The following issues were found
libavformat/rm.c
1 issues
Line: 24
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "rm.h"
const char * const ff_rm_metadata[4] = {
"title",
"author",
"copyright",
"comment"
};
Reported by FlawFinder.
libavformat/rm.h
1 issues
Line: 28
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "avformat.h"
#include "internal.h"
extern const char * const ff_rm_metadata[4];
extern const AVCodecTag ff_rm_codec_tags[];
typedef struct RMStream RMStream;
RMStream *ff_rm_alloc_rmstream (void);
Reported by FlawFinder.
libavformat/rmsipr.h
1 issues
Line: 26
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <stdint.h>
extern const unsigned char ff_sipr_subpk_size[4];
/**
* Perform 4-bit block reordering for SIPR data.
*
* @param buf SIPR data
Reported by FlawFinder.
libavformat/rtmppkt.h
1 issues
Line: 86
Column: 20
CWE codes:
120
20
uint8_t *data; ///< packet payload
int size; ///< packet payload size
int offset; ///< amount of data read so far
int read; ///< amount read, including headers
} RTMPPacket;
/**
* Create new RTMP packet with given attributes.
*
Reported by FlawFinder.
libavformat/rtp.c
1 issues
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const struct {
int pt;
const char enc_name[6];
enum AVMediaType codec_type;
enum AVCodecID codec_id;
int clock_rate;
int audio_channels;
} rtp_payload_types[] = {
Reported by FlawFinder.
libavformat/rtpdec.h
1 issues
Line: 160
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t range_start_offset;
int max_payload_size;
/* used to send back RTCP RR */
char hostname[256];
int srtp_enabled;
struct SRTPContext srtp;
/** Statistics for this stream (used by RTCP receiver reports) */
Reported by FlawFinder.
libavformat/rtpdec_ac3.c
1 issues
Line: 71
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pkt->stream_index = st->index;
memcpy(pkt->data, buf, len);
return 0;
case 1:
case 2: /* First fragment */
ffio_free_dyn_buf(&data->fragment);
Reported by FlawFinder.
libavformat/rtpdec_h263.c
1 issues
Line: 87
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*ptr++ = 0;
*ptr++ = 0;
}
memcpy(ptr, buf, len);
return 0;
}
const RTPDynamicProtocolHandler ff_h263_1998_dynamic_handler = {
Reported by FlawFinder.
libavformat/rtpdec_ilbc.c
1 issues
Line: 31
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
const char *attr, const char *value)
{
if (!strcmp(attr, "mode")) {
int mode = atoi(value);
switch (mode) {
case 20:
stream->codecpar->block_align = 38;
break;
case 30:
Reported by FlawFinder.
libavformat/rtpdec_jpeg.c
1 issues
Line: 291
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(ctx, AV_LOG_WARNING,
"Quantization tables for q=%d changed\n", q);
} else if (!jpeg->qtables_len[q - 128] && qtable_len <= 128) {
memcpy(&jpeg->qtables[q - 128][0], qtables,
qtable_len);
jpeg->qtables_len[q - 128] = qtable_len;
}
}
} else {
Reported by FlawFinder.