The following issues were found
libavcodec/dxva2_av1.c
8 issues
Line: 377
CWE codes:
908
}
#endif
dxva_data = dxva_data_ptr;
if (ctx_pic->bitstream_size > dxva_size) {
av_log(avctx, AV_LOG_ERROR, "Bitstream size exceeds hardware buffer");
return -1;
}
Reported by Cppcheck.
Line: 379
CWE codes:
908
dxva_data = dxva_data_ptr;
if (ctx_pic->bitstream_size > dxva_size) {
av_log(avctx, AV_LOG_ERROR, "Bitstream size exceeds hardware buffer");
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->bitstream_size);
Reported by Cppcheck.
Line: 384
CWE codes:
908
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->bitstream_size);
padding = FFMIN(128 - ((ctx_pic->bitstream_size) & 127), dxva_size - ctx_pic->bitstream_size);
if (padding > 0) {
memset(dxva_data + ctx_pic->bitstream_size, 0, padding);
ctx_pic->bitstream_size += padding;
Reported by Cppcheck.
Line: 388
CWE codes:
908
padding = FFMIN(128 - ((ctx_pic->bitstream_size) & 127), dxva_size - ctx_pic->bitstream_size);
if (padding > 0) {
memset(dxva_data + ctx_pic->bitstream_size, 0, padding);
ctx_pic->bitstream_size += padding;
}
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx))
Reported by Cppcheck.
Line: 426
CWE codes:
908
}
#endif
return ff_dxva2_commit_buffer(avctx, ctx, sc, type,
ctx_pic->tiles, sizeof(*ctx_pic->tiles) * ctx_pic->tile_count, 0);
}
static int dxva2_av1_end_frame(AVCodecContext *avctx)
{
Reported by Cppcheck.
Line: 64
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const AV1RawFrameHeader *frame_header = h->raw_frame_header;
const AV1RawFilmGrainParams *film_grain = &h->cur_frame.film_grain;
unsigned char remap_lr_type[4] = { AV1_RESTORE_NONE, AV1_RESTORE_SWITCHABLE, AV1_RESTORE_WIENER, AV1_RESTORE_SGRPROJ };
int apply_grain = !(avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && film_grain->apply_grain;
memset(pp, 0, sizeof(*pp));
pp->width = avctx->width;
Reported by FlawFinder.
Line: 329
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ctx_pic->bitstream = ctx->bitstream_cache = tmp;
memcpy(ctx_pic->bitstream + ctx_pic->bitstream_size, buffer, size);
for (uint32_t tile_num = h->tg_start; tile_num <= h->tg_end; tile_num++) {
ctx_pic->tiles[tile_num].DataOffset = ctx_pic->bitstream_size + h->tile_group_info[tile_num].tile_offset;
ctx_pic->tiles[tile_num].DataSize = h->tile_group_info[tile_num].tile_size;
ctx_pic->tiles[tile_num].row = h->tile_group_info[tile_num].tile_row;
Reported by FlawFinder.
Line: 384
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->bitstream_size);
padding = FFMIN(128 - ((ctx_pic->bitstream_size) & 127), dxva_size - ctx_pic->bitstream_size);
if (padding > 0) {
memset(dxva_data + ctx_pic->bitstream_size, 0, padding);
ctx_pic->bitstream_size += padding;
Reported by FlawFinder.
libavfilter/vf_signature.c
8 issues
Line: 394
Column: 9
CWE codes:
362
FILE* f;
unsigned int pot3[5] = { 3*3*3*3, 3*3*3, 3*3, 3, 1 };
f = fopen(filename, "w");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open xml file %s: %s\n", filename, buf);
Reported by FlawFinder.
Line: 397
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
f = fopen(filename, "w");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open xml file %s: %s\n", filename, buf);
return err;
}
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
362
if (!buffer)
return AVERROR(ENOMEM);
f = fopen(filename, "wb");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open file %s: %s\n", filename, buf);
Reported by FlawFinder.
