The following issues were found
libavcodec/dxva2_mpeg2.c
7 issues
Line: 186
CWE codes:
908
}
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
DXVA_SliceInfo *slice = &ctx_pic->slice[i];
Reported by Cppcheck.
Line: 187
CWE codes:
908
#endif
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
DXVA_SliceInfo *slice = &ctx_pic->slice[i];
unsigned position = slice->dwSliceDataLocation;
Reported by Cppcheck.
Line: 188
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
DXVA_SliceInfo *slice = &ctx_pic->slice[i];
unsigned position = slice->dwSliceDataLocation;
unsigned size = slice->dwSliceBitsInBuffer / 8;
Reported by Cppcheck.
Line: 188
CWE codes:
908
dxva_data = dxva_data_ptr;
current = dxva_data;
end = dxva_data + dxva_size;
for (i = 0; i < ctx_pic->slice_count; i++) {
DXVA_SliceInfo *slice = &ctx_pic->slice[i];
unsigned position = slice->dwSliceDataLocation;
unsigned size = slice->dwSliceBitsInBuffer / 8;
Reported by Cppcheck.
Line: 198
CWE codes:
908
av_log(avctx, AV_LOG_ERROR, "Failed to build bitstream");
break;
}
slice->dwSliceDataLocation = current - dxva_data;
if (i < ctx_pic->slice_count - 1)
slice->wNumberMBsInSlice =
slice[1].wNumberMBsInSlice - slice[0].wNumberMBsInSlice;
else
Reported by Cppcheck.
Line: 247
CWE codes:
908
#endif
return ff_dxva2_commit_buffer(avctx, ctx, sc,
type,
ctx_pic->slice,
ctx_pic->slice_count * sizeof(*ctx_pic->slice),
mb_count);
}
Reported by Cppcheck.
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
slice->wNumberMBsInSlice =
mb_count - slice[0].wNumberMBsInSlice;
memcpy(current, &ctx_pic->bitstream[position], size);
current += size;
}
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx))
if (FAILED(ID3D11VideoContext_ReleaseDecoderBuffer(D3D11VA_CONTEXT(ctx)->video_context, D3D11VA_CONTEXT(ctx)->decoder, type)))
Reported by FlawFinder.
libavcodec/jpeg2000dec.c
7 issues
Line: 588
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp.init = 1;
for (compno = 0; compno < s->ncomponents; compno++)
if (!(properties[compno] & HAD_COC))
memcpy(c + compno, &tmp, sizeof(tmp));
return 0;
}
/* Get coding parameters for a component in the whole image or a
* particular tile. */
Reported by FlawFinder.
Line: 719
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
for (compno = 0; compno < s->ncomponents; compno++)
if (!(properties[compno] & HAD_QCC))
memcpy(q + compno, &tmp, sizeof(tmp));
return 0;
}
/* Get quantization parameters for a component in the whole image
* on in a particular tile. */
Reported by FlawFinder.
Line: 797
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s->avctx, AV_LOG_ERROR, "Insufficient space for POC\n");
return AVERROR_INVALIDDATA;
}
memcpy(p->poc + p->nb_poc, tmp.poc, tmp.nb_poc * sizeof(tmp.poc[0]));
p->nb_poc += tmp.nb_poc;
}
p->is_default = 0;
Reported by FlawFinder.
Line: 852
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Jpeg2000Tile *tile = s->tile + s->curtileno;
/* copy defaults */
memcpy(tile->codsty, s->codsty, s->ncomponents * sizeof(Jpeg2000CodingStyle));
memcpy(tile->qntsty, s->qntsty, s->ncomponents * sizeof(Jpeg2000QuantStyle));
memcpy(&tile->poc , &s->poc , sizeof(tile->poc));
tile->poc.is_default = 1;
}
Reported by FlawFinder.
Line: 853
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy defaults */
memcpy(tile->codsty, s->codsty, s->ncomponents * sizeof(Jpeg2000CodingStyle));
memcpy(tile->qntsty, s->qntsty, s->ncomponents * sizeof(Jpeg2000QuantStyle));
memcpy(&tile->poc , &s->poc , sizeof(tile->poc));
tile->poc.is_default = 1;
}
return 0;
Reported by FlawFinder.
Line: 990
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else
return AVERROR(ENOMEM);
memset(&tile->packed_headers_stream, 0, sizeof(tile->packed_headers_stream));
memcpy(tile->packed_headers + tile->packed_headers_size,
s->g.buffer, n - 3);
tile->packed_headers_size += n - 3;
bytestream2_skip(&s->g, n - 3);
return 0;
Reported by FlawFinder.
