The following issues were found
libavcodec/mjpegdec.c
8 issues
Line: 87
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (ht[i].class < 2) {
memcpy(s->raw_huffman_lengths[ht[i].class][ht[i].index],
ht[i].bits + 1, 16);
memcpy(s->raw_huffman_values[ht[i].class][ht[i].index],
ht[i].values, ht[i].length);
}
}
Reported by FlawFinder.
Line: 89
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ht[i].class < 2) {
memcpy(s->raw_huffman_lengths[ht[i].class][ht[i].index],
ht[i].bits + 1, 16);
memcpy(s->raw_huffman_values[ht[i].class][ht[i].index],
ht[i].values, ht[i].length);
}
}
return 0;
Reported by FlawFinder.
Line: 431
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->width = width;
s->height = height;
s->bits = bits;
memcpy(s->h_count, h_count, sizeof(h_count));
memcpy(s->v_count, v_count, sizeof(v_count));
s->interlaced = 0;
s->got_picture = 0;
/* test interlaced mode */
Reported by FlawFinder.
Line: 432
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->height = height;
s->bits = bits;
memcpy(s->h_count, h_count, sizeof(h_count));
memcpy(s->v_count, v_count, sizeof(v_count));
s->interlaced = 0;
s->got_picture = 0;
/* test interlaced mode */
if (s->first_picture &&
Reported by FlawFinder.
Line: 2116
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(s->iccentries[seqno - 1].data, align_get_bits(&s->gb), len);
skip_bits(&s->gb, len << 3);
len = 0;
s->iccread++;
if (s->iccread > s->iccnum)
Reported by FlawFinder.
Line: 2222
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define copy_data_segment(skip) do { \
ptrdiff_t length = (ptr - src) - (skip); \
if (length > 0) { \
memcpy(dst, src, length); \
dst += length; \
src = ptr; \
} \
} while (0)
Reported by FlawFinder.
Line: 2750
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *src1 = &((uint8_t *)s->picture_ptr->data[p])[i * s->upscale_v[p] / (s->upscale_v[p] + 1) * s->linesize[p]];
uint8_t *src2 = &((uint8_t *)s->picture_ptr->data[p])[(i + 1) * s->upscale_v[p] / (s->upscale_v[p] + 1) * s->linesize[p]];
if (s->upscale_v[p] != 2 && (src1 == src2 || i == h - 1)) {
memcpy(dst, src1, w);
} else {
for (index = 0; index < w; index++)
dst[index] = (src1[index] + src2[index]) >> 1;
}
dst -= s->linesize[p];
Reported by FlawFinder.
Line: 2859
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Reassemble the parts, which are now in-order. */
for (i = 0; i < s->iccnum; i++) {
memcpy(sd->data + offset, s->iccentries[i].data, s->iccentries[i].length);
offset += s->iccentries[i].length;
}
}
av_dict_copy(&frame->metadata, s->exif_metadata, 0);
Reported by FlawFinder.
libavfilter/af_headphone.c
8 issues
Line: 187
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
read = (wr - (ir_len - 1)) & modulo;
if (read + ir_len < buffer_length) {
memcpy(temp_src, bptr + read, ir_len * sizeof(*temp_src));
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
Reported by FlawFinder.
Line: 191
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
}
dst[0] += s->scalarproduct_float(cur_ir, temp_src, FFALIGN(ir_len, 32));
}
Reported by FlawFinder.
Line: 192
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
}
dst[0] += s->scalarproduct_float(cur_ir, temp_src, FFALIGN(ir_len, 32));
}
Reported by FlawFinder.
Line: 160
Column: 9
CWE codes:
120
20
const uint32_t modulo = (uint32_t)buffer_length - 1;
float *buffer[64];
int wr = *write;
int read;
int i, l;
dst += offset;
for (l = 0; l < in_channels; l++) {
buffer[l] = ringbuffer + l * buffer_length;
Reported by FlawFinder.
Line: 187
Column: 41
CWE codes:
120
20
read = (wr - (ir_len - 1)) & modulo;
if (read + ir_len < buffer_length) {
memcpy(temp_src, bptr + read, ir_len * sizeof(*temp_src));
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
Reported by FlawFinder.
Line: 189
Column: 76
CWE codes:
120
20
if (read + ir_len < buffer_length) {
memcpy(temp_src, bptr + read, ir_len * sizeof(*temp_src));
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
}
Reported by FlawFinder.