Line: 511
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
f = fopen(filename, "wb");
if (!f) {
int err = AVERROR(EINVAL);
char buf[128];
av_strerror(err, buf, sizeof(buf));
av_log(ctx, AV_LOG_ERROR, "cannot open file %s: %s\n", filename, buf);
av_freep(&buffer);
return err;
}
Reported by FlawFinder.
Line: 573
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int export(AVFilterContext *ctx, StreamContext *sc, int input)
{
SignatureContext* sic = ctx->priv;
char filename[1024];
if (sic->nb_inputs > 1) {
/* error already handled */
av_assert0(av_get_frame_filename(filename, sizeof(filename), sic->filename, input) == 0);
} else {
Reported by FlawFinder.
Line: 651
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SignatureContext *sic = ctx->priv;
StreamContext *sc;
int i, ret;
char tmp[1024];
sic->streamcontexts = av_mallocz(sic->nb_inputs * sizeof(StreamContext));
if (!sic->streamcontexts)
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 611
Column: 17
CWE codes:
126
/* export signature at EOF */
if (ret == AVERROR_EOF && !sc->exported) {
/* export if wanted */
if (strlen(sic->filename) > 0) {
if (export(ctx, sc, i) < 0)
return ret;
}
sc->exported = 1;
}
Reported by FlawFinder.
Line: 690
Column: 31
CWE codes:
126
}
/* check filename */
if (sic->nb_inputs > 1 && strlen(sic->filename) > 0 && av_get_frame_filename(tmp, sizeof(tmp), sic->filename, 0) == -1) {
av_log(ctx, AV_LOG_ERROR, "The filename must contain %%d or %%0nd, if you have more than one input.\n");
return AVERROR(EINVAL);
}
return 0;
Reported by FlawFinder.
libavcodec/dxtory.c
8 issues
Line: 114
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst = pic->data[0];
for (h = 0; h < avctx->height; h++) {
memcpy(dst, src, avctx->width * bpp);
src += avctx->width * bpp;
dst += pic->linesize[0];
}
do_vflip(avctx, pic, vflipped);
Reported by FlawFinder.
Line: 520
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void setup_lru_555(uint8_t lru[3][8])
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static void setup_lru_565(uint8_t lru[3][8])
Reported by FlawFinder.
Line: 521
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void setup_lru_555(uint8_t lru[3][8])
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static void setup_lru_565(uint8_t lru[3][8])
{
Reported by FlawFinder.
Line: 522
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static void setup_lru_565(uint8_t lru[3][8])
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
Reported by FlawFinder.
Line: 527
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void setup_lru_565(uint8_t lru[3][8])
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_565, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static int dx2_decode_slice_555(GetBitContext *gb, AVFrame *frame,
Reported by FlawFinder.
Line: 528
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void setup_lru_565(uint8_t lru[3][8])
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_565, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static int dx2_decode_slice_555(GetBitContext *gb, AVFrame *frame,
int line, int left, uint8_t lru[3][8])
Reported by FlawFinder.
Line: 529
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(lru[0], def_lru_555, 8 * sizeof(*def_lru));
memcpy(lru[1], def_lru_565, 8 * sizeof(*def_lru));
memcpy(lru[2], def_lru_555, 8 * sizeof(*def_lru));
}
static int dx2_decode_slice_555(GetBitContext *gb, AVFrame *frame,
int line, int left, uint8_t lru[3][8])
{
Reported by FlawFinder.
Line: 587
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < 3; i++)
memcpy(lru[i], def_lru, 8 * sizeof(*def_lru));
}
static int dxtory_decode_v2_rgb(AVCodecContext *avctx, AVFrame *pic,
const uint8_t *src, int src_size,
uint32_t vflipped)
Reported by FlawFinder.
libavdevice/bktr.c
8 issues
Line: 112
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (idev < 0 || idev > 4)
{
arg = getenv ("BKTR_DEV");
if (arg)
idev = atoi (arg);
if (idev < 0 || idev > 4)
idev = 1;
}
Reported by FlawFinder.
