The following issues were found
libavcodec/dxva2_hevc.c
9 issues
Line: 276
CWE codes:
908
}
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
static const uint8_t start_code[] = { 0, 0, 1 };
Reported by Cppcheck.
Line: 277
CWE codes:
908
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
static const uint8_t start_code[] = { 0, 0, 1 };
static const unsigned start_code_size = sizeof(start_code);
Reported by Cppcheck.
Line: 278
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
static const uint8_t start_code[] = { 0, 0, 1 };
static const unsigned start_code_size = sizeof(start_code);
unsigned position, size;
Reported by Cppcheck.
Line: 278
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
static const uint8_t start_code[] = { 0, 0, 1 };
static const unsigned start_code_size = sizeof(start_code);
unsigned position, size;
Reported by Cppcheck.
Line: 294
CWE codes:
908
break;
}
slice->BSNALunitDataLocation = current - dxva_data;
slice->SliceBytesInBuffer = start_code_size + size;
memcpy(current, start_code, start_code_size);
current += start_code_size;
Reported by Cppcheck.
Line: 303
CWE codes:
908
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
padding = FFMIN(128 - ((current - dxva_data) & 127), end - current);
if (slice && padding > 0) {
memset(current, 0, padding);
current += padding;
slice->SliceBytesInBuffer += padding;
Reported by Cppcheck.
Line: 351
CWE codes:
908
av_assert0(((current - dxva_data) & 127) == 0);
return ff_dxva2_commit_buffer(avctx, ctx, sc,
type,
slice_data, slice_size, 0);
}
static int dxva2_hevc_start_frame(AVCodecContext *avctx,
Reported by Cppcheck.
Line: 297
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
slice->BSNALunitDataLocation = current - dxva_data;
slice->SliceBytesInBuffer = start_code_size + size;
memcpy(current, start_code, start_code_size);
current += start_code_size;
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
Reported by FlawFinder.
Line: 300
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(current, start_code, start_code_size);
current += start_code_size;
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
padding = FFMIN(128 - ((current - dxva_data) & 127), end - current);
if (slice && padding > 0) {
memset(current, 0, padding);
Reported by FlawFinder.
libavformat/rtpproto.c
9 issues
Line: 168
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
av_strlcat(buf, "&", buf_size);
else
av_strlcat(buf, "?", buf_size);
vsnprintf(buf1, sizeof(buf1), fmt, ap);
av_strlcat(buf, buf1, buf_size);
va_end(ap);
}
static void build_udp_url(RTPContext *s,
Reported by FlawFinder.
Line: 106
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ff_rtp_set_remote_url(URLContext *h, const char *uri)
{
RTPContext *s = h->priv_data;
char hostname[256];
int port, rtcp_port;
const char *p;
char buf[1024];
char path[1024];
Reported by FlawFinder.
Line: 110
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int port, rtcp_port;
const char *p;
char buf[1024];
char path[1024];
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &port,
path, sizeof(path), uri);
rtcp_port = port + 1;
Reported by FlawFinder.
Line: 111
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *p;
char buf[1024];
char path[1024];
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &port,
path, sizeof(path), uri);
rtcp_port = port + 1;
Reported by FlawFinder.
Line: 160
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static av_printf_format(3, 4) void url_add_option(char *buf, int buf_size, const char *fmt, ...)
{
char buf1[1024];
va_list ap;
va_start(ap, fmt);
if (strchr(buf, '?'))
av_strlcat(buf, "&", buf_size);
Reported by FlawFinder.
Line: 226
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RTPContext *s = h->priv_data;
AVDictionary *fec_opts = NULL;
int rtp_port;
char hostname[256], include_sources[1024] = "", exclude_sources[1024] = "";
char *sources = include_sources, *block = exclude_sources;
char *fec_protocol = NULL;
char buf[1024];
char path[1024];
const char *p;
Reported by FlawFinder.