Line: 189
Column: 44
CWE codes:
120
20
if (read + ir_len < buffer_length) {
memcpy(temp_src, bptr + read, ir_len * sizeof(*temp_src));
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
}
Reported by FlawFinder.
Line: 191
Column: 41
CWE codes:
120
20
} else {
int len = FFMIN(air_len - (read % ir_len), buffer_length - read);
memcpy(temp_src, bptr + read, len * sizeof(*temp_src));
memcpy(temp_src + len, bptr, (air_len - len) * sizeof(*temp_src));
}
dst[0] += s->scalarproduct_float(cur_ir, temp_src, FFALIGN(ir_len, 32));
}
Reported by FlawFinder.
libavformat/fitsenc.c
8 issues
Line: 62
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
header[9] = ' ';
if (!strcmp(fmt, "%d")) {
ret = snprintf(header + 10, 70, fmt, *(int *)value);
} else {
ret = snprintf(header + 10, 70, fmt, *(float *)value);
}
memset(&header[ret + 10], ' ', sizeof(header) - (ret + 10));
Reported by FlawFinder.
Line: 64
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!strcmp(fmt, "%d")) {
ret = snprintf(header + 10, 70, fmt, *(int *)value);
} else {
ret = snprintf(header + 10, 70, fmt, *(float *)value);
}
memset(&header[ret + 10], ' ', sizeof(header) - (ret + 10));
avio_write(s->pb, header, sizeof(header));
Reported by FlawFinder.
Line: 56
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = strlen(keyword);
memset(header, ' ', sizeof(header));
memcpy(header, keyword, len);
header[8] = '=';
header[9] = ' ';
if (!strcmp(fmt, "%d")) {
Reported by FlawFinder.
Line: 130
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (fitsctx->first_image) {
memcpy(buffer, "SIMPLE = ", 10);
memset(buffer + 10, ' ', 70);
buffer[29] = 'T';
avio_write(s->pb, buffer, sizeof(buffer));
} else {
memcpy(buffer, "XTENSION= 'IMAGE '", 20);
Reported by FlawFinder.
Line: 135
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer[29] = 'T';
avio_write(s->pb, buffer, sizeof(buffer));
} else {
memcpy(buffer, "XTENSION= 'IMAGE '", 20);
memset(buffer + 20, ' ', 60);
avio_write(s->pb, buffer, sizeof(buffer));
}
lines_written++;
Reported by FlawFinder.
Line: 168
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
write_keyword_value(s, "%d", "BZERO", &bzero, &lines_written);
if (rgb) {
memcpy(buffer, "CTYPE3 = 'RGB '", 20);
memset(buffer + 20, ' ', 60);
avio_write(s->pb, buffer, sizeof(buffer));
lines_written++;
}
Reported by FlawFinder.
Line: 174
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lines_written++;
}
memcpy(buffer, "END", 3);
memset(buffer + 3, ' ', 77);
avio_write(s->pb, buffer, sizeof(buffer));
lines_written++;
lines_left = ((lines_written + 35) / 36) * 36 - lines_written;
Reported by FlawFinder.
Line: 54
Column: 11
CWE codes:
126
int len, ret;
uint8_t header[80];
len = strlen(keyword);
memset(header, ' ', sizeof(header));
memcpy(header, keyword, len);
header[8] = '=';
header[9] = ' ';
Reported by FlawFinder.