Line: 121
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (format < 1 || format > 6)
{
arg = getenv ("BKTR_FORMAT");
if (arg)
format = atoi (arg);
if (format < 1 || format > 6)
format = VIDEO_FORMAT;
}
Reported by FlawFinder.
Line: 130
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (frequency <= 0)
{
arg = getenv ("BKTR_FREQUENCY");
if (arg)
frequency = atof (arg);
if (frequency <= 0)
frequency = 0.0;
}
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int c;
struct sigaction act, old;
int ret;
char errbuf[128];
if (idev < 0 || idev > 4)
{
arg = getenv ("BKTR_DEV");
if (arg)
Reported by FlawFinder.
Line: 114
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
arg = getenv ("BKTR_DEV");
if (arg)
idev = atoi (arg);
if (idev < 0 || idev > 4)
idev = 1;
}
if (format < 1 || format > 6)
Reported by FlawFinder.
Line: 123
Column: 22
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
arg = getenv ("BKTR_FORMAT");
if (arg)
format = atoi (arg);
if (format < 1 || format > 6)
format = VIDEO_FORMAT;
}
if (frequency <= 0)
Reported by FlawFinder.
Line: 254
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bktr_getframe(s->per_frame);
pkt->pts = av_gettime();
memcpy(pkt->data, video_buf, video_buf_size);
return video_buf_size;
}
static int grab_read_header(AVFormatContext *s1)
Reported by FlawFinder.
Line: 231
Column: 14
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
curtime = av_gettime_relative();
if (!last_frame_time
|| ((last_frame_time + per_frame) > curtime)) {
if (!usleep(last_frame_time + per_frame + per_frame / 8 - curtime)) {
if (!nsignals)
av_log(NULL, AV_LOG_INFO,
"SLEPT NO signals - %d microseconds late\n",
(int)(av_gettime_relative() - last_frame_time - per_frame));
}
Reported by FlawFinder.
libavdevice/dshow.c
8 issues
Line: 185
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pktl_next->pkt.stream_index = index;
pktl_next->pkt.pts = time;
memcpy(pktl_next->pkt.data, buf, buf_size);
for(ppktl = &ctx->pktl ; *ppktl ; ppktl = &(*ppktl)->next);
*ppktl = pktl_next;
ctx->curbufsize[index] += buf_size;
Reported by FlawFinder.
Line: 744
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IPersistStream *pers_stream = NULL;
enum dshowDeviceType otherDevType = (devtype == VideoDevice) ? AudioDevice : VideoDevice;
const wchar_t *filter_name[2] = { L"Audio capture filter", L"Video capture filter" };
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
Reported by FlawFinder.
Line: 1009
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
par->extradata = av_malloc(9 + AV_INPUT_BUFFER_PADDING_SIZE);
if (par->extradata) {
par->extradata_size = 9;
memcpy(par->extradata, "BottomUp", 9);
}
}
}
}
} else {
Reported by FlawFinder.
Line: 255
Column: 25
CWE codes:
126
goto fail1;
unique_name = dup_wchar_to_utf8(olestr);
/* replace ':' with '_' since we use : to delineate between sources */
for (i = 0; i < strlen(unique_name); i++) {
if (unique_name[i] == ':')
unique_name[i] = '_';
}
r = IMoniker_BindToStorage(m, 0, 0, &IID_IPropertyBag, (void *) &bag);
Reported by FlawFinder.
Line: 747
Column: 45
CWE codes:
126
const wchar_t *filter_name[2] = { L"Audio capture filter", L"Video capture filter" };
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
Reported by FlawFinder.
Line: 748
Column: 48
CWE codes:
126
if ( ((ctx->audio_filter_load_file) && (strlen(ctx->audio_filter_load_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_load_file) && (strlen(ctx->video_filter_load_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
filename = ctx->audio_filter_load_file;
Reported by FlawFinder.