Line: 2545
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*got_frame = 1;
if (s->avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(picture->data[1], s->palette, 256 * sizeof(uint32_t));
if (s->sar.num && s->sar.den)
avctx->sample_aspect_ratio = s->sar;
s->sar.num = s->sar.den = 0;
return bytestream2_tell(&s->g);
Reported by FlawFinder.
libavformat/wtvdec.c
7 issues
Line: 483
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return;
}
} else if (type == 3 && length == 4) {
strcpy(buf, avio_rl32(pb) ? "true" : "false");
} else if (type == 4 && length == 8) {
int64_t num = avio_rl64(pb);
if (!strcmp(key, "WM/EncodingTime") ||
!strcmp(key, "WM/MediaOriginalBroadcastDateTime")) {
if (filetime_to_iso8601(buf, buf_size, num) < 0) {
Reported by FlawFinder.
Line: 506
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
} else if (!strcmp(key, "WM/WMRVBitrate"))
snprintf(buf, buf_size, "%f", av_int2double(num));
else
snprintf(buf, buf_size, "%"PRIi64, num);
} else if (type == 5 && length == 2) {
snprintf(buf, buf_size, "%u", avio_rl16(pb));
} else if (type == 6 && length == 16) {
ff_asf_guid guid;
avio_read(pb, guid, 16);
Reported by FlawFinder.
Line: 512
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
} else if (type == 6 && length == 16) {
ff_asf_guid guid;
avio_read(pb, guid, 16);
snprintf(buf, buf_size, PRI_PRETTY_GUID, ARG_PRETTY_GUID(guid));
} else if (type == 2 && !strcmp(key, "WM/Picture")) {
get_attachment(s, pb, length);
av_freep(&buf);
return;
} else {
Reported by FlawFinder.
Line: 433
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void get_attachment(AVFormatContext *s, AVIOContext *pb, int length)
{
char mime[1024];
char description[1024];
unsigned int filesize;
AVStream *st;
int64_t pos = avio_tell(pb);
Reported by FlawFinder.
Line: 434
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void get_attachment(AVFormatContext *s, AVIOContext *pb, int length)
{
char mime[1024];
char description[1024];
unsigned int filesize;
AVStream *st;
int64_t pos = avio_tell(pb);
avio_get_str16le(pb, INT_MAX, mime, sizeof(mime));
Reported by FlawFinder.
Line: 536
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ff_asf_guid guid;
int length, type;
while(!avio_feof(pb)) {
char key[1024];
ff_get_guid(pb, &guid);
type = avio_rl32(pb);
length = avio_rl32(pb);
if (!length)
break;
Reported by FlawFinder.
Line: 478
Column: 14
CWE codes:
126
snprintf(buf, buf_size, "%u", avio_rl32(pb));
} else if (type == 1) {
avio_get_str16le(pb, length, buf, buf_size);
if (!strlen(buf)) {
av_free(buf);
return;
}
} else if (type == 3 && length == 4) {
strcpy(buf, avio_rl32(pb) ? "true" : "false");
Reported by FlawFinder.
libavcodec/dvdsubdec.c
7 issues
Line: 488
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!bitmap)
return 1;
for(y = 0; y < h; y++) {
memcpy(bitmap + w * y, s->rects[0]->data[0] + x1 + (y1 + y) * s->rects[0]->linesize[0], w);
}
av_freep(&s->rects[0]->data[0]);
s->rects[0]->data[0] = bitmap;
s->rects[0]->linesize[0] = w;
s->rects[0]->w = w;
Reported by FlawFinder.
Line: 511
Column: 9
CWE codes:
362
int back[3] = {0, 255, 0}; /* green background */
FILE *f;
f = fopen(filename, "w");
if (!f) {
perror(filename);
return;
}
fprintf(f, "P6\n"
Reported by FlawFinder.
Line: 545
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->buf_size = 0;
return AVERROR_INVALIDDATA;
}
memcpy(ctx->buf + ctx->buf_size, buf, buf_size);
ctx->buf_size += buf_size;
return 0;
}
static int dvdsub_decode(AVCodecContext *avctx,
Reported by FlawFinder.
Line: 594
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(DEBUG)
{
char ppm_name[32];
snprintf(ppm_name, sizeof(ppm_name), "/tmp/%05d.ppm", ctx->sub_id++);
ff_dlog(NULL, "start=%d ms end =%d ms\n",
sub->start_display_time,
sub->end_display_time);
Reported by FlawFinder.