libavcodec/cavs.c
8 issues
Line: 121
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->topleft_border_y = h->top_border_y[h->mbx * 16 + 15];
h->topleft_border_u = h->top_border_u[h->mbx * 10 + 8];
h->topleft_border_v = h->top_border_v[h->mbx * 10 + 8];
memcpy(&h->top_border_y[h->mbx * 16], h->cy + 15 * h->l_stride, 16);
memcpy(&h->top_border_u[h->mbx * 10 + 1], h->cu + 7 * h->c_stride, 8);
memcpy(&h->top_border_v[h->mbx * 10 + 1], h->cv + 7 * h->c_stride, 8);
for (i = 0; i < 8; i++) {
h->left_border_y[i * 2 + 1] = *(h->cy + 15 + (i * 2 + 0) * h->l_stride);
h->left_border_y[i * 2 + 2] = *(h->cy + 15 + (i * 2 + 1) * h->l_stride);
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->topleft_border_u = h->top_border_u[h->mbx * 10 + 8];
h->topleft_border_v = h->top_border_v[h->mbx * 10 + 8];
memcpy(&h->top_border_y[h->mbx * 16], h->cy + 15 * h->l_stride, 16);
memcpy(&h->top_border_u[h->mbx * 10 + 1], h->cu + 7 * h->c_stride, 8);
memcpy(&h->top_border_v[h->mbx * 10 + 1], h->cv + 7 * h->c_stride, 8);
for (i = 0; i < 8; i++) {
h->left_border_y[i * 2 + 1] = *(h->cy + 15 + (i * 2 + 0) * h->l_stride);
h->left_border_y[i * 2 + 2] = *(h->cy + 15 + (i * 2 + 1) * h->l_stride);
h->left_border_u[i + 1] = *(h->cu + 7 + i * h->c_stride);
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->topleft_border_v = h->top_border_v[h->mbx * 10 + 8];
memcpy(&h->top_border_y[h->mbx * 16], h->cy + 15 * h->l_stride, 16);
memcpy(&h->top_border_u[h->mbx * 10 + 1], h->cu + 7 * h->c_stride, 8);
memcpy(&h->top_border_v[h->mbx * 10 + 1], h->cv + 7 * h->c_stride, 8);
for (i = 0; i < 8; i++) {
h->left_border_y[i * 2 + 1] = *(h->cy + 15 + (i * 2 + 0) * h->l_stride);
h->left_border_y[i * 2 + 2] = *(h->cy + 15 + (i * 2 + 1) * h->l_stride);
h->left_border_u[i + 1] = *(h->cu + 7 + i * h->c_stride);
h->left_border_v[i + 1] = *(h->cv + 7 + i * h->c_stride);
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*left = h->left_border_y;
h->left_border_y[0] = h->left_border_y[1];
memset(&h->left_border_y[17], h->left_border_y[16], 9);
memcpy(&top[1], &h->top_border_y[h->mbx * 16], 16);
top[17] = top[16];
top[0] = top[1];
if ((h->flags & A_AVAIL) && (h->flags & B_AVAIL))
h->left_border_y[0] = top[0] = h->topleft_border_y;
break;
Reported by FlawFinder.
Line: 209
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->intern_border_y[i + 1] = *(h->cy + 7 + i * h->l_stride);
memset(&h->intern_border_y[9], h->intern_border_y[8], 9);
h->intern_border_y[0] = h->intern_border_y[1];
memcpy(&top[1], &h->top_border_y[h->mbx * 16 + 8], 8);
if (h->flags & C_AVAIL)
memcpy(&top[9], &h->top_border_y[(h->mbx + 1) * 16], 8);
else
memset(&top[9], top[8], 9);
top[17] = top[16];
Reported by FlawFinder.
Line: 211
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->intern_border_y[0] = h->intern_border_y[1];
memcpy(&top[1], &h->top_border_y[h->mbx * 16 + 8], 8);
if (h->flags & C_AVAIL)
memcpy(&top[9], &h->top_border_y[(h->mbx + 1) * 16], 8);
else
memset(&top[9], top[8], 9);
top[17] = top[16];
top[0] = top[1];
if (h->flags & B_AVAIL)
Reported by FlawFinder.
Line: 221
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 2:
*left = &h->left_border_y[8];
memcpy(&top[1], h->cy + 7 * h->l_stride, 16);
top[17] = top[16];
top[0] = top[1];
if (h->flags & A_AVAIL)
top[0] = h->left_border_y[8];
break;
Reported by FlawFinder.
Line: 232
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 8; i++)
h->intern_border_y[i + 9] = *(h->cy + 7 + (i + 8) * h->l_stride);
memset(&h->intern_border_y[17], h->intern_border_y[16], 9);
memcpy(&top[0], h->cy + 7 + 7 * h->l_stride, 9);
memset(&top[9], top[8], 9);
break;
}
}
Reported by FlawFinder.
libavcodec/g2meet.c
8 issues
Line: 997
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < tile_height; j++) {
for (i = 0; i < tile_width; i++)
if (in[i] == tr)
memcpy(dst + i * 3, jpg + i * 3, 3);
in += c->epic_buf_stride >> 2;
dst += c->framebuf_stride;
jpg += c->tile_stride;
}
}
Reported by FlawFinder.