Line: 817
Column: 45
CWE codes:
126
}
ctx->capture_filter[devtype] = capture_filter;
if ( ((ctx->audio_filter_save_file) && (strlen(ctx->audio_filter_save_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_save_file) && (strlen(ctx->video_filter_save_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
Reported by FlawFinder.
Line: 818
Column: 48
CWE codes:
126
ctx->capture_filter[devtype] = capture_filter;
if ( ((ctx->audio_filter_save_file) && (strlen(ctx->audio_filter_save_file)>0) && (sourcetype == AudioSourceDevice)) ||
((ctx->video_filter_save_file) && (strlen(ctx->video_filter_save_file)>0) && (sourcetype == VideoSourceDevice)) ) {
HRESULT hr;
char *filename = NULL;
if (sourcetype == AudioSourceDevice)
Reported by FlawFinder.
libavutil/bprint.c
8 issues
Line: 104
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
room = av_bprint_room(buf);
dst = room ? buf->str + buf->len : NULL;
va_start(vl, fmt);
extra_len = vsnprintf(dst, room, fmt, vl);
va_end(vl);
if (extra_len <= 0)
return;
if (extra_len < room)
break;
Reported by FlawFinder.
Line: 127
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
room = av_bprint_room(buf);
dst = room ? buf->str + buf->len : NULL;
va_copy(vl, vl_arg);
extra_len = vsnprintf(dst, room, fmt, vl);
va_end(vl);
if (extra_len <= 0)
return;
if (extra_len < room)
break;
Reported by FlawFinder.
Line: 53
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_str)
return AVERROR(ENOMEM);
if (!old_str)
memcpy(new_str, buf->str, buf->len + 1);
buf->str = new_str;
buf->size = new_size;
return 0;
}
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (room) {
real_n = FFMIN(size, room - 1);
memcpy(buf->str + buf->len, data, real_n);
}
av_bprint_grow(buf, size);
}
void av_bprint_strftime(AVBPrint *buf, const char *fmt, const struct tm *tm)
Reported by FlawFinder.
Line: 197
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* if strftime fails because the buffer has (almost) reached
its maximum size, let us try in a local buffer; 1k should
be enough to format any real date+time string */
char buf2[1024];
if ((l = strftime(buf2, sizeof(buf2), fmt, tm))) {
av_bprintf(buf, "%s", buf2);
return;
}
}
Reported by FlawFinder.
Line: 208
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
truncated, let us add a stock string and force truncation */
static const char txt[] = "[truncated strftime output]";
memset(buf->str + buf->len, '!', room);
memcpy(buf->str + buf->len, txt, FFMIN(sizeof(txt) - 1, room));
av_bprint_grow(buf, room); /* force truncation */
}
return;
}
}
Reported by FlawFinder.
Line: 249
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
str = av_malloc(real_size);
if (str)
memcpy(str, buf->str, real_size);
else
ret = AVERROR(ENOMEM);
}
*ret_str = str;
} else {
Reported by FlawFinder.
Line: 188
Column: 24
CWE codes:
126
break;
/* strftime does not tell us how much room it would need: let us
retry with twice as much until the buffer is large enough */
room = !room ? strlen(fmt) + 1 :
room <= INT_MAX / 2 ? room * 2 : INT_MAX;
if (av_bprint_alloc(buf, room)) {
/* impossible to grow, try to manage something useful anyway */
room = av_bprint_room(buf);
if (room < 1024) {
Reported by FlawFinder.
libavcodec/mpeg4videodec.c
8 issues
Line: 2675
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int decode_user_data(Mpeg4DecContext *ctx, GetBitContext *gb)
{
MpegEncContext *s = &ctx->m;
char buf[256];
int i;
int e;
int ver = 0, build = 0, ver2 = 0, ver3 = 0;
char last;
Reported by FlawFinder.