Line: 229
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hostname[256], include_sources[1024] = "", exclude_sources[1024] = "";
char *sources = include_sources, *block = exclude_sources;
char *fec_protocol = NULL;
char buf[1024];
char path[1024];
const char *p;
int i, max_retry_count = 3;
int rtcpflags;
Reported by FlawFinder.
Line: 230
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *sources = include_sources, *block = exclude_sources;
char *fec_protocol = NULL;
char buf[1024];
char path[1024];
const char *p;
int i, max_retry_count = 3;
int rtcpflags;
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &rtp_port,
Reported by FlawFinder.
Line: 303
Column: 34
CWE codes:
126
goto fail;
}
p = s->fec_options_str + strlen(fec_protocol);
while (*p && *p == '=') p++;
if (av_dict_parse_string(&fec_opts, p, "=", ":", 0) < 0) {
av_log(h, AV_LOG_ERROR, "Failed to parse the FEC options\n");
goto fail;
Reported by FlawFinder.
libavfilter/vf_lut3d.c
9 issues
Line: 697
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_dat(AVFilterContext *ctx, FILE *f)
{
LUT3DContext *lut3d = ctx->priv;
char line[MAX_LINE_SIZE];
int ret, i, j, k, size, size2;
lut3d->lutsize = size = 33;
size2 = size * size;
Reported by FlawFinder.
Line: 732
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_cube(AVFilterContext *ctx, FILE *f)
{
LUT3DContext *lut3d = ctx->priv;
char line[MAX_LINE_SIZE];
float min[3] = {0.0, 0.0, 0.0};
float max[3] = {1.0, 1.0, 1.0};
while (fgets(line, sizeof(line), f)) {
if (!strncmp(line, "LUT_3D_SIZE", 11)) {
Reported by FlawFinder.
Line: 788
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* FIXME: it seems there are various 3dl formats */
static int parse_3dl(AVFilterContext *ctx, FILE *f)
{
char line[MAX_LINE_SIZE];
LUT3DContext *lut3d = ctx->priv;
int ret, i, j, k;
const int size = 17;
const int size2 = 17 * 17;
const float scale = 16*16*16;
Reported by FlawFinder.
Line: 826
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LUT3DContext *lut3d = ctx->priv;
float scale;
int ret, i, j, k, size, size2, in = -1, out = -1;
char line[MAX_LINE_SIZE];
uint8_t rgb_map[3] = {0, 1, 2};
while (fgets(line, sizeof(line), f)) {
if (!strncmp(line, "in", 2)) in = strtol(line + 2, NULL, 0);
else if (!strncmp(line, "out", 3)) out = strtol(line + 3, NULL, 0);
Reported by FlawFinder.
Line: 931
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_cinespace(AVFilterContext *ctx, FILE *f)
{
LUT3DContext *lut3d = ctx->priv;
char line[MAX_LINE_SIZE];
float in_min[3] = {0.0, 0.0, 0.0};
float in_max[3] = {1.0, 1.0, 1.0};
float out_min[3] = {0.0, 0.0, 0.0};
float out_max[3] = {1.0, 1.0, 1.0};
int inside_metadata = 0, size, size2;
Reported by FlawFinder.
Line: 1682
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_cinespace_1d(AVFilterContext *ctx, FILE *f)
{
LUT1DContext *lut1d = ctx->priv;
char line[MAX_LINE_SIZE];
float in_min[3] = {0.0, 0.0, 0.0};
float in_max[3] = {1.0, 1.0, 1.0};
float out_min[3] = {0.0, 0.0, 0.0};
float out_max[3] = {1.0, 1.0, 1.0};
int inside_metadata = 0, size;
Reported by FlawFinder.
