The following issues were found
libavcodec/vaapi_encode.c
9 issues
Line: 128
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t buffer_size = sizeof(header) + len;
av_assert0(buffer_size <= sizeof(buffer));
memcpy(buffer, &header, sizeof(header));
memcpy(buffer + sizeof(header), data, len);
return vaapi_encode_make_param_buffer(avctx, pic,
VAEncMiscParameterBufferType,
buffer, buffer_size);
Reported by FlawFinder.
Line: 129
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_assert0(buffer_size <= sizeof(buffer));
memcpy(buffer, &header, sizeof(header));
memcpy(buffer + sizeof(header), data, len);
return vaapi_encode_make_param_buffer(avctx, pic,
VAEncMiscParameterBufferType,
buffer, buffer_size);
}
Reported by FlawFinder.
Line: 256
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
VAAPIEncodeSlice *slice;
VAStatus vas;
int err, i;
char data[MAX_PARAM_BUFFER_SIZE];
size_t bit_len;
av_unused AVFrameSideData *sd;
av_log(avctx, AV_LOG_DEBUG, "Issuing encode for pic %"PRId64"/%"PRId64" "
"as type %s.\n", pic->display_order, pic->encode_order,
Reported by FlawFinder.
Line: 309
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pic->codec_picture_params = av_malloc(ctx->codec->picture_params_size);
if (!pic->codec_picture_params)
goto fail;
memcpy(pic->codec_picture_params, ctx->codec_picture_params,
ctx->codec->picture_params_size);
} else {
av_assert0(!ctx->codec_picture_params);
}
Reported by FlawFinder.
Line: 663
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_DEBUG, "Output buffer: %u bytes "
"(status %08x).\n", buf->size, buf->status);
memcpy(ptr, buf->buf, buf->size);
ptr += buf->size;
}
if (pic->type == PICTURE_TYPE_IDR)
pkt->flags |= AV_PKT_FLAG_KEY;
Reported by FlawFinder.
Line: 1508
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fr_num, fr_den;
VAConfigAttrib rc_attr = { VAConfigAttribRateControl };
VAStatus vas;
char supported_rc_modes_string[64];
vas = vaGetConfigAttributes(ctx->hwctx->display,
ctx->va_profile, ctx->va_entrypoint,
&rc_attr, 1);
if (vas != VA_STATUS_SUCCESS) {
Reported by FlawFinder.
Line: 1522
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
av_log(avctx, AV_LOG_VERBOSE, "Driver does not report any "
"supported rate control modes: assuming CQP only.\n");
supported_va_rc_modes = VA_RC_CQP;
strcpy(supported_rc_modes_string, "unknown");
} else {
char *str = supported_rc_modes_string;
size_t len = sizeof(supported_rc_modes_string);
int i, first = 1, res;
Reported by FlawFinder.
Line: 2503
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (ctx->va_packed_headers & VA_ENC_PACKED_HEADER_SEQUENCE &&
ctx->codec->write_sequence_header &&
avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER) {
char data[MAX_PARAM_BUFFER_SIZE];
size_t bit_len = 8 * sizeof(data);
err = ctx->codec->write_sequence_header(avctx, data, &bit_len);
if (err < 0) {
av_log(avctx, AV_LOG_ERROR, "Failed to write sequence header "
Reported by FlawFinder.
Line: 2519
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = AVERROR(ENOMEM);
goto fail;
}
memcpy(avctx->extradata, data, avctx->extradata_size);
}
}
return 0;
Reported by FlawFinder.
libavcodec/cbs_vp9.c
9 issues
Line: 49
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
value = sign ? -(int32_t)magnitude : magnitude;
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = magnitude >> (width - i - 1) & 1 ? '1' : '0';
bits[i] = sign ? '1' : '0';
bits[i + 1] = 0;
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
magnitude = sign ? -value : value;
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = magnitude >> (width - i - 1) & 1 ? '1' : '0';
bits[i] = sign ? '1' : '0';
bits[i + 1] = 0;
Reported by FlawFinder.
Line: 101
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint32_t value;
int position, i;
char bits[8];
av_assert0(range_min <= range_max && range_max - range_min < sizeof(bits) - 1);
if (ctx->trace_enable)
position = get_bits_count(gbc);
Reported by FlawFinder.
