported by FlawFinder.
Line: 206
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 2; i++) {
if (check_func(psdsp->stereo_interpolate[i], "ps_stereo_interpolate%s", i ? "_ipdopd" : "")) {
memcpy(l0, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r0, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
randomize((INTFLOAT *)h, 2 * 4);
Reported by FlawFinder.
Line: 207
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 2; i++) {
if (check_func(psdsp->stereo_interpolate[i], "ps_stereo_interpolate%s", i ? "_ipdopd" : "")) {
memcpy(l0, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r0, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
randomize((INTFLOAT *)h, 2 * 4);
randomize((INTFLOAT *)h_step, 2 * 4);
Reported by FlawFinder.
Line: 208
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (check_func(psdsp->stereo_interpolate[i], "ps_stereo_interpolate%s", i ? "_ipdopd" : "")) {
memcpy(l0, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r0, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
randomize((INTFLOAT *)h, 2 * 4);
randomize((INTFLOAT *)h_step, 2 * 4);
// Clear the least significant 14 bits of h_step, to avoid
Reported by FlawFinder.
Line: 209
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(l0, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r0, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
randomize((INTFLOAT *)h, 2 * 4);
randomize((INTFLOAT *)h_step, 2 * 4);
// Clear the least significant 14 bits of h_step, to avoid
// divergence when accumulating h_step BUF_SIZE times into
Reported by FlawFinder.
Line: 227
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!float_near_abs_eps_array((float *)r0, (float *)r1, EPS, BUF_SIZE * 2))
fail();
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
bench_new(l1, r1, h, h_step, BUF_SIZE);
}
}
}
Reported by FlawFinder.
Line: 228
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fail();
memcpy(l1, l, BUF_SIZE * 2 * sizeof(INTFLOAT));
memcpy(r1, r, BUF_SIZE * 2 * sizeof(INTFLOAT));
bench_new(l1, r1, h, h_step, BUF_SIZE);
}
}
}
Reported by FlawFinder.
libavcodec/vp9dsp_template.c
10 issues
Line: 816
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v[size - 2] = (top[size - 2] + top[size - 1] * 3 + 2) >> 2; \
\
for (j = 0; j < size; j++) { \
memcpy(dst + j*stride, v + j, (size - 1 - j) * sizeof(pixel)); \
memset_bpc(dst + j*stride + size - 1 - j, top[size - 1], j + 1); \
} \
}
def_diag_downleft(8)
Reported by FlawFinder.
Line: 864
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v[size ] = (top[-1] + top[0] * 2 + top[ 1] + 2) >> 2; \
\
for (j = 0; j < size; j++) \
memcpy(dst + j*stride, v + size - 1 - j, size * sizeof(pixel)); \
}
def_diag_downright(8)
def_diag_downright(16)
def_diag_downright(32)
Reported by FlawFinder.
Line: 919
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} \
\
for (j = 0; j < size / 2; j++) { \
memcpy(dst + j*2 *stride, ve + size/2 - 1 - j, size * sizeof(pixel)); \
memcpy(dst + (j*2 + 1)*stride, vo + size/2 - 1 - j, size * sizeof(pixel)); \
} \
}
def_vert_right(8)
Reported by FlawFinder.
Line: 920
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
\
for (j = 0; j < size / 2; j++) { \
memcpy(dst + j*2 *stride, ve + size/2 - 1 - j, size * sizeof(pixel)); \
memcpy(dst + (j*2 + 1)*stride, vo + size/2 - 1 - j, size * sizeof(pixel)); \
} \
}
def_vert_right(8)
def_vert_right(16)
Reported by FlawFinder.
Line: 972
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v[size*2 - 3] = (top[-1] + left[size - 1] * 2 + left[size - 2] + 2) >> 2; \
\
for (j = 0; j < size; j++) \
memcpy(dst + j*stride, v + size*2 - 2 - j*2, size * sizeof(pixel)); \
}
def_hor_down(8)
def_hor_down(16)
def_hor_down(32)
Reported by FlawFinder.