Line: 1762
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_cube_1d(AVFilterContext *ctx, FILE *f)
{
LUT1DContext *lut1d = ctx->priv;
char line[MAX_LINE_SIZE];
float min[3] = {0.0, 0.0, 0.0};
float max[3] = {1.0, 1.0, 1.0};
while (fgets(line, sizeof(line), f)) {
if (!strncmp(line, "LUT_1D_SIZE", 11)) {
Reported by FlawFinder.
libavutil/log.c
9 issues
Line: 385
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
fprintf(stderr, " Last message repeated %d times\n", count);
count = 0;
}
strcpy(prev, line);
sanitize(part[0].str);
colored_fputs(type[0], 0, part[0].str);
sanitize(part[1].str);
colored_fputs(type[1], 0, part[1].str);
sanitize(part[2].str);
Reported by FlawFinder.
Line: 150
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static void check_color_terminal(void)
{
char *term = getenv("TERM");
#if defined(_WIN32) && HAVE_SETCONSOLETEXTATTRIBUTE && HAVE_GETSTDHANDLE
CONSOLE_SCREEN_BUFFER_INFO con_info;
DWORD dummy;
con = GetStdHandle(STD_ERROR_HANDLE);
Reported by FlawFinder.
Line: 165
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#endif
if (getenv("AV_LOG_FORCE_NOCOLOR")) {
use_color = 0;
} else if (getenv("AV_LOG_FORCE_COLOR")) {
use_color = 1;
} else {
#if defined(_WIN32) && HAVE_SETCONSOLETEXTATTRIBUTE && HAVE_GETSTDHANDLE
Reported by FlawFinder.
Line: 167
Column: 16
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (getenv("AV_LOG_FORCE_NOCOLOR")) {
use_color = 0;
} else if (getenv("AV_LOG_FORCE_COLOR")) {
use_color = 1;
} else {
#if defined(_WIN32) && HAVE_SETCONSOLETEXTATTRIBUTE && HAVE_GETSTDHANDLE
use_color = (con != INVALID_HANDLE_VALUE);
#elif HAVE_ISATTY
Reported by FlawFinder.
Line: 179
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
#endif
}
if (getenv("AV_LOG_FORCE_256COLOR") || term && strstr(term, "256color"))
use_color *= 256;
}
static void ansi_fputs(int level, int tint, const char *str, int local_use_color)
{
Reported by FlawFinder.
Line: 292
Column: 54
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static void format_line(void *avcl, int level, const char *fmt, va_list vl,
AVBPrint part[4], int *print_prefix, int type[2])
{
AVClass* avc = avcl ? *(AVClass **) avcl : NULL;
av_bprint_init(part+0, 0, AV_BPRINT_SIZE_AUTOMATIC);
av_bprint_init(part+1, 0, AV_BPRINT_SIZE_AUTOMATIC);
Reported by FlawFinder.
Line: 350
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static int print_prefix = 1;
static int count;
static char prev[LINE_SZ];
AVBPrint part[4];
char line[LINE_SZ];
static int is_atty;
int type[2];
unsigned tint = 0;
Reported by FlawFinder.
Line: 352
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int count;
static char prev[LINE_SZ];
AVBPrint part[4];
char line[LINE_SZ];
static int is_atty;
int type[2];
unsigned tint = 0;
if (level >= 0) {
Reported by FlawFinder.
Line: 375
Column: 23
CWE codes:
126
#endif
if (print_prefix && (flags & AV_LOG_SKIP_REPEATED) && !strcmp(line, prev) &&
*line && line[strlen(line) - 1] != '\r'){
count++;
if (is_atty == 1)
fprintf(stderr, " Last message repeated %d times\r", count);
goto end;
}
Reported by FlawFinder.
libpostproc/postprocess.c
9 issues
Line: 311
CWE codes:
786
{
int y;
for(y=0; y<BLOCK_SIZE; y++){
const int first= FFABS(dst[-1] - dst[0]) < c->QP ? dst[-1] : dst[0];
const int last= FFABS(dst[8] - dst[7]) < c->QP ? dst[8] : dst[7];
int sums[10];
sums[0] = 4*first + dst[0] + dst[1] + dst[2] + 4;
sums[1] = sums[0] - first + dst[3];
Reported by Cppcheck.