Line: 3445
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->bitstream_buffer_size = 0;
return AVERROR(ENOMEM);
}
memcpy(s->bitstream_buffer, buf + current_pos,
buf_size - current_pos);
s->bitstream_buffer_size = buf_size - current_pos;
}
}
Reported by FlawFinder.
Line: 3492
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->cplx_estimation_trash_b = s1->cplx_estimation_trash_b;
s->rgb = s1->rgb;
memcpy(s->sprite_shift, s1->sprite_shift, sizeof(s1->sprite_shift));
memcpy(s->sprite_traj, s1->sprite_traj, sizeof(s1->sprite_traj));
if (CONFIG_MPEG4_DECODER && !init && s1->xvid_build >= 0)
ff_xvid_idct_init(&s->m.idsp, dst);
Reported by FlawFinder.
Line: 3493
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->rgb = s1->rgb;
memcpy(s->sprite_shift, s1->sprite_shift, sizeof(s1->sprite_shift));
memcpy(s->sprite_traj, s1->sprite_traj, sizeof(s1->sprite_traj));
if (CONFIG_MPEG4_DECODER && !init && s1->xvid_build >= 0)
ff_xvid_idct_init(&s->m.idsp, dst);
return 0;
Reported by FlawFinder.
Line: 1820
Column: 36
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
Mpeg4DecContext *ctx = s->avctx->priv_data;
int cc, dct_dc_size, dct_diff, code, j, idx = 1, group = 0, run = 0,
additional_code_len, sign, mismatch;
const VLC *cur_vlc = &studio_intra_tab[0];
uint8_t *const scantable = s->intra_scantable.permutated;
const uint16_t *quant_matrix;
uint32_t flc;
const int min = -1 * (1 << (s->avctx->bits_per_raw_sample + 6));
Reported by FlawFinder.
Line: 1867
Column: 5
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* TODO: support mpeg_quant for AC coefficients */
block[0] = av_clip(block[0], min, max);
mismatch ^= block[0];
/* AC Coefficients */
while (1) {
group = get_vlc2(&s->gb, cur_vlc->table, STUDIO_INTRA_BITS, 2);
Reported by FlawFinder.
Line: 1922
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
block[j] = ((block[j] * quant_matrix[j] * s->qscale) * (1 << shift)) / 16;
block[j] = av_clip(block[j], min, max);
mismatch ^= block[j];
}
block[63] ^= mismatch & 1;
return 0;
Reported by FlawFinder.
Line: 1925
Column: 18
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
mismatch ^= block[j];
}
block[63] ^= mismatch & 1;
return 0;
}
static int mpeg4_decode_dpcm_macroblock(MpegEncContext *s, int16_t macroblock[256], int n)
Reported by FlawFinder.
libavcodec/wmaprodec.c
8 issues
Line: 875
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avpriv_request_sample(s->avctx,
"Coupled channels > 6");
} else {
memcpy(chgroup->decorrelation_matrix,
default_decorrelation[chgroup->num_channels],
chgroup->num_channels * chgroup->num_channels *
sizeof(*chgroup->decorrelation_matrix));
}
}
Reported by FlawFinder.
Line: 1502
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/** copy samples to the output buffer */
for (i = 0; i < s->nb_channels; i++)
memcpy(frame->extended_data[i], s->channel[i].out,
s->samples_per_frame * sizeof(*s->channel[i].out));
for (i = 0; i < s->nb_channels; i++) {
/** reuse second half of the IMDCT output for the next frame */
memcpy(&s->channel[i].out[0],
Reported by FlawFinder.
Line: 1507
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < s->nb_channels; i++) {
/** reuse second half of the IMDCT output for the next frame */
memcpy(&s->channel[i].out[0],
&s->channel[i].out[s->samples_per_frame],
s->samples_per_frame * sizeof(*s->channel[i].out) >> 1);
}
if (s->skip_frame) {
Reported by FlawFinder.