Line: 153
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[8];
int i;
for (i = 0; i < len; i++) {
if (range_min + i == value)
bits[i] = '0';
else
Reported by FlawFinder.
Line: 195
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
value |= get_bits(gbc, 8) << b;
if (ctx->trace_enable) {
char bits[33];
int i;
for (b = 0; b < width; b += 8)
for (i = 0; i < 8; i++)
bits[b + i] = value >> (b + i) & 1 ? '1' : '0';
bits[b] = 0;
Reported by FlawFinder.
Line: 222
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[33];
int i;
for (b = 0; b < width; b += 8)
for (i = 0; i < 8; i++)
bits[b + i] = value >> (b + i) & 1 ? '1' : '0';
bits[b] = 0;
Reported by FlawFinder.
Line: 540
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOSPC);
flush_put_bits(pbc);
memcpy(put_bits_ptr(pbc), frame->data, frame->data_size);
skip_put_bytes(pbc, frame->data_size);
}
return 0;
}
Reported by FlawFinder.
Line: 610
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = 0;
for (i = 0; i < frag->nb_units; i++) {
av_assert0(size - pos > frag->units[i].data_size);
memcpy(data + pos, frag->units[i].data,
frag->units[i].data_size);
pos += frag->units[i].data_size;
}
av_assert0(size - pos == 2 + frag->nb_units * size_len);
Reported by FlawFinder.
Line: 265
Column: 19
CWE codes:
120
20
xs(width, name, current->name, subs, __VA_ARGS__)
#define READ
#define READWRITE read
#define RWContext GetBitContext
#define xf(width, name, var, subs, ...) do { \
uint32_t value; \
CHECK(ff_cbs_read_unsigned(ctx, rw, width, #name, \
Reported by FlawFinder.
libavformat/file.c
9 issues
Line: 145
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
#if HAVE_ACCESS && defined(R_OK)
if (access(filename, F_OK) < 0)
return AVERROR(errno);
if (mask&AVIO_FLAG_READ)
if (access(filename, R_OK) >= 0)
ret |= AVIO_FLAG_READ;
if (mask&AVIO_FLAG_WRITE)
Reported by FlawFinder.
Line: 148
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access(filename, F_OK) < 0)
return AVERROR(errno);
if (mask&AVIO_FLAG_READ)
if (access(filename, R_OK) >= 0)
ret |= AVIO_FLAG_READ;
if (mask&AVIO_FLAG_WRITE)
if (access(filename, W_OK) >= 0)
ret |= AVIO_FLAG_WRITE;
#else
Reported by FlawFinder.
Line: 151
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access(filename, R_OK) >= 0)
ret |= AVIO_FLAG_READ;
if (mask&AVIO_FLAG_WRITE)
if (access(filename, W_OK) >= 0)
ret |= AVIO_FLAG_WRITE;
#else
struct stat st;
# ifndef _WIN32
ret = stat(filename, &st);
Reported by FlawFinder.
Line: 211
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static int file_open(URLContext *h, const char *filename, int flags)
{
FileContext *c = h->priv_data;
int access;
int fd;
struct stat st;
av_strstart(filename, "file:", &filename);
Reported by FlawFinder.
Line: 220
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (flags & AVIO_FLAG_WRITE && flags & AVIO_FLAG_READ) {
access = O_CREAT | O_RDWR;
if (c->trunc)
access |= O_TRUNC;
} else if (flags & AVIO_FLAG_WRITE) {
access = O_CREAT | O_WRONLY;
if (c->trunc)
access |= O_TRUNC;
} else {
Reported by FlawFinder.
Line: 224
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
} else if (flags & AVIO_FLAG_WRITE) {
access = O_CREAT | O_WRONLY;
if (c->trunc)
access |= O_TRUNC;
} else {
access = O_RDONLY;
}
#ifdef O_BINARY
access |= O_BINARY;
Reported by FlawFinder.
Line: 229
Column: 5
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
access = O_RDONLY;
}
#ifdef O_BINARY
access |= O_BINARY;
#endif
fd = avpriv_open(filename, access, 0666);
if (fd == -1)
return AVERROR(errno);
c->fd = fd;
Reported by FlawFinder.
Line: 231
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#ifdef O_BINARY
access |= O_BINARY;
#endif
fd = avpriv_open(filename, access, 0666);
if (fd == -1)
return AVERROR(errno);
c->fd = fd;
h->is_streamed = !fstat(fd, &st) && S_ISFIFO(st.st_mode);
Reported by FlawFinder.