Line: 1018
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vo[size - 2] = (top[size - 2] + top[size - 1] * 3 + 2) >> 2; \
\
for (j = 0; j < size / 2; j++) { \
memcpy(dst + j*2 * stride, ve + j, (size - j - 1) * sizeof(pixel)); \
memset_bpc(dst + j*2 * stride + size - j - 1, top[size - 1], j + 1); \
memcpy(dst + (j*2 + 1) * stride, vo + j, (size - j - 1) * sizeof(pixel)); \
memset_bpc(dst + (j*2 + 1) * stride + size - j - 1, top[size - 1], j + 1); \
} \
}
Reported by FlawFinder.
Line: 1020
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < size / 2; j++) { \
memcpy(dst + j*2 * stride, ve + j, (size - j - 1) * sizeof(pixel)); \
memset_bpc(dst + j*2 * stride + size - j - 1, top[size - 1], j + 1); \
memcpy(dst + (j*2 + 1) * stride, vo + j, (size - j - 1) * sizeof(pixel)); \
memset_bpc(dst + (j*2 + 1) * stride + size - j - 1, top[size - 1], j + 1); \
} \
}
def_vert_left(8)
Reported by FlawFinder.
Line: 1064
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v[size*2 - 3] = (left[size - 2] + left[size - 1] * 3 + 2) >> 2; \
\
for (j = 0; j < size / 2; j++) \
memcpy(dst + j*stride, v + j*2, size * sizeof(pixel)); \
for (j = size / 2; j < size; j++) { \
memcpy(dst + j*stride, v + j*2, (size*2 - 2 - j*2) * sizeof(pixel)); \
memset_bpc(dst + j*stride + size*2 - 2 - j*2, left[size - 1], \
2 + j*2 - size); \
} \
Reported by FlawFinder.
Line: 1066
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < size / 2; j++) \
memcpy(dst + j*stride, v + j*2, size * sizeof(pixel)); \
for (j = size / 2; j < size; j++) { \
memcpy(dst + j*stride, v + j*2, (size*2 - 2 - j*2) * sizeof(pixel)); \
memset_bpc(dst + j*stride + size*2 - 2 - j*2, left[size - 1], \
2 + j*2 - size); \
} \
}
Reported by FlawFinder.
Line: 1944
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int w, int h)
{
do {
memcpy(dst, src, w * sizeof(pixel));
dst += dst_stride;
src += src_stride;
} while (--h);
}
Reported by FlawFinder.
libavcodec/videotoolboxenc.c
10 issues
Line: 1638
CWE codes:
682
int zeros = 0;
int wrote_bytes;
uint8_t* dst_start;
uint8_t* dst_end = dst + dst_size;
const uint8_t* src_end = src + src_size;
int start_at = dst_offset > 2 ? dst_offset - 2 : 0;
int i;
for (i = start_at; i < dst_offset && i < dst_size; i++) {
if (!dst[i])
Reported by Cppcheck.
Line: 1643
CWE codes:
476
int start_at = dst_offset > 2 ? dst_offset - 2 : 0;
int i;
for (i = start_at; i < dst_offset && i < dst_size; i++) {
if (!dst[i])
zeros++;
else
zeros = 0;
}
Reported by Cppcheck.
Line: 534
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR_BUFFER_TOO_SMALL;
}
memcpy(dst + offset, start_code, sizeof(start_code));
offset += sizeof(start_code);
memcpy(dst + offset, ps, ps_size);
offset = next_offset;
}
Reported by FlawFinder.
Line: 537
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst + offset, start_code, sizeof(start_code));
offset += sizeof(start_code);
memcpy(dst + offset, ps, ps_size);
offset = next_offset;
}
if (status) {
av_log(avctx, AV_LOG_ERROR, "Error getting parameter set data: %d\n", status);
Reported by FlawFinder.
Line: 1813
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
//No SEI NAL unit - insert.
int wrote_bytes;
memcpy(dst_data, start_code, sizeof(start_code));
dst_data += sizeof(start_code);
remaining_dst_size -= sizeof(start_code);
*dst_data = H264_NAL_SEI;
dst_data++;
Reported by FlawFinder.