Line: 1038
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < width; i++) {
col = get_bits(&gb, nb);
if (col != tidx)
memcpy(dst + i * 3, pal + col * 3, 3);
else
memcpy(dst + i * 3, jpeg_tile + i * 3, 3);
}
skip_bits_long(&gb, nb * (align_width - width));
}
Reported by FlawFinder.
Line: 1040
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (col != tidx)
memcpy(dst + i * 3, pal + col * 3, 3);
else
memcpy(dst + i * 3, jpeg_tile + i * 3, 3);
}
skip_bits_long(&gb, nb * (align_width - width));
}
return 0;
Reported by FlawFinder.
Line: 1073
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sub_type = hdr >> 5;
if (sub_type == 0) {
int j;
memcpy(transp, src, 3);
src += 3;
for (j = 0; j < height; j++, dst += c->framebuf_stride)
for (i = 0; i < width; i++)
memcpy(dst + i * 3, transp, 3);
return 0;
Reported by FlawFinder.
Line: 1077
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += 3;
for (j = 0; j < height; j++, dst += c->framebuf_stride)
for (i = 0; i < width; i++)
memcpy(dst + i * 3, transp, 3);
return 0;
} else if (sub_type == 1) {
return jpg_decode_data(&c->jc, width, height, src, src_end - src,
dst, c->framebuf_stride, NULL, 0, 0, 0);
}
Reported by FlawFinder.
Line: 1085
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (sub_type != 2) {
memcpy(transp, src, 3);
src += 3;
}
npal = *src++ + 1;
if (src_end - src < npal * 3)
return AVERROR_INVALIDDATA;
Reported by FlawFinder.
Line: 1091
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
npal = *src++ + 1;
if (src_end - src < npal * 3)
return AVERROR_INVALIDDATA;
memcpy(pal, src, npal * 3);
src += npal * 3;
if (sub_type != 2) {
for (i = 0; i < npal; i++) {
if (!memcmp(pal + i * 3, transp, 3)) {
tidx = i;
Reported by FlawFinder.
Line: 1568
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pic->pict_type = got_header ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
for (i = 0; i < avctx->height; i++)
memcpy(pic->data[0] + i * pic->linesize[0],
c->framebuf + i * c->framebuf_stride,
c->width * 3);
g2m_paint_cursor(c, pic->data[0], pic->linesize[0]);
*got_picture_ptr = 1;
Reported by FlawFinder.
libavdevice/bktr.c
8 issues
Line: 112
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (idev < 0 || idev > 4)
{
arg = getenv ("BKTR_DEV");
if (arg)
idev = atoi (arg);
if (idev < 0 || idev > 4)
idev = 1;
}
Reported by FlawFinder.
Line: 121
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (format < 1 || format > 6)
{
arg = getenv ("BKTR_FORMAT");
if (arg)
format = atoi (arg);
if (format < 1 || format > 6)
format = VIDEO_FORMAT;
}
Reported by FlawFinder.
Line: 130
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (frequency <= 0)
{
arg = getenv ("BKTR_FREQUENCY");
if (arg)
frequency = atof (arg);
if (frequency <= 0)
frequency = 0.0;
}
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int c;
struct sigaction act, old;
int ret;
char errbuf[128];
if (idev < 0 || idev > 4)
{
arg = getenv ("BKTR_DEV");
if (arg)
Reported by FlawFinder.
Line: 114
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
arg = getenv ("BKTR_DEV");
if (arg)
idev = atoi (arg);
if (idev < 0 || idev > 4)
idev = 1;
}
if (format < 1 || format > 6)
Reported by FlawFinder.
Line: 123
Column: 22
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
arg = getenv ("BKTR_FORMAT");
if (arg)
format = atoi (arg);
if (format < 1 || format > 6)
format = VIDEO_FORMAT;
}
if (frequency <= 0)
Reported by FlawFinder.
Line: 254
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bktr_getframe(s->per_frame);
pkt->pts = av_gettime();
memcpy(pkt->data, video_buf, video_buf_size);
return video_buf_size;
}
static int grab_read_header(AVFormatContext *s1)
Reported by FlawFinder.