Line: 644
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pp_mode *pp_get_mode_by_name_and_quality(const char *name, int quality)
{
char temp[GET_MODE_BUFFER_SIZE];
char *p= temp;
static const char filterDelimiters[] = ",/";
static const char optionDelimiters[] = ":|";
struct PPMode *ppMode;
char *filterToken;
Reported by FlawFinder.
Line: 692
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int chrom=-1;
int luma=-1;
const char *option;
const char *options[OPTIONS_ARRAY_SIZE];
int i;
int filterNameOk=0;
int numOfUnknownOptions=0;
int enable=1; //does the user want us to enabled or disabled the filter
char *tokstate;
Reported by FlawFinder.
Line: 747
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memmove(p + newlen, p, plen+1);
memcpy(p, replaceTable[2*i + 1], newlen);
filterNameOk=1;
}
}
for(i=0; filters[i].shortName; i++){
Reported by FlawFinder.
Line: 1033
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}else{
int y;
for(y=0; y<height; y++){
memcpy(&(dst[1][y*dstStride[1]]), &(src[1][y*srcStride[1]]), width);
memcpy(&(dst[2][y*dstStride[2]]), &(src[2][y*srcStride[2]]), width);
}
}
}
Reported by FlawFinder.
Line: 1034
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int y;
for(y=0; y<height; y++){
memcpy(&(dst[1][y*dstStride[1]]), &(src[1][y*srcStride[1]]), width);
memcpy(&(dst[2][y*dstStride[2]]), &(src[2][y*srcStride[2]]), width);
}
}
}
Reported by FlawFinder.
Line: 701
Column: 13
CWE codes:
126
filterToken= av_strtok(p, filterDelimiters, &tokstate);
if(!filterToken) break;
p+= strlen(filterToken) + 1; // p points to next filterToken
filterName= av_strtok(filterToken, optionDelimiters, &tokstate);
if (!filterName) {
ppMode->error++;
break;
}
Reported by FlawFinder.
Line: 734
Column: 33
CWE codes:
126
/* replace stuff from the replace Table */
for(i=0; replaceTable[2*i]; i++){
if(!strcmp(replaceTable[2*i], filterName)){
size_t newlen = strlen(replaceTable[2*i + 1]);
int plen;
int spaceLeft;
p--, *p=',';
Reported by FlawFinder.
Line: 740
Column: 23
CWE codes:
126
p--, *p=',';
plen= strlen(p);
spaceLeft= p - temp + plen;
if(spaceLeft + newlen >= GET_MODE_BUFFER_SIZE - 1){
ppMode->error++;
break;
}
Reported by FlawFinder.
libavcodec/amrwbdec.c
8 issues
Line: 348
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Check which pitch signal path should be used
* 6k60 and 8k85 modes have the ltp flag set to 0 */
if (amr_subframe->ltp) {
memcpy(ctx->pitch_vector, exc, AMRWB_SFR_SIZE * sizeof(float));
} else {
for (i = 0; i < AMRWB_SFR_SIZE; i++)
ctx->pitch_vector[i] = 0.18 * exc[i - 1] + 0.64 * exc[i] +
0.18 * exc[i + 1];
memcpy(exc, ctx->pitch_vector, AMRWB_SFR_SIZE * sizeof(float));
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < AMRWB_SFR_SIZE; i++)
ctx->pitch_vector[i] = 0.18 * exc[i - 1] + 0.64 * exc[i] +
0.18 * exc[i + 1];
memcpy(exc, ctx->pitch_vector, AMRWB_SFR_SIZE * sizeof(float));
}
}
/** Get x bits in the index interval [lsb,lsb+len-1] inclusive */
#define BIT_STR(x,lsb,len) av_mod_uintp2((x) >> (lsb), (len))
Reported by FlawFinder.