Line: 1856
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_box = dst_data + sizeof(start_code);
memcpy(dst_data, start_code, sizeof(start_code));
status = CMBlockBufferCopyDataBytes(block,
src_offset + length_code_size,
box_len,
dst_box);
Reported by FlawFinder.
Line: 2197
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rows = plane_rows[i];
if (dst_stride == src_stride) {
memcpy(dst_addr, src_addr, src_stride * rows);
} else {
copy_bytes = dst_stride < src_stride ? dst_stride : src_stride;
for (j = 0; j < rows; j++) {
memcpy(dst_addr + j * dst_stride, src_addr + j * src_stride, copy_bytes);
Reported by FlawFinder.
Line: 2202
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_bytes = dst_stride < src_stride ? dst_stride : src_stride;
for (j = 0; j < rows; j++) {
memcpy(dst_addr + j * dst_stride, src_addr + j * src_stride, copy_bytes);
}
}
}
} else {
if (frame->data[1]) {
Reported by FlawFinder.
Line: 2224
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rows = plane_rows[0];
if (dst_stride == src_stride) {
memcpy(dst_addr, src_addr, src_stride * rows);
} else {
copy_bytes = dst_stride < src_stride ? dst_stride : src_stride;
for (j = 0; j < rows; j++) {
memcpy(dst_addr + j * dst_stride, src_addr + j * src_stride, copy_bytes);
Reported by FlawFinder.
Line: 2229
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_bytes = dst_stride < src_stride ? dst_stride : src_stride;
for (j = 0; j < rows; j++) {
memcpy(dst_addr + j * dst_stride, src_addr + j * src_stride, copy_bytes);
}
}
}
status = CVPixelBufferUnlockBaseAddress(cv_img, 0);
Reported by FlawFinder.
libavcodec/mpegaudioenc_template.c
10 issues
Line: 60
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
short samples_buf[MPA_MAX_CHANNELS][SAMPLES_BUF_SIZE]; /* buffer for filter */
int samples_offset[MPA_MAX_CHANNELS]; /* offset in samples_buf */
int sb_samples[MPA_MAX_CHANNELS][3][12][SBLIMIT];
unsigned char scale_factors[MPA_MAX_CHANNELS][SBLIMIT][3]; /* scale factors */
/* code to group 3 scale factors */
unsigned char scale_code[MPA_MAX_CHANNELS][SBLIMIT];
int sblimit; /* number of used subbands */
const unsigned char *alloc_table;
int16_t filter_bank[512];
Reported by FlawFinder.
Line: 62
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sb_samples[MPA_MAX_CHANNELS][3][12][SBLIMIT];
unsigned char scale_factors[MPA_MAX_CHANNELS][SBLIMIT][3]; /* scale factors */
/* code to group 3 scale factors */
unsigned char scale_code[MPA_MAX_CHANNELS][SBLIMIT];
int sblimit; /* number of used subbands */
const unsigned char *alloc_table;
int16_t filter_bank[512];
int scale_factor_table[64];
unsigned char scale_diff_table[128];
Reported by FlawFinder.
Line: 67
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *alloc_table;
int16_t filter_bank[512];
int scale_factor_table[64];
unsigned char scale_diff_table[128];
#if USE_FLOATS
float scale_factor_inv_table[64];
#else
int8_t scale_factor_shift[64];
unsigned short scale_factor_mult[64];
Reported by FlawFinder.
Line: 378
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static void compute_scale_factors(MpegAudioContext *s,
unsigned char scale_code[SBLIMIT],
unsigned char scale_factors[SBLIMIT][3],
int sb_samples[3][12][SBLIMIT],
int sblimit)
{
int *p, vmax, v, n, i, j, k, code;
Reported by FlawFinder.
Line: 379
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void compute_scale_factors(MpegAudioContext *s,
unsigned char scale_code[SBLIMIT],
unsigned char scale_factors[SBLIMIT][3],
int sb_samples[3][12][SBLIMIT],
int sblimit)
{
int *p, vmax, v, n, i, j, k, code;
int index, d1, d2;
Reported by FlawFinder.
