The following issues were found
libavformat/voc.h
1 issues
Line: 46
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
VOC_TYPE_NEW_VOICE_DATA = 0x09,
} VocType;
extern const unsigned char ff_voc_magic[21];
extern const AVCodecTag ff_voc_codec_tags[];
extern const AVCodecTag *const ff_voc_codec_tags_list[];
int ff_voc_get_packet(AVFormatContext *s, AVPacket *pkt,
AVStream *st, int max_size);
Reported by FlawFinder.
libavformat/wc3movie.c
1 issues
Line: 218
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int size;
int packet_read = 0;
int ret = 0;
unsigned char text[1024];
while (!packet_read) {
fourcc_tag = avio_rl32(pb);
/* chunk sizes are 16-bit aligned */
Reported by FlawFinder.
libavformat/wsddec.c
1 issues
Line: 103
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st;
int version;
uint32_t text_offset, data_offset, channel_assign;
char playback_time[AV_TIMECODE_STR_SIZE];
st = avformat_new_stream(s, NULL);
if (!st)
return AVERROR(ENOMEM);
Reported by FlawFinder.
libavformat/xmv.c
1 issues
Line: 396
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(vst->codecpar->extradata, xmv->video.extradata, 4);
}
}
}
return 0;
Reported by FlawFinder.
libavutil/aes_ctr.c
1 issues
Line: 43
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void av_aes_ctr_set_iv(struct AVAESCTR *a, const uint8_t* iv)
{
memcpy(a->counter, iv, AES_CTR_IV_SIZE);
memset(a->counter + AES_CTR_IV_SIZE, 0, sizeof(a->counter) - AES_CTR_IV_SIZE);
a->block_offset = 0;
}
void av_aes_ctr_set_full_iv(struct AVAESCTR *a, const uint8_t* iv)
Reported by FlawFinder.
libavutil/aes_internal.h
1 issues
Line: 40
Column: 12
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
DECLARE_ALIGNED(16, av_aes_block, round_key)[15];
DECLARE_ALIGNED(16, av_aes_block, state)[2];
int rounds;
void (*crypt)(struct AVAES *a, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int rounds);
} AVAES;
#endif /* AVUTIL_AES_INTERNAL_H */
Reported by FlawFinder.
libavutil/base64.c
1 issues
Line: 99
CWE codes:
908
BASE64_DEC_STEP(3);
// Using AV_WB32 directly confuses compiler
v = av_be2ne32(v << 8);
AV_WN32(dst, v);
dst += 3;
in += 4;
}
if (end - dst) {
BASE64_DEC_STEP(0);
Reported by Cppcheck.
libavutil/hmac.c
1 issues
Line: 150
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->final(c->hash, c->key);
c->keylen = c->hashlen;
} else {
memcpy(c->key, key, keylen);
c->keylen = keylen;
}
c->init(c->hash);
for (i = 0; i < c->keylen; i++)
block[i] = c->key[i] ^ 0x36;
Reported by FlawFinder.
libavutil/hwcontext_drm.c
1 issues
Line: 56
Column: 17
CWE codes:
362
AVDRMDeviceContext *hwctx = hwdev->hwctx;
drmVersionPtr version;
hwctx->fd = open(device, O_RDWR);
if (hwctx->fd < 0)
return AVERROR(errno);
version = drmGetVersion(hwctx->fd);
if (!version) {
Reported by FlawFinder.
libavutil/hwcontext_dxva2.c
1 issues
Line: 519
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int err;
if (device)
adapter = atoi(device);
priv = av_mallocz(sizeof(*priv));
if (!priv)
return AVERROR(ENOMEM);
Reported by FlawFinder.