Line: 1062
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
out[i] = 0.0;
for (j = 0; j <= HB_FIR_SIZE; j++)
Reported by FlawFinder.
Line: 1063
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
out[i] = 0.0;
for (j = 0; j <= HB_FIR_SIZE; j++)
out[i] += data[i + j] * fir_coef[j];
Reported by FlawFinder.
Line: 1071
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out[i] += data[i + j] * fir_coef[j];
}
memcpy(mem, data + AMRWB_SFR_SIZE_16k, HB_FIR_SIZE * sizeof(float));
}
#endif /* hb_fir_filter */
/**
* Update context state before the next subframe.
Reported by FlawFinder.
Line: 1173
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Generate a ISP vector for each subframe */
if (ctx->first_frame) {
ctx->first_frame = 0;
memcpy(ctx->isp_sub4_past, ctx->isp[3], LP_ORDER * sizeof(double));
}
interpolate_isp(ctx->isp, ctx->isp_sub4_past);
for (sub = 0; sub < 4; sub++)
ff_amrwb_lsp2lpc(ctx->isp[sub], ctx->lp_coef[sub], LP_ORDER);
Reported by FlawFinder.
Line: 1270
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* update state for next frame */
memcpy(ctx->isp_sub4_past, ctx->isp[3], LP_ORDER * sizeof(ctx->isp[3][0]));
memcpy(ctx->isf_past_final, ctx->isf_cur, LP_ORDER * sizeof(float));
*got_frame_ptr = 1;
return expected_fr_size;
Reported by FlawFinder.
Line: 1271
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* update state for next frame */
memcpy(ctx->isp_sub4_past, ctx->isp[3], LP_ORDER * sizeof(ctx->isp[3][0]));
memcpy(ctx->isf_past_final, ctx->isf_cur, LP_ORDER * sizeof(float));
*got_frame_ptr = 1;
return expected_fr_size;
}
Reported by FlawFinder.
libavcodec/mjpegdec.c
8 issues
Line: 87
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (ht[i].class < 2) {
memcpy(s->raw_huffman_lengths[ht[i].class][ht[i].index],
ht[i].bits + 1, 16);
memcpy(s->raw_huffman_values[ht[i].class][ht[i].index],
ht[i].values, ht[i].length);
}
}
Reported by FlawFinder.
Line: 89
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ht[i].class < 2) {
memcpy(s->raw_huffman_lengths[ht[i].class][ht[i].index],
ht[i].bits + 1, 16);
memcpy(s->raw_huffman_values[ht[i].class][ht[i].index],
ht[i].values, ht[i].length);
}
}
return 0;
Reported by FlawFinder.
Line: 431
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->width = width;
s->height = height;
s->bits = bits;
memcpy(s->h_count, h_count, sizeof(h_count));
memcpy(s->v_count, v_count, sizeof(v_count));
s->interlaced = 0;
s->got_picture = 0;
/* test interlaced mode */
Reported by FlawFinder.
Line: 432
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->height = height;
s->bits = bits;
memcpy(s->h_count, h_count, sizeof(h_count));
memcpy(s->v_count, v_count, sizeof(v_count));
s->interlaced = 0;
s->got_picture = 0;
/* test interlaced mode */
if (s->first_picture &&
Reported by FlawFinder.
Line: 2116
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(s->iccentries[seqno - 1].data, align_get_bits(&s->gb), len);
skip_bits(&s->gb, len << 3);
len = 0;
s->iccread++;
if (s->iccread > s->iccnum)
Reported by FlawFinder.
Line: 2222
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_data_segment(skip) do { \
ptrdiff_t length = (ptr - src) - (skip); \
if (length > 0) { \
memcpy(dst, src, length); \
dst += length; \
src = ptr; \
} \
} while (0)
Reported by FlawFinder.