Line: 114
Column: 11
CWE codes:
120
20
FileContext *c = h->priv_data;
int ret;
size = FFMIN(size, c->blocksize);
ret = read(c->fd, buf, size);
if (ret == 0 && c->follow)
return AVERROR(EAGAIN);
if (ret == 0)
return AVERROR_EOF;
return (ret == -1) ? AVERROR(errno) : ret;
Reported by FlawFinder.
libavcodec/videotoolbox.c
9 issues
Line: 78
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
vtctx->bitstream = tmp;
memcpy(vtctx->bitstream, buffer, size);
vtctx->bitstream_size = size;
return 0;
}
Reported by FlawFinder.
Line: 163
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_W8(p + 4, 0xff); /* 6 bits reserved (111111) + 2 bits nal size length - 3 (11) */
AV_W8(p + 5, 0xe1); /* 3 bits reserved (111) + 5 bits number of sps (00001) */
AV_WB16(p + 6, h->ps.sps->data_size);
memcpy(p + 8, h->ps.sps->data, h->ps.sps->data_size);
p += 8 + h->ps.sps->data_size;
AV_W8(p + 0, 1); /* number of pps */
AV_WB16(p + 1, h->ps.pps->data_size);
memcpy(p + 3, h->ps.pps->data, h->ps.pps->data_size);
Reported by FlawFinder.
Line: 167
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += 8 + h->ps.sps->data_size;
AV_W8(p + 0, 1); /* number of pps */
AV_WB16(p + 1, h->ps.pps->data_size);
memcpy(p + 3, h->ps.pps->data, h->ps.pps->data_size);
p += 3 + h->ps.pps->data_size;
av_assert0(p - vt_extradata == vt_extradata_size);
// save sps header (profile/level) used to create decoder session,
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// save sps header (profile/level) used to create decoder session,
// so we can detect changes and recreate it.
if (vtctx)
memcpy(vtctx->sps, h->ps.sps->data + 1, 3);
data = CFDataCreate(kCFAllocatorDefault, vt_extradata, vt_extradata_size);
av_free(vt_extradata);
return data;
}
Reported by FlawFinder.
Line: 228
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptlc.profile_idc);
/* unsigned int(32) general_profile_compatibility_flags; */
memcpy(p + 2, ptlc.profile_compatibility_flag, 4);
/* unsigned int(48) general_constraint_indicator_flags; */
AV_W8(p + 6, ptlc.progressive_source_flag << 7 |
ptlc.interlaced_source_flag << 6 |
ptlc.non_packed_constraint_flag << 5 |
Reported by FlawFinder.
Line: 318
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* unsigned int(16) nalUnitLength; */ \
AV_WB16(p, lps->data_size); \
/* bit(8*nalUnitLength) nalUnit; */ \
memcpy(p + 2, lps->data, lps->data_size); \
p += 2 + lps->data_size; \
} \
}
APPEND_PS(V, v)
Reported by FlawFinder.
Line: 358
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// save sps header (profile/level) used to create decoder session
if (!vtctx->sps[0])
memcpy(vtctx->sps, h->ps.sps->data + 1, 3);
if (type == H264_NAL_SPS) {
if (size > 4 && memcmp(vtctx->sps, buffer + 1, 3) != 0) {
vtctx->reconfig_needed = true;
memcpy(vtctx->sps, buffer + 1, 3);
Reported by FlawFinder.
Line: 363
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (type == H264_NAL_SPS) {
if (size > 4 && memcmp(vtctx->sps, buffer + 1, 3) != 0) {
vtctx->reconfig_needed = true;
memcpy(vtctx->sps, buffer + 1, 3);
}
}
// pass-through SPS/PPS changes to the decoder
return ff_videotoolbox_h264_decode_slice(avctx, buffer, size);
Reported by FlawFinder.