Line: 613
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_ifo_palette(DVDSubContext *ctx, char *p)
{
FILE *ifo;
char ifostr[12];
uint32_t sp_pgci, pgci, off_pgc, pgc;
uint8_t r, g, b, yuv[65], *buf;
int i, y, cb, cr, r_add, g_add, b_add;
int ret = 0;
const uint8_t *cm = ff_crop_tab + MAX_NEG_CROP;
Reported by FlawFinder.
Line: 621
Column: 16
CWE codes:
362
const uint8_t *cm = ff_crop_tab + MAX_NEG_CROP;
ctx->has_palette = 0;
if ((ifo = fopen(p, "r")) == NULL) {
av_log(ctx, AV_LOG_WARNING, "Unable to open IFO file \"%s\": %s\n", p, av_err2str(AVERROR(errno)));
return AVERROR_EOF;
}
if (fread(ifostr, 12, 1, ifo) != 1 || memcmp(ifostr, "DVDVIDEO-VTS", 12)) {
av_log(ctx, AV_LOG_WARNING, "\"%s\" is not a proper IFO file\n", p);
Reported by FlawFinder.
Line: 682
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dataorig = data = av_malloc(avctx->extradata_size+1);
if (!data)
return AVERROR(ENOMEM);
memcpy(data, avctx->extradata, avctx->extradata_size);
data[avctx->extradata_size] = '\0';
for(;;) {
int pos = strcspn(data, "\n\r");
if (pos==0 && *data==0)
Reported by FlawFinder.
libavcodec/vorbisenc.c
7 issues
Line: 307
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cb->codewords = av_malloc_array(cb->nentries, sizeof(uint32_t));
if (!cb->lens || !cb->codewords)
return AVERROR(ENOMEM);
memcpy(cb->lens, clens, cvectors[book].len);
memset(cb->lens + cvectors[book].len, 0, cb->nentries - cvectors[book].len);
clens += cvectors[book].len;
if (cb->lookup) {
vals = cb_lookup_vals(cb->lookup, cb->ndimensions, cb->nentries);
Reported by FlawFinder.
Line: 411
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ 24, 25, -1, -1, -1, -1, -1, -1, },
{ 26, 27, 28, -1, -1, -1, -1, -1, },
};
memcpy(rc->books, a, sizeof a);
}
if ((ret = ready_residue(rc, venc)) < 0)
return ret;
venc->nmappings = 1;
Reported by FlawFinder.
Line: 745
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p += av_xiphlacing(p, hlens[1]);
buffer_len = 0;
for (i = 0; i < 3; i++) {
memcpy(p, buffer + buffer_len, hlens[i]);
p += hlens[i];
buffer_len += hlens[i];
}
av_freep(&buffer);
Reported by FlawFinder.
Line: 1066
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy samples from last frame into current frame */
if (venc->have_saved)
for (ch = 0; ch < venc->channels; ch++)
memcpy(venc->samples + 2 * ch * frame_size,
venc->saved + ch * frame_size, sizeof(float) * frame_size);
else
for (ch = 0; ch < venc->channels; ch++)
memset(venc->samples + 2 * ch * frame_size, 0, sizeof(float) * frame_size);
Reported by FlawFinder.
Line: 1081
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const float *input = (float *) cur->extended_data[ch];
const size_t len = cur->nb_samples * sizeof(float);
memcpy(offset + sf*sf_size, input, len);
memcpy(save + sf*sf_size, input, len); // Move samples for next frame
}
av_frame_free(&cur);
}
venc->have_saved = 1;
Reported by FlawFinder.
Line: 1082
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t len = cur->nb_samples * sizeof(float);
memcpy(offset + sf*sf_size, input, len);
memcpy(save + sf*sf_size, input, len); // Move samples for next frame
}
av_frame_free(&cur);
}
venc->have_saved = 1;
memcpy(venc->scratch, venc->samples, 2 * venc->channels * frame_size);
Reported by FlawFinder.
Line: 1087
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_frame_free(&cur);
}
venc->have_saved = 1;
memcpy(venc->scratch, venc->samples, 2 * venc->channels * frame_size);
}
static int vorbis_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
const AVFrame *frame, int *got_packet_ptr)
{
Reported by FlawFinder.
libavformat/yuv4mpegdec.c
7 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int yuv4_read_header(AVFormatContext *s)
{
char header[MAX_YUV4_HEADER + 10]; // Include headroom for
// the longest option
char *tokstart, *tokend, *header_end;
int i;
AVIOContext *pb = s->pb;
int width = -1, height = -1, raten = 0,
Reported by FlawFinder.