Line: 231
Column: 14
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
curtime = av_gettime_relative();
if (!last_frame_time
|| ((last_frame_time + per_frame) > curtime)) {
if (!usleep(last_frame_time + per_frame + per_frame / 8 - curtime)) {
if (!nsignals)
av_log(NULL, AV_LOG_INFO,
"SLEPT NO signals - %d microseconds late\n",
(int)(av_gettime_relative() - last_frame_time - per_frame));
}
Reported by FlawFinder.
libavdevice/dshow.c
8 issues
Line: 185
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pktl_next->pkt.stream_index = index;
pktl_next->pkt.pts = time;
memcpy(pktl_next->pkt.data, buf, buf_size);
for(ppktl = &ctx->pktl ; *ppktl ; ppktl = &(*ppktl)->next);
*ppktl = pktl_next;
ctx->curbufsize[index] += buf_size;
Reported by FlawFinder.
Line: 744
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IPersistStream *pers_stream = NULL;
enum dshowDeviceType otherDevType = (devtype == VideoDevice) ? AudioDevice : VideoDevice;
const wchar_t *filter_name[2] = { L"Audio capture filter", L"Video capture filter" };
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
Reported by FlawFinder.
Line: 1009
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
par->extradata = av_malloc(9 + AV_INPUT_BUFFER_PADDING_SIZE);
if (par->extradata) {
par->extradata_size = 9;
memcpy(par->extradata, "BottomUp", 9);
}
}
}
}
} else {
Reported by FlawFinder.
Line: 255
Column: 25
CWE codes:
126
goto fail1;
unique_name = dup_wchar_to_utf8(olestr);
/* replace ':' with '_' since we use : to delineate between sources */
for (i = 0; i < strlen(unique_name); i++) {
if (unique_name[i] == ':')
unique_name[i] = '_';
}
r = IMoniker_BindToStorage(m, 0, 0, &IID_IPropertyBag, (void *) &bag);
Reported by FlawFinder.
Line: 747
Column: 45
CWE codes:
126
const wchar_t *filter_name[2] = { L"Audio capture filter", L"Video capture filter" };
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
Reported by FlawFinder.
Line: 748
Column: 48
CWE codes:
126
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
filename = ctx->audio_filter_load_file;
Reported by FlawFinder.
Line: 817
Column: 45
CWE codes:
126
}
ctx->capture_filter[devtype] = capture_filter;
if ( ((ctx->audio_filter_save_file) && (strlen(ctx->audio_filter_save_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_save_file) && (strlen(ctx->video_filter_save_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
Reported by FlawFinder.
Line: 818
Column: 48
CWE codes:
126
ctx->capture_filter[devtype] = capture_filter;
if ( ((ctx->audio_filter_save_file) && (strlen(ctx->audio_filter_save_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_save_file) && (strlen(ctx->video_filter_save_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
Reported by FlawFinder.
libavcodec/aacps.c
8 issues
Line: 142
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
//update in_buf
for (i = 0; i < 5; i++) {
memcpy(in[i], in[i]+32, 6 * sizeof(in[i][0]));
}
}
static void hybrid_synthesis(PSDSPContext *dsp, INTFLOAT out[2][38][64],
INTFLOAT in[91][32][2], int is34, int len)
Reported by FlawFinder.
Line: 492
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float g_decay_slope = 1.f - DECAY_SLOPE * (k - DECAY_CUTOFF[is34]);
g_decay_slope = av_clipf(g_decay_slope, 0.f, 1.f);
#endif /* USE_FIXED */
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
for (m = 0; m < PS_AP_LINKS; m++) {
memcpy(ap_delay[k][m], ap_delay[k][m]+numQMFSlots, 5*sizeof(ap_delay[k][m][0]));
}
ps->dsp.decorrelate(out[k], delay[k] + PS_MAX_DELAY - 2, ap_delay[k],
Reported by FlawFinder.
Line: 493
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
g_decay_slope = av_clipf(g_decay_slope, 0.f, 1.f);
#endif /* USE_FIXED */
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
for (m = 0; m < PS_AP_LINKS; m++) {
memcpy(ap_delay[k][m], ap_delay[k][m]+numQMFSlots, 5*sizeof(ap_delay[k][m][0]));
}
ps->dsp.decorrelate(out[k], delay[k] + PS_MAX_DELAY - 2, ap_delay[k],
phi_fract[is34][k],
Reported by FlawFinder.