Line: 512
Column: 45
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
smaller than other encoders :-) */
static void compute_bit_allocation(MpegAudioContext *s,
short smr1[MPA_MAX_CHANNELS][SBLIMIT],
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT],
int *padding)
{
int i, ch, b, max_smr, max_ch, max_sb, current_frame_size, max_frame_size;
int incr;
short smr[MPA_MAX_CHANNELS][SBLIMIT];
Reported by FlawFinder.
Line: 518
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, ch, b, max_smr, max_ch, max_sb, current_frame_size, max_frame_size;
int incr;
short smr[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char subband_status[MPA_MAX_CHANNELS][SBLIMIT];
const unsigned char *alloc;
memcpy(smr, smr1, s->nb_channels * sizeof(short) * SBLIMIT);
memset(subband_status, SB_NOTALLOCATED, s->nb_channels * SBLIMIT);
memset(bit_alloc, 0, s->nb_channels * SBLIMIT);
Reported by FlawFinder.
Line: 521
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char subband_status[MPA_MAX_CHANNELS][SBLIMIT];
const unsigned char *alloc;
memcpy(smr, smr1, s->nb_channels * sizeof(short) * SBLIMIT);
memset(subband_status, SB_NOTALLOCATED, s->nb_channels * SBLIMIT);
memset(bit_alloc, 0, s->nb_channels * SBLIMIT);
/* compute frame size and padding */
max_frame_size = s->frame_size;
Reported by FlawFinder.
Line: 607
Column: 35
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* compared to other encoders :-)
*/
static void encode_frame(MpegAudioContext *s,
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT],
int padding)
{
int i, j, k, l, bit_alloc_bits, b, ch;
unsigned char *sf;
int q[3];
Reported by FlawFinder.
Line: 748
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MpegAudioContext *s = avctx->priv_data;
const int16_t *samples = (const int16_t *)frame->data[0];
short smr[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT];
int padding, i, ret;
for(i=0;i<s->nb_channels;i++) {
filter(s, i, samples + i, s->nb_channels);
}
Reported by FlawFinder.
libavcodec/bytestream.h
10 issues
Line: 272
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int size)
{
int size2 = FFMIN(g->buffer_end - g->buffer, size);
memcpy(dst, g->buffer, size2);
g->buffer += size2;
return size2;
}
static av_always_inline unsigned int bytestream2_get_bufferu(GetByteContext *g,
Reported by FlawFinder.
Line: 281
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst,
unsigned int size)
{
memcpy(dst, g->buffer, size);
g->buffer += size;
return size;
}
static av_always_inline unsigned int bytestream2_put_buffer(PutByteContext *p,
Reported by FlawFinder.
Line: 296
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size2 = FFMIN(p->buffer_end - p->buffer, size);
if (size2 != size)
p->eof = 1;
memcpy(p->buffer, src, size2);
p->buffer += size2;
return size2;
}
static av_always_inline unsigned int bytestream2_put_bufferu(PutByteContext *p,
Reported by FlawFinder.
Line: 305
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *src,
unsigned int size)
{
memcpy(p->buffer, src, size);
p->buffer += size;
return size;
}
static av_always_inline void bytestream2_set_buffer(PutByteContext *p,
Reported by FlawFinder.
Line: 341
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GetByteContext *g,
unsigned int size)
{
memcpy(p->buffer, g->buffer, size);
p->buffer += size;
g->buffer += size;
return size;
}
Reported by FlawFinder.
Line: 367
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst,
unsigned int size)
{
memcpy(dst, *b, size);
(*b) += size;
return size;
}
static av_always_inline void bytestream_put_buffer(uint8_t **b,
Reported by FlawFinder.
Line: 376
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *src,
unsigned int size)
{
memcpy(*b, src, size);
(*b) += size;
}
#endif /* AVCODEC_BYTESTREAM_H */
Reported by FlawFinder.