Line: 1636
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(frame->extended_data[i], 0,
s->samples_per_frame * sizeof(*s->channel[i].out));
memcpy(frame->extended_data[i], s->channel[i].out,
s->samples_per_frame * sizeof(*s->channel[i].out) >> 1);
}
/* TODO: XMA should output 128 samples only (instead of 512) and WMAPRO
* maybe 768 (with 2048), XMA needs changes in multi-stream handling though. */
Reported by FlawFinder.
Line: 1829
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy stream samples (1/2ch) to sample buffer (Nch) */
if (got_stream_frame_ptr) {
int start_ch = s->start_channel[s->current_stream];
memcpy(&s->samples[start_ch + 0][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[0], 512 * 4);
if (s->xma[s->current_stream].nb_channels > 1)
memcpy(&s->samples[start_ch + 1][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[1], 512 * 4);
s->offset[s->current_stream]++;
Reported by FlawFinder.
Line: 1832
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&s->samples[start_ch + 0][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[0], 512 * 4);
if (s->xma[s->current_stream].nb_channels > 1)
memcpy(&s->samples[start_ch + 1][s->offset[s->current_stream] * 512],
s->frames[s->current_stream]->extended_data[1], 512 * 4);
s->offset[s->current_stream]++;
} else if (ret < 0) {
memset(s->offset, 0, sizeof(s->offset));
s->current_stream = 0;
Reported by FlawFinder.
Line: 1883
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy samples buffer (Nch) to frame samples (Nch), move unconsumed samples */
for (i = 0; i < s->num_streams; i++) {
int start_ch = s->start_channel[i];
memcpy(frame->extended_data[start_ch + 0], s->samples[start_ch + 0], frame->nb_samples * 4);
if (s->xma[i].nb_channels > 1)
memcpy(frame->extended_data[start_ch + 1], s->samples[start_ch + 1], frame->nb_samples * 4);
s->offset[i] -= offset;
if (s->offset[i]) {
Reported by FlawFinder.
Line: 1885
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int start_ch = s->start_channel[i];
memcpy(frame->extended_data[start_ch + 0], s->samples[start_ch + 0], frame->nb_samples * 4);
if (s->xma[i].nb_channels > 1)
memcpy(frame->extended_data[start_ch + 1], s->samples[start_ch + 1], frame->nb_samples * 4);
s->offset[i] -= offset;
if (s->offset[i]) {
memmove(s->samples[start_ch + 0], s->samples[start_ch + 0] + frame->nb_samples, s->offset[i] * 4 * 512);
if (s->xma[i].nb_channels > 1)
Reported by FlawFinder.
libavformat/hdsenc.c
8 issues
Line: 40
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "libavutil/opt.h"
typedef struct Fragment {
char file[1024];
int64_t start_time, duration;
int n;
} Fragment;
typedef struct OutputStream {
Reported by FlawFinder.
Line: 51
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVFormatContext *ctx;
int ctx_inited;
uint8_t iobuf[32768];
char temp_filename[1024];
int64_t frag_start_ts, last_ts;
AVIOContext *out;
int packets_written;
int nb_fragments, fragments_size, fragment_index;
Fragment **fragments;
Reported by FlawFinder.
Line: 99
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
os->extra_packets[os->nb_extra_packets] = av_malloc(size);
if (!os->extra_packets[os->nb_extra_packets])
return AVERROR(ENOMEM);
memcpy(os->extra_packets[os->nb_extra_packets], buf, size);
os->nb_extra_packets++;
} else if (type == 0x12) {
if (os->metadata)
return AVERROR_INVALIDDATA;
os->metadata_size = size - 11 - 4;
Reported by FlawFinder.
Line: 108
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
os->metadata = av_malloc(os->metadata_size);
if (!os->metadata)
return AVERROR(ENOMEM);
memcpy(os->metadata, buf + 11, os->metadata_size);
}
buf += size;
buf_size -= size;
}
if (!os->metadata)
Reported by FlawFinder.