Line: 495
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
for (m = 0; m < PS_AP_LINKS; m++) {
memcpy(ap_delay[k][m], ap_delay[k][m]+numQMFSlots, 5*sizeof(ap_delay[k][m][0]));
}
ps->dsp.decorrelate(out[k], delay[k] + PS_MAX_DELAY - 2, ap_delay[k],
phi_fract[is34][k],
(const INTFLOAT (*)[2]) Q_fract_allpass[is34][k],
transient_gain[b], g_decay_slope, nL - n0);
Reported by FlawFinder.
Line: 504
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (; k < SHORT_DELAY_BAND[is34]; k++) {
int i = k_to_i[k];
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
//H = delay 14
ps->dsp.mul_pair_single(out[k], delay[k] + PS_MAX_DELAY - 14,
transient_gain[i], nL - n0);
}
Reported by FlawFinder.
Line: 505
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; k < SHORT_DELAY_BAND[is34]; k++) {
int i = k_to_i[k];
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
//H = delay 14
ps->dsp.mul_pair_single(out[k], delay[k] + PS_MAX_DELAY - 14,
transient_gain[i], nL - n0);
}
for (; k < NR_BANDS[is34]; k++) {
Reported by FlawFinder.
Line: 512
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (; k < NR_BANDS[is34]; k++) {
int i = k_to_i[k];
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
//H = delay 1
ps->dsp.mul_pair_single(out[k], delay[k] + PS_MAX_DELAY - 1,
transient_gain[i], nL - n0);
}
Reported by FlawFinder.
Line: 513
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; k < NR_BANDS[is34]; k++) {
int i = k_to_i[k];
memcpy(delay[k], delay[k]+nL, PS_MAX_DELAY*sizeof(delay[k][0]));
memcpy(delay[k]+PS_MAX_DELAY, s[k], numQMFSlots*sizeof(delay[k][0]));
//H = delay 1
ps->dsp.mul_pair_single(out[k], delay[k] + PS_MAX_DELAY - 1,
transient_gain[i], nL - n0);
}
}
Reported by FlawFinder.
libavformat/wavdec.c
8 issues
Line: 270
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
return ret;
time_reference = avio_rl64(s->pb);
snprintf(temp, sizeof(temp), "%"PRIu64, time_reference);
if ((ret = av_dict_set(&s->metadata, "time_reference", temp, 0)) < 0)
return ret;
/* check if version is >= 1, in which case an UMID may be present */
if (avio_rl16(s->pb) >= 1) {
Reported by FlawFinder.
Line: 284
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (umid_parts[4] == 0 && umid_parts[5] == 0 &&
umid_parts[6] == 0 && umid_parts[7] == 0) {
/* basic UMID */
snprintf(temp, sizeof(temp),
"0x%016"PRIX64"%016"PRIX64"%016"PRIX64"%016"PRIX64,
umid_parts[0], umid_parts[1],
umid_parts[2], umid_parts[3]);
} else {
/* extended UMID */
Reported by FlawFinder.
Line: 290
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
umid_parts[2], umid_parts[3]);
} else {
/* extended UMID */
snprintf(temp, sizeof(temp),
"0x%016"PRIX64"%016"PRIX64"%016"PRIX64"%016"PRIX64
"%016"PRIX64"%016"PRIX64"%016"PRIX64"%016"PRIX64,
umid_parts[0], umid_parts[1],
umid_parts[2], umid_parts[3],
umid_parts[4], umid_parts[5],
Reported by FlawFinder.
Line: 240
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int wav_parse_bext_string(AVFormatContext *s, const char *key,
int length)
{
char temp[257];
int ret;
av_assert0(length < sizeof(temp));
if ((ret = ffio_read_size(s->pb, temp, length)) < 0)
return ret;
Reported by FlawFinder.
Line: 257
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int wav_parse_bext_tag(AVFormatContext *s, int64_t size)
{
char temp[131], *coding_history;
int ret, x;
uint64_t time_reference;
int64_t umid_parts[8], umid_mask = 0;
if ((ret = wav_parse_bext_string(s, "description", 256)) < 0 ||
Reported by FlawFinder.
Line: 525
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (s->nb_chapters > 0) {
while (avio_tell(pb) < next_tag_ofs &&
!avio_feof(pb)) {
char cue_label[512];
unsigned id, sub_size;
if (avio_rl32(pb) != MKTAG('l', 'a', 'b', 'l'))
break;
Reported by FlawFinder.