Line: 42
Column: 32
CWE codes:
120
20
int eof;
} PutByteContext;
#define DEF(type, name, bytes, read, write) \
static av_always_inline type bytestream_get_ ## name(const uint8_t **b) \
{ \
(*b) += bytes; \
return read(*b - bytes); \
} \
Reported by FlawFinder.
Line: 46
Column: 12
CWE codes:
120
20
static av_always_inline type bytestream_get_ ## name(const uint8_t **b) \
{ \
(*b) += bytes; \
return read(*b - bytes); \
} \
static av_always_inline void bytestream_put_ ## name(uint8_t **b, \
const type value) \
{ \
write(*b, value); \
Reported by FlawFinder.
Line: 82
Column: 12
CWE codes:
120
20
} \
static av_always_inline type bytestream2_peek_ ## name ## u(GetByteContext *g) \
{ \
return read(g->buffer); \
} \
static av_always_inline type bytestream2_peek_ ## name(GetByteContext *g) \
{ \
if (g->buffer_end - g->buffer < bytes) \
return 0; \
Reported by FlawFinder.
libavcodec/flashsv2enc.c
10 issues
Line: 270
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int new_key_frame(FlashSV2Context * s)
{
int i;
memcpy(s->key_blocks, s->frame_blocks, s->blocks_size);
memcpy(s->key_frame, s->current_frame, s->frame_size);
for (i = 0; i < s->rows * s->cols; i++) {
s->key_blocks[i].enc += (s->keybuffer - s->encbuffer);
s->key_blocks[i].sl_begin = 0;
Reported by FlawFinder.
Line: 271
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int i;
memcpy(s->key_blocks, s->frame_blocks, s->blocks_size);
memcpy(s->key_frame, s->current_frame, s->frame_size);
for (i = 0; i < s->rows * s->cols; i++) {
s->key_blocks[i].enc += (s->keybuffer - s->encbuffer);
s->key_blocks[i].sl_begin = 0;
s->key_blocks[i].sl_end = 0;
Reported by FlawFinder.
Line: 279
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->key_blocks[i].sl_end = 0;
s->key_blocks[i].data = 0;
}
memcpy(s->keybuffer, s->encbuffer, s->frame_size);
return 0;
}
static int write_palette(FlashSV2Context * s, uint8_t * buf, int buf_size)
Reported by FlawFinder.
Line: 353
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[buf_pos++] = (b->row);
}
memcpy(buf + buf_pos, b->data, b->data_size);
buf_pos += b->data_size;
return buf_pos;
}
Reported by FlawFinder.
Line: 405
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
uint8_t *ptr = b->enc;
for (i = 0; i < b->start; i++)
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->sl_begin = ptr + i * b->width * 3;
for (; i < b->start + b->len; i++)
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->sl_end = ptr + i * b->width * 3;
for (; i < b->height; i++)
Reported by FlawFinder.
Line: 408
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->sl_begin = ptr + i * b->width * 3;
for (; i < b->start + b->len; i++)
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->sl_end = ptr + i * b->width * 3;
for (; i < b->height; i++)
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->enc_size = ptr + i * b->width * 3 - b->enc;
return b->enc_size;
Reported by FlawFinder.
Line: 411
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->sl_end = ptr + i * b->width * 3;
for (; i < b->height; i++)
memcpy(ptr + i * b->width * 3, src + i * stride, b->width * 3);
b->enc_size = ptr + i * b->width * 3 - b->enc;
return b->enc_size;
}
static inline unsigned pixel_color15(const uint8_t * src)
Reported by FlawFinder.
Line: 521
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int generate_default_palette(Palette * palette)
{
memcpy(palette->colors, default_screen_video_v2_palette,
sizeof(default_screen_video_v2_palette));
return update_palette_index(palette);
}
Reported by FlawFinder.
Line: 588
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf_size < b->data_size) {
b->data_size = buf_size;
memcpy(b->data, buf, buf_size);
b->flags |= ZLIB_PRIME_COMPRESS_PREVIOUS;
}
}
} else {
b->data_size = 0;
Reported by FlawFinder.
