The following issues were found
libavformat/rtpenc_vp9.c
1 issues
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtp_ctx->buf[0] |= 0x04;
}
memcpy(rtp_ctx->buf_ptr, buf, len);
ff_rtp_send_data(ctx, rtp_ctx->buf, len + RTP_VP9_DESC_REQUIRED_SIZE, size == len);
size -= len;
buf += len;
Reported by FlawFinder.
libavformat/samidec.c
1 issues
Line: 41
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sami_probe(const AVProbeData *p)
{
char buf[6];
FFTextReader tr;
ff_text_init_buf(&tr, p->buf, p->buf_size);
ff_text_read(&tr, buf, sizeof(buf));
return !strncmp(buf, "<SAMI>", 6) ? AVPROBE_SCORE_MAX : 0;
Reported by FlawFinder.
libavformat/sauce.c
1 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ff_sauce_read(AVFormatContext *avctx, uint64_t *fsize, int *got_width, int get_height)
{
AVIOContext *pb = avctx->pb;
char buf[36];
int datatype, filetype, t1, t2, nb_comments;
uint64_t start_pos = avio_size(pb) - 128;
avio_seek(pb, start_pos, SEEK_SET);
if (avio_read(pb, buf, 7) != 7)
Reported by FlawFinder.
libavformat/sdr2.c
1 issues
Line: 95
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pos == FIRST) {
if ((ret = av_new_packet(pkt, next - 52 + 24)) < 0)
return ret;
memcpy(pkt->data, header, 24);
ret = avio_read(s->pb, pkt->data + 24, next - 52);
if (ret < 0) {
return ret;
}
av_shrink_packet(pkt, ret + 24);
Reported by FlawFinder.
libavformat/segafilm.c
1 issues
Line: 92
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FilmDemuxContext *film = s->priv_data;
AVIOContext *pb = s->pb;
AVStream *st;
unsigned char scratch[256];
int i;
unsigned int data_offset;
unsigned int audio_frame_counter;
unsigned int video_frame_counter;
Reported by FlawFinder.
libavformat/siff.c
1 issues
Line: 223
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
AV_WL16(pkt->data, c->flags);
if (c->gmcsize)
memcpy(pkt->data + 2, c->gmc, c->gmcsize);
if (avio_read(s->pb, pkt->data + 2 + c->gmcsize, size) != size) {
return AVERROR_INVALIDDATA;
}
pkt->stream_index = 0;
c->curstrm = -1;
Reported by FlawFinder.
libavformat/smush.c
1 issues
libavformat/soxenc.c
1 issues
Line: 54
Column: 23
CWE codes:
126
comment = av_dict_get(s->metadata, "comment", NULL, 0);
if (comment)
comment_len = strlen(comment->value);
comment_size = FFALIGN(comment_len, 8);
sox->header_size = SOX_FIXED_HDR + comment_size;
if (par->codec_id == AV_CODEC_ID_PCM_S32LE) {
Reported by FlawFinder.
libavformat/srtpproto.c
1 issues
Line: 69
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int srtp_open(URLContext *h, const char *uri, int flags)
{
SRTPProtoContext *s = h->priv_data;
char hostname[256], buf[1024], path[1024];
int rtp_port, ret;
if (s->out_suite && s->out_params)
if ((ret = ff_srtp_set_crypto(&s->srtp_out, s->out_suite, s->out_params)) < 0)
goto fail;
Reported by FlawFinder.
libavformat/subtitles.h
1 issues
Line: 43
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
int type;
AVIOContext *pb;
unsigned char buf[8];
int buf_pos, buf_len;
AVIOContext buf_pb;
} FFTextReader;
/**
Reported by FlawFinder.