Line: 164
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
HDSContext *c = s->priv_data;
AVIOContext *out;
char filename[1024], temp_filename[1024];
int ret, i;
double duration = 0;
if (c->nb_streams > 0)
duration = c->streams[0].last_ts * av_q2d(s->streams[0]->time_base);
Reported by FlawFinder.
Line: 223
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
HDSContext *c = s->priv_data;
AVIOContext *out;
char filename[1024], temp_filename[1024];
int i, ret;
int64_t asrt_pos, afrt_pos;
int start = 0, fragments;
int index = s->streams[os->first_stream]->id;
int64_t cur_media_time = 0;
Reported by FlawFinder.
Line: 456
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
HDSContext *c = s->priv_data;
int i, ret = 0;
char target_filename[1024];
int index = s->streams[os->first_stream]->id;
if (!os->packets_written)
return 0;
Reported by FlawFinder.
Line: 539
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
write_manifest(s, 1);
if (c->remove_at_exit) {
char filename[1024];
snprintf(filename, sizeof(filename), "%s/index.f4m", s->url);
unlink(filename);
for (i = 0; i < c->nb_streams; i++) {
snprintf(filename, sizeof(filename), "%s/stream%d.abst", s->url, i);
unlink(filename);
Reported by FlawFinder.
libavcodec/vorbisenc.c
7 issues
Line: 307
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cb->codewords = av_malloc_array(cb->nentries, sizeof(uint32_t));
if (!cb->lens || !cb->codewords)
return AVERROR(ENOMEM);
memcpy(cb->lens, clens, cvectors[book].len);
memset(cb->lens + cvectors[book].len, 0, cb->nentries - cvectors[book].len);
clens += cvectors[book].len;
if (cb->lookup) {
vals = cb_lookup_vals(cb->lookup, cb->ndimensions, cb->nentries);
Reported by FlawFinder.
Line: 411
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ 24, 25, -1, -1, -1, -1, -1, -1, },
{ 26, 27, 28, -1, -1, -1, -1, -1, },
};
memcpy(rc->books, a, sizeof a);
}
if ((ret = ready_residue(rc, venc)) < 0)
return ret;
venc->nmappings = 1;
Reported by FlawFinder.
Line: 745
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += av_xiphlacing(p, hlens[1]);
buffer_len = 0;
for (i = 0; i < 3; i++) {
memcpy(p, buffer + buffer_len, hlens[i]);
p += hlens[i];
buffer_len += hlens[i];
}
av_freep(&buffer);
Reported by FlawFinder.
Line: 1066
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy samples from last frame into current frame */
if (venc->have_saved)
for (ch = 0; ch < venc->channels; ch++)
memcpy(venc->samples + 2 * ch * frame_size,
venc->saved + ch * frame_size, sizeof(float) * frame_size);
else
for (ch = 0; ch < venc->channels; ch++)
memset(venc->samples + 2 * ch * frame_size, 0, sizeof(float) * frame_size);
Reported by FlawFinder.
Line: 1081
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const float *input = (float *) cur->extended_data[ch];
const size_t len = cur->nb_samples * sizeof(float);
memcpy(offset + sf*sf_size, input, len);
memcpy(save + sf*sf_size, input, len); // Move samples for next frame
}
av_frame_free(&cur);
}
venc->have_saved = 1;
Reported by FlawFinder.
Line: 1082
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t len = cur->nb_samples * sizeof(float);
memcpy(offset + sf*sf_size, input, len);
memcpy(save + sf*sf_size, input, len); // Move samples for next frame
}
av_frame_free(&cur);
}
venc->have_saved = 1;
memcpy(venc->scratch, venc->samples, 2 * venc->channels * frame_size);
Reported by FlawFinder.
Line: 1087
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_frame_free(&cur);
}
venc->have_saved = 1;
memcpy(venc->scratch, venc->samples, 2 * venc->channels * frame_size);
}
static int vorbis_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
const AVFrame *frame, int *got_packet_ptr)
{
Reported by FlawFinder.