Line: 603
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (memcmp(src, frame, b->width * 3) != 0) {
b->dirty = 1;
memcpy(frame, src, b->width * 3);
#ifndef FLASHSV2_DUMB
s->diff_lines++;
#endif
}
if (memcmp(src, key, b->width * 3) != 0) {
Reported by FlawFinder.
libavformat/avidec.c
10 issues
Line: 145
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int get_riff(AVFormatContext *s, AVIOContext *pb)
{
AVIContext *avi = s->priv_data;
char header[8] = {0};
int i;
/* check RIFF header */
avio_read(pb, header, 4);
avi->riff_end = avio_rl32(pb); /* RIFF chunk size */
Reported by FlawFinder.
Line: 307
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t size)
{
AVIOContext *pb = s->pb;
char key[5] = { 0 };
char *value;
size += (size & 1);
if (size == UINT_MAX)
Reported by FlawFinder.
Line: 329
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AV_DICT_DONT_STRDUP_VAL);
}
static const char months[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
static void avi_metadata_creation_time(AVDictionary **metadata, char *date)
{
char month[4], time[9], buffer[64];
Reported by FlawFinder.
Line: 334
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void avi_metadata_creation_time(AVDictionary **metadata, char *date)
{
char month[4], time[9], buffer[64];
int i, day, year;
/* parse standard AVI date format (ie. "Mon Mar 10 15:04:43 2003") */
if (sscanf(date, "%*3s%*[ ]%3s%*[ ]%2d%*[ ]%8s%*[ ]%4d",
month, &day, time, &year) == 4) {
for (i = 0; i < 12; i++)
Reported by FlawFinder.
Line: 364
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint16_t tag = avio_rl16(s->pb);
uint16_t size = avio_rl16(s->pb);
const char *name = NULL;
char buffer[64] = { 0 };
uint64_t remaining = tag_end - avio_tell(s->pb);
size = FFMIN(size, remaining);
size -= avio_read(s->pb, buffer,
FFMIN(size, sizeof(buffer) - 1));
switch (tag) {
Reported by FlawFinder.
Line: 542
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
break;
case MKTAG('I', 'D', 'I', 'T'):
{
unsigned char date[64] = { 0 };
size += (size & 1);
size -= avio_read(pb, date, FFMIN(size, sizeof(date) - 1));
avio_skip(pb, size);
avi_metadata_creation_time(&s->metadata, date);
break;
Reported by FlawFinder.
Line: 855
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
st->codecpar->extradata_size = 0;
return ret;
} else
memcpy(st->codecpar->extradata + st->codecpar->extradata_size - 9,
"BottomUp", 9);
}
st->codecpar->height = FFABS(st->codecpar->height);
// avio_skip(pb, size - 5 * 4);
Reported by FlawFinder.
Line: 1119
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.buf_size = size };
if (!pd.buf)
goto error;
memcpy(pd.buf, pb->buf_ptr, size);
sub_demuxer = av_probe_input_format2(&pd, 1, &score);
av_freep(&pd.buf);
if (!sub_demuxer)
goto error;
Reported by FlawFinder.
Line: 1486
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s, AV_LOG_ERROR,
"Failed to allocate data for palette\n");
} else {
memcpy(pal, ast->pal, AVPALETTE_SIZE);
ast->has_pal = 0;
}
}
if (CONFIG_DV_DEMUXER && dv_demux) {
Reported by FlawFinder.
Line: 337
Column: 9
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
char month[4], time[9], buffer[64];
int i, day, year;
/* parse standard AVI date format (ie. "Mon Mar 10 15:04:43 2003") */
if (sscanf(date, "%*3s%*[ ]%3s%*[ ]%2d%*[ ]%8s%*[ ]%4d",
month, &day, time, &year) == 4) {
for (i = 0; i < 12; i++)
if (!av_strcasecmp(month, months[i])) {
snprintf(buffer, sizeof(buffer), "%.4d-%.2d-%.2d %s",
year, i + 1, day, time);
Reported by FlawFinder.
libavformat/udp.c
10 issues
Line: 204
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (addr->sa_family == AF_INET6) {
struct ipv6_mreq mreq6;
memcpy(&mreq6.ipv6mr_multiaddr, &(((struct sockaddr_in6 *)addr)->sin6_addr), sizeof(struct in6_addr));
//TODO: Interface index should be looked up from local_addr
mreq6.ipv6mr_interface = 0;
if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq6, sizeof(mreq6)) < 0) {
ff_log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_ADD_MEMBERSHIP)");
return ff_neterrno();
Reported by FlawFinder.