Line: 84
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const struct {
#define MAX_PIX_FMT_LENGTH 8
char name[MAX_PIX_FMT_LENGTH + 1];
#undef MAX_PIX_FMT_LENGTH
enum AVPixelFormat pix_fmt;
enum AVChromaLocation chroma_loc;
} pix_fmt_array[] = {
{ "420jpeg", AV_PIX_FMT_YUV420P, AVCHROMA_LOC_CENTER },
Reported by FlawFinder.
Line: 171
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (strncmp("YSCSS=", tokstart, 6) == 0) {
static const struct {
#define MAX_PIX_FMT_LENGTH 8
char name[MAX_PIX_FMT_LENGTH + 1];
#undef MAX_PIX_FMT_LENGTH
enum AVPixelFormat pix_fmt;
} pix_fmt_array[] = {
{ "420JPEG", AV_PIX_FMT_YUV420P },
{ "420MPEG2", AV_PIX_FMT_YUV420P },
Reported by FlawFinder.
Line: 267
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int yuv4_read_packet(AVFormatContext *s, AVPacket *pkt)
{
int i;
char header[MAX_FRAME_HEADER+1];
int ret;
int64_t off = avio_tell(s->pb);
for (i = 0; i < MAX_FRAME_HEADER; i++) {
header[i] = avio_r8(s->pb);
Reported by FlawFinder.
Line: 61
Column: 36
CWE codes:
126
av_log(s, AV_LOG_ERROR, "Header too large.\n");
return AVERROR(EINVAL);
}
if (strncmp(header, Y4M_MAGIC, strlen(Y4M_MAGIC))) {
av_log(s, AV_LOG_ERROR, "Invalid magic number for yuv4mpeg.\n");
return AVERROR(EINVAL);
}
header_end = &header[i + 1]; // Include space
Reported by FlawFinder.
Line: 67
Column: 29
CWE codes:
126
}
header_end = &header[i + 1]; // Include space
for (tokstart = &header[strlen(Y4M_MAGIC) + 1];
tokstart < header_end; tokstart++) {
if (*tokstart == 0x20)
continue;
switch (*tokstart++) {
case 'W': // Width. Required.
Reported by FlawFinder.
Line: 285
Column: 42
CWE codes:
126
else if (i == MAX_FRAME_HEADER)
return AVERROR_INVALIDDATA;
if (strncmp(header, Y4M_FRAME_MAGIC, strlen(Y4M_FRAME_MAGIC)))
return AVERROR_INVALIDDATA;
ret = av_get_packet(s->pb, pkt, s->packet_size - Y4M_FRAME_MAGIC_LEN);
if (ret < 0)
return ret;
Reported by FlawFinder.
libavcodec/vc1_block.c
7 issues
Line: 694
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ac_val += 8;
ac_val2 += 8;
}
memcpy(ac_val2, ac_val, 8 * 2);
for (k = 1; k < 8; k++) {
block[k << sh] = ac_val[k] * scale;
if (!v->pquantizer && block[k << sh])
block[k << sh] += (block[k << sh] < 0) ? -v->pq : v->pq;
}
Reported by FlawFinder.
Line: 876
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ac_val += 8;
ac_val2 += 8;
}
memcpy(ac_val2, ac_val, 8 * 2);
q1 = FFABS(q1) * 2 + ((q1 < 0) ? 0 : v->halfpq) - 1;
if (q1 < 1)
return AVERROR_INVALIDDATA;
if (q2)
q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1;
Reported by FlawFinder.
Line: 1063
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(ac_val2, 0, 16 * 2);
if (dc_pred_dir) { // left
if (use_pred) {
memcpy(ac_val2, ac_val, 8 * 2);
q1 = FFABS(q1) * 2 + ((q1 < 0) ? 0 : v->halfpq) - 1;
if (q1 < 1)
return AVERROR_INVALIDDATA;
if (q2)
q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1;
Reported by FlawFinder.
Line: 1076
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else { // top
if (use_pred) {
memcpy(ac_val2 + 8, ac_val + 8, 8 * 2);
q1 = FFABS(q1) * 2 + ((q1 < 0) ? 0 : v->halfpq) - 1;
if (q1 < 1)
return AVERROR_INVALIDDATA;
if (q2)
q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1;
Reported by FlawFinder.