Line: 387
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vtctx->bitstream = tmp;
AV_WB32(vtctx->bitstream + vtctx->bitstream_size, size);
memcpy(vtctx->bitstream + vtctx->bitstream_size + 4, buffer, size);
vtctx->bitstream_size += size + 4;
return 0;
}
Reported by FlawFinder.
libavformat/ffmetadec.c
9 issues
Line: 110
Column: 11
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
if (sscanf(line, "TIMEBASE=%d/%d", &tb.num, &tb.den))
get_line(s->pb, line, sizeof(line));
ret = sscanf(line, "START=%"SCNd64, &start);
if (ret <= 0) {
av_log(s, AV_LOG_ERROR, "Expected chapter start timestamp, found %s.\n", line);
start = (s->nb_chapters && s->chapters[s->nb_chapters - 1]->end != AV_NOPTS_VALUE) ?
s->chapters[s->nb_chapters - 1]->end : 0;
} else
Reported by FlawFinder.
Line: 118
Column: 11
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
} else
get_line(s->pb, line, sizeof(line));
ret = sscanf(line, "END=%"SCNd64, &end);
if (ret <= 0) {
av_log(s, AV_LOG_ERROR, "Expected chapter end timestamp, found %s.\n", line);
end = AV_NOPTS_VALUE;
}
Reported by FlawFinder.
Line: 40
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int len, end;
int64_t read = 0;
char tmp[1024];
char c;
char prev = ' ';
do {
len = 0;
Reported by FlawFinder.
Line: 31
Column: 35
CWE codes:
126
static int probe(const AVProbeData *p)
{
if(!memcmp(p->buf, ID_STRING, strlen(ID_STRING)))
return AVPROBE_SCORE_MAX;
return 0;
}
static int64_t read_line_to_bprint_escaped(AVIOContext *s, AVBPrint *bp)
Reported by FlawFinder.
Line: 165
Column: 35
CWE codes:
126
if (!(key = unescape(line, p - line)))
return AVERROR(ENOMEM);
if (!(value = unescape(p + 1, strlen(p + 1)))) {
av_free(key);
return AVERROR(ENOMEM);
}
av_dict_set(m, key, value, AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL);
Reported by FlawFinder.
Line: 184
Column: 40
CWE codes:
126
while(!avio_feof(s->pb)) {
get_bprint_line(s->pb, &bp);
if (!memcmp(bp.str, ID_STREAM, strlen(ID_STREAM))) {
AVStream *st = avformat_new_stream(s, NULL);
if (!st)
goto nomem;
Reported by FlawFinder.
Line: 194
Column: 48
CWE codes:
126
st->codecpar->codec_id = AV_CODEC_ID_FFMETADATA;
m = &st->metadata;
} else if (!memcmp(bp.str, ID_CHAPTER, strlen(ID_CHAPTER))) {
AVChapter *ch = read_chapter(s);
if (!ch)
goto nomem;
Reported by FlawFinder.
libavformat/ty.c
9 issues
Line: 414
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ty->cur_chunk_pos += VIDEO_PES_LENGTH + es_offset1;
if ((ret = av_new_packet(pkt, size)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, size);
ty->cur_chunk_pos += size;
pkt->stream_index = 0;
got_packet = 1;
} else {
ff_dlog(s, "video rec type 0x%02x has short PES"
Reported by FlawFinder.
Line: 438
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!got_packet) {
if ((ret = av_new_packet(pkt, rec_size)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, rec_size);
ty->cur_chunk_pos += rec_size;
pkt->stream_index = 0;
got_packet = 1;
}
Reported by FlawFinder.
Line: 491
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
/* copy the partial pes header we found */
memcpy(ty->pes_buffer, pkt->data + offset, rec_len - offset);
ty->pes_buf_cnt = rec_len - offset;
if (offset > 0) {
/* PES Header was found, but not complete, so trim the end of this record */
pkt->size -= rec_len - offset;
Reported by FlawFinder.
Line: 532
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* do we have enough data to complete? */
if (need >= rec_size) {
/* don't have complete PES hdr; save what we have and return */
memcpy(ty->pes_buffer + ty->pes_buf_cnt, ty->chunk + ty->cur_chunk_pos, rec_size);
ty->cur_chunk_pos += rec_size;
ty->pes_buf_cnt += rec_size;
return 0;
}
Reported by FlawFinder.
Line: 539
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* we have enough; reconstruct this frame with the new hdr */
memcpy(ty->pes_buffer + ty->pes_buf_cnt, ty->chunk + ty->cur_chunk_pos, need);
ty->cur_chunk_pos += need;
/* get the PTS out of this PES header (MPEG or AC3) */
if (ty->audio_type == TIVO_AUDIO_MPEG) {
es_offset1 = find_es_header(ty_MPEGAudioPacket,
ty->pes_buffer, 5);
Reported by FlawFinder.