Line: 237
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (addr->sa_family == AF_INET6) {
struct ipv6_mreq mreq6;
memcpy(&mreq6.ipv6mr_multiaddr, &(((struct sockaddr_in6 *)addr)->sin6_addr), sizeof(struct in6_addr));
//TODO: Interface index should be looked up from local_addr
mreq6.ipv6mr_interface = 0;
if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_DROP_MEMBERSHIP, &mreq6, sizeof(mreq6)) < 0) {
ff_log_net_error(NULL, AV_LOG_ERROR, "setsockopt(IPV6_DROP_MEMBERSHIP)");
return -1;
Reported by FlawFinder.
Line: 268
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
//TODO: Interface index should be looked up from local_addr
mreqs.gsr_interface = 0;
memcpy(&mreqs.gsr_group, addr, addr_len);
memcpy(&mreqs.gsr_source, &sources[i], sizeof(*sources));
if (setsockopt(sockfd, level,
include ? MCAST_JOIN_SOURCE_GROUP : MCAST_BLOCK_SOURCE,
(const void *)&mreqs, sizeof(mreqs)) < 0) {
Reported by FlawFinder.
Line: 269
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
//TODO: Interface index should be looked up from local_addr
mreqs.gsr_interface = 0;
memcpy(&mreqs.gsr_group, addr, addr_len);
memcpy(&mreqs.gsr_source, &sources[i], sizeof(*sources));
if (setsockopt(sockfd, level,
include ? MCAST_JOIN_SOURCE_GROUP : MCAST_BLOCK_SOURCE,
(const void *)&mreqs, sizeof(mreqs)) < 0) {
if (include)
Reported by FlawFinder.
Line: 327
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
res0 = ff_ip_resolve_host(h, hostname, port, SOCK_DGRAM, AF_UNSPEC, 0);
if (!res0) return AVERROR(EIO);
memcpy(addr, res0->ai_addr, res0->ai_addrlen);
addr_len = res0->ai_addrlen;
freeaddrinfo(res0);
return addr_len;
}
Reported by FlawFinder.
Line: 361
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (udp_fd < 0)
goto fail;
memcpy(addr, res->ai_addr, res->ai_addrlen);
*addr_len = res->ai_addrlen;
freeaddrinfo(res0);
return udp_fd;
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int udp_port(struct sockaddr_storage *addr, int addr_len)
{
char sbuf[sizeof(int)*3+1];
int error;
if ((error = getnameinfo((struct sockaddr *)addr, addr_len, NULL, 0, sbuf, sizeof(sbuf), NI_NUMERICSERV)) != 0) {
av_log(NULL, AV_LOG_ERROR, "getnameinfo: %s\n", gai_strerror(error));
return -1;
Reported by FlawFinder.
Line: 409
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ff_udp_set_remote_url(URLContext *h, const char *uri)
{
UDPContext *s = h->priv_data;
char hostname[256], buf[10];
int port;
const char *p;
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &port, NULL, 0, uri);
Reported by FlawFinder.
Line: 626
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* return non zero if error */
static int udp_open(URLContext *h, const char *uri, int flags)
{
char hostname[1024], localaddr[1024] = "";
int port, udp_fd = -1, tmp, bind_ret = -1, dscp = -1;
UDPContext *s = h->priv_data;
int is_output;
const char *p;
char buf[256];
Reported by FlawFinder.
Line: 631
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UDPContext *s = h->priv_data;
int is_output;
const char *p;
char buf[256];
struct sockaddr_storage my_addr;
socklen_t len;
int ret;
h->is_streamed = 1;
Reported by FlawFinder.