Line: 2750
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *src1 = &((uint8_t *)s->picture_ptr->data[p])[i * s->upscale_v[p] / (s->upscale_v[p] + 1) * s->linesize[p]];
uint8_t *src2 = &((uint8_t *)s->picture_ptr->data[p])[(i + 1) * s->upscale_v[p] / (s->upscale_v[p] + 1) * s->linesize[p]];
if (s->upscale_v[p] != 2 && (src1 == src2 || i == h - 1)) {
memcpy(dst, src1, w);
} else {
for (index = 0; index < w; index++)
dst[index] = (src1[index] + src2[index]) >> 1;
}
dst -= s->linesize[p];
Reported by FlawFinder.
Line: 2859
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Reassemble the parts, which are now in-order. */
for (i = 0; i < s->iccnum; i++) {
memcpy(sd->data + offset, s->iccentries[i].data, s->iccentries[i].length);
offset += s->iccentries[i].length;
}
}
av_dict_copy(&frame->metadata, s->exif_metadata, 0);
Reported by FlawFinder.
libavcodec/scpr3.c
8 issues
Line: 244
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e += f;
}
memcpy(m, &n, sizeof(n));
return 0;
}
static void calc_sum(PixelModel3 *m)
Reported by FlawFinder.
Line: 364
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(m, &n, sizeof(n));
return 0;
}
static void grow_dec(PixelModel3 *m)
Reported by FlawFinder.
Line: 494
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n.symbols[i] = m->symbols[i];
n.symbols[b] = val;
memcpy(m, &n, sizeof(n));
return 0;
}
static int update_model1_to_4(PixelModel3 *m, uint32_t val)
Reported by FlawFinder.
Line: 520
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(m, &n, sizeof(n));
return 0;
}
static int update_model1_to_5(PixelModel3 *m, uint32_t val)
Reported by FlawFinder.
Line: 617
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FFSWAP(uint8_t, n.symbols[0], n.symbols[d]);
}
memcpy(m, &n, sizeof(n));
return 0;
}
static int update_model2_to_3(PixelModel3 *m, uint32_t val)
Reported by FlawFinder.
Line: 635
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n.symbols[i] = m->symbols[i];
n.symbols[size] = val;
memcpy(m, &n, sizeof(n));
return 0;
}
static int decode_static2(PixelModel3 *m, uint32_t val)
Reported by FlawFinder.
Line: 701
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c += g;
}
memcpy(m, &n, sizeof(n));
return 0;
}
static int decode_static3(PixelModel3 *m, uint32_t val)
Reported by FlawFinder.
Line: 818
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
calc_sum5(&n);
memcpy(m, &n, sizeof(n));
return 0;
}
static int decode_unit3(SCPRContext *s, PixelModel3 *m, uint32_t code, uint32_t *value)
Reported by FlawFinder.
libavfilter/vf_signature.c
8 issues
Line: 394
Column: 9
CWE codes:
362
FILE* f;
unsigned int pot3[5] = { 3*3*3*3, 3*3*3, 3*3, 3, 1 };
f = fopen(filename, "w");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open xml file %s: %s\n", filename, buf);
Reported by FlawFinder.
Line: 397
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
f = fopen(filename, "w");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open xml file %s: %s\n", filename, buf);
return err;
}
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
362
if (!buffer)
return AVERROR(ENOMEM);
f = fopen(filename, "wb");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open file %s: %s\n", filename, buf);
Reported by FlawFinder.
Line: 511
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
f = fopen(filename, "wb");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open file %s: %s\n", filename, buf);
av_freep(&buffer);
return err;
}
Reported by FlawFinder.
Line: 573
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int export(AVFilterContext *ctx, StreamContext *sc, int input)
{
SignatureContext* sic = ctx->priv;
char filename[1024];
if (sic->nb_inputs > 1) {
/* error already handled */
av_assert0(av_get_frame_filename(filename, sizeof(filename), sic->filename, input) == 0);
} else {
Reported by FlawFinder.
