The following issues were found
libavformat/movenchint.c
1 issues
Line: 139
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
queue->len--;
continue;
}
memcpy(ptr, sample->data, sample->size);
sample->data = ptr;
sample->own_data = 1;
}
i++;
}
Reported by FlawFinder.
libavformat/mp3dec.c
1 issues
Line: 166
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint16_t crc;
uint32_t v;
char version[10];
uint32_t peak = 0;
int32_t r_gain = INT32_MIN, a_gain = INT32_MIN;
MP3DecContext *mp3 = s->priv_data;
Reported by FlawFinder.
libavformat/mpsubdec.c
1 issues
Line: 103
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
while (!avio_feof(s->pb)) {
char line[1024];
int64_t start, duration;
int fps, len = ff_get_line(s->pb, line, sizeof(line));
if (!len)
break;
Reported by FlawFinder.
libavformat/musx.c
1 issues
Line: 167
CWE codes:
908
av_assert0(0);
}
avio_seek(s->pb, offset, SEEK_SET);
avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
return 0;
}
Reported by Cppcheck.
libavformat/mvdec.c
1 issues
Line: 247
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
count = avio_rb32(pb);
avio_skip(pb, 4);
for (i = 0; i < count; i++) {
char name[17];
int size;
if (avio_feof(pb))
return AVERROR_EOF;
Reported by FlawFinder.
libavformat/mxf.h
1 issues
Line: 116
Column: 38
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const MXFCodecUL ff_mxf_color_trc_uls[];
extern const MXFCodecUL ff_mxf_color_space_uls[];
int ff_mxf_decode_pixel_layout(const char pixel_layout[16], enum AVPixelFormat *pix_fmt);
int ff_mxf_get_content_package_rate(AVRational time_base);
#define PRIxUID \
"%02x.%02x.%02x.%02x." \
Reported by FlawFinder.
libavformat/nspdec.c
1 issues
Line: 49
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOMEM);
while (!avio_feof(s->pb)) {
char value[1024];
chunk = avio_rb32(s->pb);
size = avio_rl32(s->pb);
pos = avio_tell(s->pb);
Reported by FlawFinder.
libavformat/nut.h
1 issues
Line: 129
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const AVCodecTag * const ff_nut_codec_tags[];
typedef struct Dispositions {
char str[9];
int flag;
} Dispositions;
void ff_nut_reset_ts(NUTContext *nut, AVRational time_base, int64_t val);
int64_t ff_lsb2full(StreamContext *stream, int64_t lsb);
Reported by FlawFinder.
libavformat/oggenc.c
1 issues
Line: 239
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = FFMIN(size, segments*255);
page->segments[page->segments_count++] = len - (segments-1)*255;
memcpy(page->data+page->size, p, len);
p += len;
size -= len;
i += segments;
page->size += len;
Reported by FlawFinder.
libavformat/oggparseflac.c
1 issues
Line: 66
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = ff_alloc_extradata(st->codecpar, FLAC_STREAMINFO_SIZE)) < 0)
return ret;
memcpy(st->codecpar->extradata, streaminfo_start, st->codecpar->extradata_size);
samplerate = AV_RB24(st->codecpar->extradata + 10) >> 4;
if (!samplerate)
return AVERROR_INVALIDDATA;
Reported by FlawFinder.