Line: 2984
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->mb_x = 0;
init_block_index(v);
ff_update_block_index(s);
memcpy(s->dest[0], s->last_picture.f->data[0] + s->mb_y * 16 * s->linesize, s->linesize * 16);
memcpy(s->dest[1], s->last_picture.f->data[1] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
memcpy(s->dest[2], s->last_picture.f->data[2] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
ff_mpeg_draw_horiz_band(s, s->mb_y * 16, 16);
s->first_slice_line = 0;
}
Reported by FlawFinder.
Line: 2985
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
init_block_index(v);
ff_update_block_index(s);
memcpy(s->dest[0], s->last_picture.f->data[0] + s->mb_y * 16 * s->linesize, s->linesize * 16);
memcpy(s->dest[1], s->last_picture.f->data[1] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
memcpy(s->dest[2], s->last_picture.f->data[2] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
ff_mpeg_draw_horiz_band(s, s->mb_y * 16, 16);
s->first_slice_line = 0;
}
s->pict_type = AV_PICTURE_TYPE_P;
Reported by FlawFinder.
Line: 2986
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_update_block_index(s);
memcpy(s->dest[0], s->last_picture.f->data[0] + s->mb_y * 16 * s->linesize, s->linesize * 16);
memcpy(s->dest[1], s->last_picture.f->data[1] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
memcpy(s->dest[2], s->last_picture.f->data[2] + s->mb_y * 8 * s->uvlinesize, s->uvlinesize * 8);
ff_mpeg_draw_horiz_band(s, s->mb_y * 16, 16);
s->first_slice_line = 0;
}
s->pict_type = AV_PICTURE_TYPE_P;
}
Reported by FlawFinder.
libavcodec/ass_split.c
7 issues
Line: 150
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
char *str = av_malloc(len + 1);
if (str) {
memcpy(str, buf, len);
str[len] = 0;
if (*(void **)dest)
av_free(*(void **)dest);
*(char **)dest = str;
}
Reported by FlawFinder.
Line: 353
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ass_split(ASSSplitContext *ctx, const char *buf)
{
char c, section[16];
int i;
if (ctx->current_section >= 0)
buf = ass_split_section(ctx, buf);
Reported by FlawFinder.
Line: 481
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *buf)
{
const char *text = NULL;
char new_line[2];
int text_len = 0;
while (buf && *buf) {
if (text && callbacks->text &&
(sscanf(buf, "\\%1[nN]", new_line) == 1 ||
Reported by FlawFinder.
Line: 498
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} else if (!strncmp(buf, "{\\", 2)) {
buf++;
while (*buf == '\\') {
char style[2], c[2], sep[2], c_num[2] = "0", tmp[128] = {0};
unsigned int color = 0xFFFFFFFF;
int len, size = -1, an = -1, alpha = -1;
int x1, y1, x2, y2, t1 = -1, t2 = -1;
if (sscanf(buf, "\\%1[bisu]%1[01\\}]%n", style, c, &len) > 1) {
int close = c[0] == '0' ? 1 : c[0] == '1' ? 0 : -1;
Reported by FlawFinder.
Line: 279
Column: 19
CWE codes:
126
}
}
if (section->format_header && !order) {
len = strlen(section->format_header);
if (!strncmp(buf, section->format_header, len) && buf[len] == ':') {
buf += len + 1;
while (!is_eol(*buf)) {
buf = skip_space(buf);
len = strcspn(buf, ", \r\n");
Reported by FlawFinder.
Line: 302
Column: 19
CWE codes:
126
}
}
if (section->fields_header) {
len = strlen(section->fields_header);
if (!strncmp(buf, section->fields_header, len) && buf[len] == ':') {
uint8_t *ptr, *struct_ptr = realloc_section_array(ctx);
if (!struct_ptr) return NULL;
/* No format header line found so far, assume default */
Reported by FlawFinder.
Line: 452
Column: 22
CWE codes:
126
const ASSFieldType type = fields[i].type;
uint8_t *ptr = (uint8_t *)dialog + fields[i].offset;
buf = skip_space(buf);
len = last ? strlen(buf) : strcspn(buf, ",");
if (len >= INT_MAX) {
ff_ass_free_dialog(&dialog);
return NULL;
}
convert_func[type](ptr, buf, len);
Reported by FlawFinder.
libavformat/smoothstreamingenc.c
7 issues
Line: 43
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "libavutil/intreadwrite.h"
typedef struct Fragment {
char file[1024];
char infofile[1024];
int64_t start_time, duration;
int n;
int64_t start_pos, size;
} Fragment;
Reported by FlawFinder.