Line: 914
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
count = avio_rl32(pb);
for (i = 0; i < count; i++) {
char chunk_key[5], *value;
if (avio_feof(pb) || (cur = avio_tell(pb)) < 0 || cur > end - 8 /* = tag + size */)
break;
chunk_key[4] = 0;
Reported by FlawFinder.
Line: 249
Column: 9
CWE codes:
126
temp[length] = 0;
if (strlen(temp))
return av_dict_set(&s->metadata, key, temp, 0);
return 0;
}
Reported by FlawFinder.
libavcodec/wmaprodec.c
8 issues
Line: 875
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avpriv_request_sample(s->avctx,
"Coupled channels > 6");
} else {
memcpy(chgroup->decorrelation_matrix,
default_decorrelation[chgroup->num_channels],
chgroup->num_channels * chgroup->num_channels *
sizeof(*chgroup->decorrelation_matrix));
}
}
Reported by FlawFinder.
Line: 1502
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/** copy samples to the output buffer */
for (i = 0; i < s->nb_channels; i++)
memcpy(frame->extended_data[i], s->channel[i].out,
s->samples_per_frame * sizeof(*s->channel[i].out));
for (i = 0; i < s->nb_channels; i++) {
/** reuse second half of the IMDCT output for the next frame */
memcpy(&s->channel[i].out[0],
Reported by FlawFinder.
Line: 1507
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < s->nb_channels; i++) {
/** reuse second half of the IMDCT output for the next frame */
memcpy(&s->channel[i].out[0],
&s->channel[i].out[s->samples_per_frame],
s->samples_per_frame * sizeof(*s->channel[i].out) >> 1);
}
if (s->skip_frame) {
Reported by FlawFinder.
Line: 1636
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(frame->extended_data[i], 0,
s->samples_per_frame * sizeof(*s->channel[i].out));
memcpy(frame->extended_data[i], s->channel[i].out,
s->samples_per_frame * sizeof(*s->channel[i].out) >> 1);
}
/* TODO: XMA should output 128 samples only (instead of 512) and WMAPRO
* maybe 768 (with 2048), XMA needs changes in multi-stream handling though. */
Reported by FlawFinder.
Line: 1829
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy stream samples (1/2ch) to sample buffer (Nch) */
if (got_stream_frame_ptr) {
int start_ch = s->start_channel[s->current_stream];
memcpy(&s->samples[start_ch + 0][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[0], 512 * 4);
if (s->xma[s->current_stream].nb_channels > 1)
memcpy(&s->samples[start_ch + 1][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[1], 512 * 4);
s->offset[s->current_stream]++;
Reported by FlawFinder.
Line: 1832
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&s->samples[start_ch + 0][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[0], 512 * 4);
if (s->xma[s->current_stream].nb_channels > 1)
memcpy(&s->samples[start_ch + 1][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[1], 512 * 4);
s->offset[s->current_stream]++;
} else if (ret < 0) {
memset(s->offset, 0, sizeof(s->offset));
s->current_stream = 0;
Reported by FlawFinder.
Line: 1883
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy samples buffer (Nch) to frame samples (Nch), move unconsumed samples */
for (i = 0; i < s->num_streams; i++) {
int start_ch = s->start_channel[i];
memcpy(frame->extended_data[start_ch + 0], s->samples[start_ch + 0], frame->nb_samples * 4);
if (s->xma[i].nb_channels > 1)
memcpy(frame->extended_data[start_ch + 1], s->samples[start_ch + 1], frame->nb_samples * 4);
s->offset[i] -= offset;
if (s->offset[i]) {
Reported by FlawFinder.
Line: 1885
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int start_ch = s->start_channel[i];
memcpy(frame->extended_data[start_ch + 0], s->samples[start_ch + 0], frame->nb_samples * 4);
if (s->xma[i].nb_channels > 1)
memcpy(frame->extended_data[start_ch + 1], s->samples[start_ch + 1], frame->nb_samples * 4);
s->offset[i] -= offset;
if (s->offset[i]) {
memmove(s->samples[start_ch + 0], s->samples[start_ch + 0] + frame->nb_samples, s->offset[i] * 4 * 512);
if (s->xma[i].nb_channels > 1)
Reported by FlawFinder.