Line: 651
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SignatureContext *sic = ctx->priv;
StreamContext *sc;
int i, ret;
char tmp[1024];
sic->streamcontexts = av_mallocz(sic->nb_inputs * sizeof(StreamContext));
if (!sic->streamcontexts)
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 611
Column: 17
CWE codes:
126
/* export signature at EOF */
if (ret == AVERROR_EOF && !sc->exported) {
/* export if wanted */
if (strlen(sic->filename) > 0) {
if (export(ctx, sc, i) < 0)
return ret;
}
sc->exported = 1;
}
Reported by FlawFinder.
Line: 690
Column: 31
CWE codes:
126
}
/* check filename */
if (sic->nb_inputs > 1 && strlen(sic->filename) > 0 && av_get_frame_filename(tmp, sizeof(tmp), sic->filename, 0) == -1) {
av_log(ctx, AV_LOG_ERROR, "The filename must contain %%d or %%0nd, if you have more than one input.\n");
return AVERROR(EINVAL);
}
return 0;
Reported by FlawFinder.
libavcodec/g2meet.c
8 issues
Line: 997
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < tile_height; j++) {
for (i = 0; i < tile_width; i++)
if (in[i] == tr)
memcpy(dst + i * 3, jpg + i * 3, 3);
in += c->epic_buf_stride >> 2;
dst += c->framebuf_stride;
jpg += c->tile_stride;
}
}
Reported by FlawFinder.
Line: 1038
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < width; i++) {
col = get_bits(&gb, nb);
if (col != tidx)
memcpy(dst + i * 3, pal + col * 3, 3);
else
memcpy(dst + i * 3, jpeg_tile + i * 3, 3);
}
skip_bits_long(&gb, nb * (align_width - width));
}
Reported by FlawFinder.
Line: 1040
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (col != tidx)
memcpy(dst + i * 3, pal + col * 3, 3);
else
memcpy(dst + i * 3, jpeg_tile + i * 3, 3);
}
skip_bits_long(&gb, nb * (align_width - width));
}
return 0;
Reported by FlawFinder.
Line: 1073
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sub_type = hdr >> 5;
if (sub_type == 0) {
int j;
memcpy(transp, src, 3);
src += 3;
for (j = 0; j < height; j++, dst += c->framebuf_stride)
for (i = 0; i < width; i++)
memcpy(dst + i * 3, transp, 3);
return 0;
Reported by FlawFinder.
Line: 1077
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += 3;
for (j = 0; j < height; j++, dst += c->framebuf_stride)
for (i = 0; i < width; i++)
memcpy(dst + i * 3, transp, 3);
return 0;
} else if (sub_type == 1) {
return jpg_decode_data(&c->jc, width, height, src, src_end - src,
dst, c->framebuf_stride, NULL, 0, 0, 0);
}
Reported by FlawFinder.
Line: 1085
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (sub_type != 2) {
memcpy(transp, src, 3);
src += 3;
}
npal = *src++ + 1;
if (src_end - src < npal * 3)
return AVERROR_INVALIDDATA;
Reported by FlawFinder.
Line: 1091
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
npal = *src++ + 1;
if (src_end - src < npal * 3)
return AVERROR_INVALIDDATA;
memcpy(pal, src, npal * 3);
src += npal * 3;
if (sub_type != 2) {
for (i = 0; i < npal; i++) {
if (!memcmp(pal + i * 3, transp, 3)) {
tidx = i;
Reported by FlawFinder.
Line: 1568
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pic->pict_type = got_header ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
for (i = 0; i < avctx->height; i++)
memcpy(pic->data[0] + i * pic->linesize[0],
c->framebuf + i * c->framebuf_stride,
c->width * 3);
g2m_paint_cursor(c, pic->data[0], pic->linesize[0]);
*got_picture_ptr = 1;
Reported by FlawFinder.