Line: 561
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if ((ret = av_new_packet(pkt, rec_size - need)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, rec_size - need);
ty->cur_chunk_pos += rec_size - need;
pkt->stream_index = 1;
/* S2 DTivo has AC3 packets with 2 padding bytes at end. This is
* not allowed in the AC3 spec and will cause problems. So here
Reported by FlawFinder.
Line: 583
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (subrec_type == 0x03) {
if ((ret = av_new_packet(pkt, rec_size)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, rec_size);
ty->cur_chunk_pos += rec_size;
pkt->stream_index = 1;
/* MPEG Audio with PES Header, either SA or DTiVo */
/* ================================================ */
es_offset1 = find_es_header(ty_MPEGAudioPacket, pkt->data, 5);
Reported by FlawFinder.
Line: 614
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* ================================================ */
if ((ret = av_new_packet(pkt, rec_size)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, rec_size);
ty->cur_chunk_pos += rec_size;
pkt->stream_index = 1;
pkt->pts = ty->last_audio_pts;
} else if (subrec_type == 0x09) {
if ((ret = av_new_packet(pkt, rec_size)) < 0)
Reported by FlawFinder.
Line: 621
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (subrec_type == 0x09) {
if ((ret = av_new_packet(pkt, rec_size)) < 0)
return ret;
memcpy(pkt->data, ty->chunk + ty->cur_chunk_pos, rec_size);
ty->cur_chunk_pos += rec_size ;
pkt->stream_index = 1;
/* DTiVo AC3 Audio Data with PES Header */
/* ================================================ */
Reported by FlawFinder.
libavfilter/vf_drawtext.c
9 issues
Line: 293
#define FT_ERRMSG(e) ft_errors[e].err_msg
typedef struct Glyph {
FT_Glyph glyph;
FT_Glyph border_glyph;
uint32_t code;
unsigned int fontsize;
FT_Bitmap bitmap; ///< array holding bitmaps of font
Reported by Cppcheck.
Line: 1595
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
for (int i = 0; i < loop; i++) {
if (header) {
bbox = av_get_detection_bbox(header, i);
strcpy(s->text, bbox->detect_label);
for (int j = 0; j < bbox->classify_count; j++) {
strcat(s->text, ", ");
strcat(s->text, bbox->classify_labels[j]);
}
s->x = bbox->x;
Reported by FlawFinder.
Line: 1598
Column: 17
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(s->text, bbox->detect_label);
for (int j = 0; j < bbox->classify_count; j++) {
strcat(s->text, ", ");
strcat(s->text, bbox->classify_labels[j]);
}
s->x = bbox->x;
s->y = bbox->y - s->fontsize;
}
draw_text(ctx, frame, frame->width, frame->height);
Reported by FlawFinder.
Line: 602
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
s->text = tmp;
memcpy(s->text, textbuf, textbuf_size);
s->text[textbuf_size] = 0;
av_file_unmap(textbuf, textbuf_size);
return 0;
}
Reported by FlawFinder.
Line: 1088
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int intval;
int ret;
unsigned int positions = 0;
char fmt_str[30] = "%";
/*
* argv[0] expression to be converted to `int`
* argv[1] format: 'x', 'X', 'd' or 'u'
* argv[2] positions printed (optional)
Reported by FlawFinder.
Line: 1191
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int expand_function(AVFilterContext *ctx, AVBPrint *bp, char **rtext)
{
const char *text = *rtext;
char *argv[16] = { NULL };
unsigned argc = 0, i;
int ret;
if (*text != '{') {
av_log(ctx, AV_LOG_ERROR, "Stray %% near '%s'\n", text);
Reported by FlawFinder.
Line: 1366
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (s->tc_opt_string) {
char tcbuf[AV_TIMECODE_STR_SIZE];
av_timecode_make_string(&s->tc, tcbuf, inlink->frame_count_out);
av_bprint_clear(bp);
av_bprintf(bp, "%s%s", s->text, tcbuf);
}
Reported by FlawFinder.
Line: 1597
Column: 17
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
bbox = av_get_detection_bbox(header, i);
strcpy(s->text, bbox->detect_label);
for (int j = 0; j < bbox->classify_count; j++) {
strcat(s->text, ", ");
strcat(s->text, bbox->classify_labels[j]);
}
s->x = bbox->x;
s->y = bbox->y - s->fontsize;
}
Reported by FlawFinder.
