The following issues were found
libavformat/avs.c
1 issues
Line: 108
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->data[1] = 0x03;
pkt->data[2] = palette_size & 0xFF;
pkt->data[3] = (palette_size >> 8) & 0xFF;
memcpy(pkt->data + 4, palette, palette_size - 4);
}
pkt->data[palette_size + 0] = sub_type;
pkt->data[palette_size + 1] = type;
pkt->data[palette_size + 2] = size & 0xFF;
Reported by FlawFinder.
libavformat/bintext.c
1 issues
Line: 91
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int next_tag_read(AVFormatContext *avctx, uint64_t *fsize)
{
AVIOContext *pb = avctx->pb;
char buf[36];
int len;
uint64_t start_pos = avio_size(pb) - 256;
avio_seek(pb, start_pos, SEEK_SET);
if (avio_read(pb, buf, sizeof(next_magic)) != sizeof(next_magic))
Reported by FlawFinder.
libavformat/cache.c
1 issues
libavformat/cdxl.c
1 issues
Line: 219
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_new_packet(pkt, video_size + CDXL_HEADER_SIZE)) < 0)
return ret;
memcpy(pkt->data, cdxl->header, CDXL_HEADER_SIZE);
ret = avio_read(pb, pkt->data + CDXL_HEADER_SIZE, video_size);
if (ret < 0) {
return ret;
}
av_shrink_packet(pkt, CDXL_HEADER_SIZE + ret);
Reported by FlawFinder.
libavformat/cinedec.c
1 issues
Line: 85
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int set_metadata_float(AVDictionary **dict, const char *key, float value, int allow_zero)
{
if (value != 0 || allow_zero) {
char tmp[64];
snprintf(tmp, sizeof(tmp), "%f", value);
return av_dict_set(dict, key, tmp, 0);
}
return 0;
}
Reported by FlawFinder.
libavformat/dss.c
1 issues
Line: 71
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *key)
{
AVIOContext *pb = s->pb;
char datetime[64], string[DSS_TIME_SIZE + 1] = { 0 };
int y, month, d, h, minute, sec;
int ret;
avio_seek(pb, offset, SEEK_SET);
Reported by FlawFinder.
libavformat/dv.c
1 issues
Line: 473
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int dv_read_timecode(AVFormatContext *s) {
int ret;
char timecode[AV_TIMECODE_STR_SIZE];
int64_t pos = avio_tell(s->pb);
// Read 3 DIF blocks: Header block and 2 Subcode blocks.
#define PARTIAL_FRAME_SIZE (3 * 80)
uint8_t partial_frame[PARTIAL_FRAME_SIZE];
Reported by FlawFinder.
libavformat/dvenc.c
1 issues
Line: 265
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOSYS);
}
memcpy(*frame, data, c->sys->frame_size);
c->has_video = 1;
break;
case AVMEDIA_TYPE_AUDIO:
for (i = 0; i < c->n_ast && st != c->ast[i]; i++);
Reported by FlawFinder.
libavformat/fifo.c
1 issues
Line: 430
CWE codes:
908
if (!fifo_thread_ctx.recovery_nr)
ret = fifo_thread_dispatch_message(&fifo_thread_ctx, &msg);
if (ret < 0 || fifo_thread_ctx.recovery_nr > 0) {
int rec_ret = fifo_thread_recover(&fifo_thread_ctx, &msg, ret);
if (rec_ret < 0) {
av_thread_message_queue_set_err_send(queue, rec_ret);
break;
}
Reported by Cppcheck.
libavformat/fifo_test.c
1 issues
Line: 118
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf("pts seen nr: %d\n", ctx->pts_written_nr);
printf("pts seen: ");
for (i = 0; i < ctx->pts_written_nr; ++i ) {
printf(i ? ",%d" : "%d", ctx->pts_written[i]);
}
printf("\n");
}
#define OFFSET(x) offsetof(FailingMuxerContext, x)
static const AVOption options[] = {
Reported by FlawFinder.