Line: 44
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct Fragment {
char file[1024];
char infofile[1024];
int64_t start_time, duration;
int n;
int64_t start_pos, size;
} Fragment;
Reported by FlawFinder.
Line: 52
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct OutputStream {
AVFormatContext *ctx;
char dirname[1024];
uint8_t iobuf[32768];
URLContext *out; // Current output stream where all output is written
URLContext *out2; // Auxiliary output stream where all output is also written
URLContext *tail_out; // The actual main output stream, if we're currently seeked back to write elsewhere
int64_t tail_pos, cur_pos, cur_start_pos;
Reported by FlawFinder.
Line: 210
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
SmoothStreamingContext *c = s->priv_data;
AVIOContext *out;
char filename[1024], temp_filename[1024];
int ret, i, video_chunks = 0, audio_chunks = 0, video_streams = 0, audio_streams = 0;
int64_t duration = 0;
snprintf(filename, sizeof(filename), "%s/Manifest", s->url);
snprintf(temp_filename, sizeof(temp_filename), "%s/Manifest.tmp", s->url);
Reported by FlawFinder.
Line: 504
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < s->nb_streams; i++) {
OutputStream *os = &c->streams[i];
char filename[1024], target_filename[1024], header_filename[1024], curr_dirname[1024];
int64_t size;
int64_t start_ts, duration, moof_size;
if (!os->packets_written)
continue;
Reported by FlawFinder.
Line: 536
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s, AV_LOG_DEBUG, "calculated bitrate: %"PRId64"\n", bitrate);
s->streams[i]->codecpar->bit_rate = bitrate;
memcpy(curr_dirname, os->dirname, sizeof(os->dirname));
snprintf(os->dirname, sizeof(os->dirname), "%s/QualityLevels(%"PRId64")", s->url, s->streams[i]->codecpar->bit_rate);
snprintf(filename, sizeof(filename), "%s/temp", os->dirname);
// rename the tmp folder back to the correct name since we now have the bitrate
if ((ret = ff_rename((const char*)curr_dirname, os->dirname, s)) < 0)
Reported by FlawFinder.
Line: 612
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ism_flush(s, 1);
if (c->remove_at_exit) {
char filename[1024];
snprintf(filename, sizeof(filename), "%s/Manifest", s->url);
unlink(filename);
rmdir(s->url);
}
Reported by FlawFinder.
tools/qt-faststart.c
7 issues
Line: 312
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset_count = BE_32(atom->data + 4);
/* write the header */
memcpy(context->dest, atom->data - atom->header_size, atom->header_size + 8);
AV_WB32(context->dest + 4, CO64_ATOM);
set_atom_size(context->dest, atom->header_size, atom->header_size + 8 + offset_count * 8);
context->dest += atom->header_size + 8;
/* write the data */
Reported by FlawFinder.
Line: 345
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case MINF_ATOM:
case STBL_ATOM:
/* write the atom header */
memcpy(context->dest, atom->data - atom->header_size, atom->header_size);
start_pos = context->dest;
context->dest += atom->header_size;
/* parse internal atoms*/
if (parse_atoms(
Reported by FlawFinder.
Line: 364
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
default:
copy_size = atom->header_size + atom->size;
memcpy(context->dest, atom->data - atom->header_size, copy_size);
context->dest += copy_size;
break;
}
return 0;
Reported by FlawFinder.
Line: 434
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FILE *infile = NULL;
FILE *outfile = NULL;
unsigned char atom_bytes[ATOM_PREAMBLE_SIZE];
uint32_t atom_type = 0;
uint64_t atom_size = 0;
uint64_t atom_offset = 0;
int64_t last_offset;
unsigned char *moov_atom = NULL;
Reported by FlawFinder.
Line: 460
Column: 14
CWE codes:
362
return 1;
}
infile = fopen(argv[1], "rb");
if (!infile) {
perror(argv[1]);
goto error_out;
}
Reported by FlawFinder.
Line: 601
Column: 14
CWE codes:
362
}
/* re-open the input file and open the output file */
infile = fopen(argv[1], "rb");
if (!infile) {
perror(argv[1]);
goto error_out;
}
Reported by FlawFinder.
Line: 616
Column: 15
CWE codes:
362
last_offset -= start_offset;
}
outfile = fopen(argv[2], "wb");
if (!outfile) {
perror(argv[2]);
goto error_out;
}
Reported by FlawFinder.