Line: 627
Column: 11
CWE codes:
126
FriBidiCharType *bidi_types = NULL;
FriBidiStrIndex i,j;
len = strlen(s->text);
if (!(unicodestr = av_malloc_array(len, sizeof(*unicodestr)))) {
goto out;
}
len = fribidi_charset_to_unicode(FRIBIDI_CHAR_SET_UTF8,
s->text, len, unicodestr);
Reported by FlawFinder.
libavcodec/cbs_av1.c
9 issues
Line: 66
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (ctx->trace_enable) {
char bits[65];
int i, j, k;
if (zeroes >= 32) {
while (zeroes > 32) {
k = FFMIN(zeroes - 32, 32);
Reported by FlawFinder.
Line: 131
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
put_bits(pbc, zeroes, v);
if (ctx->trace_enable) {
char bits[65];
int i, j;
i = 0;
for (j = 0; j < zeroes; j++)
bits[i++] = '0';
bits[i++] = '1';
Reported by FlawFinder.
Line: 244
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < w - 1; i++)
bits[i] = (v >> i & 1) ? '1' : '0';
if (v >= m)
bits[i++] = extra_bit ? '1' : '0';
Reported by FlawFinder.
Line: 294
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < w - 1; i++)
bits[i] = (v >> i & 1) ? '1' : '0';
if (value >= m)
bits[i++] = extra_bit ? '1' : '0';
Reported by FlawFinder.
Line: 315
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint32_t value;
int position, i;
char bits[33];
av_assert0(range_min <= range_max && range_max - range_min < sizeof(bits) - 1);
if (ctx->trace_enable)
position = get_bits_count(gbc);
Reported by FlawFinder.
Line: 368
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < len; i++) {
if (range_min + i == value)
bits[i] = '0';
else
Reported by FlawFinder.
Line: 1208
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skip_put_bytes(pbc, header_size);
if (td) {
memcpy(pbc->buf + data_pos + header_size,
td->data, td->data_size);
skip_put_bytes(pbc, td->data_size);
}
}
Reported by FlawFinder.
Line: 1238
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = 0;
for (i = 0; i < frag->nb_units; i++) {
memcpy(frag->data + pos, frag->units[i].data,
frag->units[i].data_size);
pos += frag->units[i].data_size;
}
av_assert0(pos == size);
frag->data_size = size;
Reported by FlawFinder.
Line: 573
Column: 19
CWE codes:
120
20
#define READ
#define READWRITE read
#define RWContext GetBitContext
#define xf(width, name, var, range_min, range_max, subs, ...) do { \
uint32_t value; \
CHECK(ff_cbs_read_unsigned(ctx, rw, width, #name, \
Reported by FlawFinder.
libavcodec/ac3dec.c
9 issues
Line: 723
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->fdsp->vector_fmul_window(s->outptr[ch - 1], s->delay[ch - 1 + offset],
s->tmp_output, s->window, 128);
#endif
memcpy(s->delay[ch - 1 + offset], s->tmp_output + 128, 128 * sizeof(FFTSample));
}
}
}
/**
Reported by FlawFinder.
Line: 738
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case AC3_CHMODE_DUALMONO:
case AC3_CHMODE_STEREO:
/* upmix mono to stereo */
memcpy(s->delay[1], s->delay[0], channel_data_size);
break;
case AC3_CHMODE_2F2R:
memset(s->delay[3], 0, channel_data_size);
case AC3_CHMODE_2F1R:
memset(s->delay[2], 0, channel_data_size);
Reported by FlawFinder.
Line: 750
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case AC3_CHMODE_3F1R:
memset(s->delay[3], 0, channel_data_size);
case AC3_CHMODE_3F:
memcpy(s->delay[2], s->delay[1], channel_data_size);
memset(s->delay[1], 0, channel_data_size);
break;
}
}
Reported by FlawFinder.
Line: 785
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n_subbands = end_subband - start_subband;
if (!blk)
memcpy(band_struct, default_band_struct, band_struct_size);
av_assert0(band_struct_size >= start_subband + n_subbands);
band_struct += start_subband + 1;
Reported by FlawFinder.
Line: 819
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (num_bands)
*num_bands = n_bands;
if (band_sizes)
memcpy(band_sizes, bnd_sz, n_bands);
}
static inline int spx_strategy(AC3DecodeContext *s, int blk)
{
GetBitContext *bc = &s->gbc;
Reported by FlawFinder.
Line: 1512
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->bdsp.bswap16_buf((uint16_t *) s->input_buffer,
(const uint16_t *) buf, cnt);
} else
memcpy(s->input_buffer, buf, FFMIN(buf_size, AC3_FRAME_BUFFER_SIZE));
/* if consistent noise generation is enabled, seed the linear feedback generator
* with the contents of the AC-3 frame so that the noise is identical across
* decodes given the same AC-3 frame data, for use with non-linear edititing software. */
if (s->consistent_noise_generation)
Reported by FlawFinder.
Line: 1646
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (err)
for (ch = 0; ch < s->out_channels; ch++)
memcpy(s->output_buffer[ch + offset] + AC3_BLOCK_SIZE*blk, output[ch], AC3_BLOCK_SIZE*sizeof(SHORTFLOAT));
for (ch = 0; ch < s->out_channels; ch++)
output[ch] = s->outptr[channel_map[ch]];
for (ch = 0; ch < s->out_channels; ch++) {
if (!ch || channel_map[ch])
s->outptr[channel_map[ch]] += AC3_BLOCK_SIZE;
Reported by FlawFinder.
Line: 1657
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* keep last block for error concealment in next frame */
for (ch = 0; ch < s->out_channels; ch++)
memcpy(s->output[ch + offset], output[ch], AC3_BLOCK_SIZE*sizeof(SHORTFLOAT));
/* check if there is dependent frame */
if (buf_size > s->frame_size) {
AC3HeaderInfo hdr;
int err;
Reported by FlawFinder.
Line: 1765
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (ch = 0; ch < avctx->channels; ch++) {
int map = extended_channel_map[ch];
av_assert0(ch>=AV_NUM_DATA_POINTERS || frame->extended_data[ch] == frame->data[ch]);
memcpy((SHORTFLOAT *)frame->extended_data[ch],
s->output_buffer[map],
s->num_blocks * AC3_BLOCK_SIZE * sizeof(SHORTFLOAT));
}
/*
Reported by FlawFinder.
libavcodec/dxva2_vc1.c
9 issues
Line: 222
CWE codes:
908
}
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
unsigned position, size;
Reported by Cppcheck.
Line: 223
CWE codes:
908
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
unsigned position, size;
slice = &ctx_pic->slice[i];
Reported by Cppcheck.
Line: 224
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
unsigned position, size;
slice = &ctx_pic->slice[i];
position = slice->dwSliceDataLocation;
Reported by Cppcheck.
Line: 224
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
unsigned position, size;
slice = &ctx_pic->slice[i];
position = slice->dwSliceDataLocation;
Reported by Cppcheck.
Line: 235
CWE codes:
908
av_log(avctx, AV_LOG_ERROR, "Failed to build bitstream");
break;
}
slice->dwSliceDataLocation = current - dxva_data;
if (i < ctx_pic->slice_count - 1)
slice->wNumberMBsInSlice =
slice[1].wNumberMBsInSlice - slice[0].wNumberMBsInSlice;
else
Reported by Cppcheck.
Line: 259
CWE codes:
908
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
padding = FFMIN(128 - ((current - dxva_data) & 127), end - current);
if (slice && padding > 0) {
memset(current, 0, padding);
current += padding;
slice->dwSliceBitsInBuffer += padding * 8;
}
Reported by Cppcheck.
Line: 303
CWE codes:
908
#endif
return ff_dxva2_commit_buffer(avctx, ctx, sc,
type,
ctx_pic->slice,
ctx_pic->slice_count * sizeof(*ctx_pic->slice),
mb_count);
}
Reported by Cppcheck.
Line: 246
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* write the appropriate frame, field or slice start code */
if (start_code_size) {
memcpy(current, start_code, start_code_size);
if (i == 0 && v->second_field)
current[3] = 0x0c;
else if (i > 0)
current[3] = 0x0b;
Reported by FlawFinder.
Line: 256
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
slice->dwSliceBitsInBuffer += start_code_size * 8;
}
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
padding = FFMIN(128 - ((current - dxva_data) & 127), end - current);
if (slice && padding > 0) {
memset(current, 0, padding);
Reported by FlawFinder.