The following issues were found
libavformat/movenc.c
46 issues
Line: 525
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
if ((ret = av_grow_packet(info->pkt, pkt->size)) < 0)
goto end;
memcpy(info->pkt->data + info->pkt->size - pkt->size, pkt->data, pkt->size);
info->num_blocks += num_blocks;
info->pkt->duration += pkt->duration;
if (info->num_blocks != 6)
goto end;
av_packet_unref(pkt);
Reported by FlawFinder.
Line: 2101
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = AVERROR_BUG;
int64_t pos = avio_tell(pb);
char compressor_name[32] = { 0 };
int avid = 0;
int uncompressed_ycbcr = ((track->par->codec_id == AV_CODEC_ID_RAWVIDEO && track->par->format == AV_PIX_FMT_UYVY422)
|| (track->par->codec_id == AV_CODEC_ID_RAWVIDEO && track->par->format == AV_PIX_FMT_YUYV422)
|| track->par->codec_id == AV_CODEC_ID_V308
Reported by FlawFinder.
Line: 3261
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_write_udta_sdp(AVIOContext *pb, MOVTrack *track)
{
AVFormatContext *ctx = track->rtp_ctx;
char buf[1000] = "";
int len;
ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0], track->src_track,
NULL, NULL, 0, 0, ctx);
av_strlcatf(buf, sizeof(buf), "a=control:streamid=%d\r\n", track->track_id);
Reported by FlawFinder.
Line: 3542
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int l, len, len2;
AVDictionaryEntry *t, *t2 = NULL;
char tag2[16];
*lang = 0;
if (!(t = av_dict_get(s->metadata, tag, NULL, 0)))
return NULL;
Reported by FlawFinder.
Line: 3577
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
static int mov_write_tmpo_tag(AVIOContext *pb, AVFormatContext *s)
{
AVDictionaryEntry *t = av_dict_get(s->metadata, "tmpo", NULL, 0);
int size = 0, tmpo = t ? atoi(t->value) : 0;
if (tmpo) {
size = 26;
avio_wb32(pb, size);
ffio_wfourcc(pb, "tmpo");
avio_wb32(pb, size-8); /* size */
Reported by FlawFinder.
Line: 3649
Column: 31
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
AVDictionaryEntry *t = av_dict_get(s->metadata,
disc ? "disc" : "track",
NULL, 0);
int size = 0, track = t ? atoi(t->value) : 0;
if (track) {
int tracks = 0;
char *slash = strchr(t->value, '/');
if (slash)
tracks = atoi(slash + 1);
Reported by FlawFinder.
Line: 3654
Column: 22
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int tracks = 0;
char *slash = strchr(t->value, '/');
if (slash)
tracks = atoi(slash + 1);
avio_wb32(pb, 32); /* size */
ffio_wfourcc(pb, disc ? "disk" : "trkn");
avio_wb32(pb, 24); /* size */
ffio_wfourcc(pb, "data");
avio_wb32(pb, 0); // 8 bytes empty
Reported by FlawFinder.
Line: 3683
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (!(t = av_dict_get(s->metadata, tag, NULL, 0)))
return 0;
num = atoi(t->value);
avio_wb32(pb, size);
ffio_wfourcc(pb, name);
avio_wb32(pb, size - 8);
ffio_wfourcc(pb, "data");
Reported by FlawFinder.
Line: 3901
Column: 23
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
ffio_wfourcc(pb, tag); /* type */
avio_wb32(pb, 0); /* version + flags */
if (!strcmp(tag, "yrrc"))
avio_wb16(pb, atoi(t->value));
else {
avio_wb16(pb, language_code("eng")); /* language */
avio_write(pb, t->value, strlen(t->value) + 1); /* UTF8 string value */
if (!strcmp(tag, "albm") &&
(t = av_dict_get(s->metadata, "track", NULL, 0)))
Reported by FlawFinder.
Line: 3907
Column: 25
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
avio_write(pb, t->value, strlen(t->value) + 1); /* UTF8 string value */
if (!strcmp(tag, "albm") &&
(t = av_dict_get(s->metadata, "track", NULL, 0)))
avio_w8(pb, atoi(t->value));
}
return update_size(pb, pos);
}
static int mov_write_chpl_tag(AVIOContext *pb, AVFormatContext *s)
Reported by FlawFinder.
libavformat/mov.c
40 issues
Line: 176
if (c < 0x80)
*p++ = c;
else if (p < end)
PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
}
*p = 0;
return p - dst;
}
Reported by Cppcheck.
Line: 85
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_metadata_track_or_disc_number(MOVContext *c, AVIOContext *pb,
unsigned len, const char *key)
{
char buf[16];
short current, total = 0;
avio_rb16(pb); // unknown
current = avio_rb16(pb);
if (len >= 6)
Reported by FlawFinder.
Line: 225
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// 3GPP TS 26.244
static int mov_metadata_loci(MOVContext *c, AVIOContext *pb, unsigned len)
{
char language[4] = { 0 };
char buf[200], place[100];
uint16_t langcode = 0;
double longitude, latitude, altitude;
const char *key = "location";
Reported by FlawFinder.
Line: 226
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_metadata_loci(MOVContext *c, AVIOContext *pb, unsigned len)
{
char language[4] = { 0 };
char buf[200], place[100];
uint16_t langcode = 0;
double longitude, latitude, altitude;
const char *key = "location";
if (len < 4 + 2 + 1 + 1 + 4 + 4 + 4) {
Reported by FlawFinder.
Line: 265
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
av_strlcatf(buf, sizeof(buf), "/%s", place);
if (*language && strcmp(language, "und")) {
char key2[16];
snprintf(key2, sizeof(key2), "%s-%s", key, language);
av_dict_set(&c->fc->metadata, key2, buf, 0);
}
c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
return av_dict_set(&c->fc->metadata, key, buf, 0);
Reported by FlawFinder.
Line: 296
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
char tmp_key[AV_FOURCC_MAX_STRING_SIZE] = {0};
char key2[32], language[4] = {0};
char *str = NULL;
const char *key = NULL;
uint16_t langcode = 0;
uint32_t data_type = 0, str_size, str_size_alloc;
Reported by FlawFinder.
Line: 297
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
char tmp_key[AV_FOURCC_MAX_STRING_SIZE] = {0};
char key2[32], language[4] = {0};
char *str = NULL;
const char *key = NULL;
uint16_t langcode = 0;
uint32_t data_type = 0, str_size, str_size_alloc;
int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
Reported by FlawFinder.
Line: 544
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int64_t start;
int i, nb_chapters, str_len, version;
char str[256+1];
int ret;
if (c->ignore_chapters)
return 0;
Reported by FlawFinder.
Line: 1058
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
}
memcpy(c->file_key, output + 8, 16);
memcpy(input, output + 26, 16);
av_sha_init(sha, 160);
av_sha_update(sha, input, 16);
av_sha_update(sha, c->file_key, 16);
av_sha_update(sha, fixed_key, 16);
Reported by FlawFinder.
Line: 1059
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(c->file_key, output + 8, 16);
memcpy(input, output + 26, 16);
av_sha_init(sha, 160);
av_sha_update(sha, input, 16);
av_sha_update(sha, c->file_key, 16);
av_sha_update(sha, fixed_key, 16);
av_sha_final(sha, c->file_iv);
Reported by FlawFinder.
libavcodec/golomb.h
33 issues
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
Line: 515
CWE codes:
758
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);
buf ++;
} else {
buf = -1;
Reported by Cppcheck.
libavcodec/g723_1enc.c
32 issues
Line: 118
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(EINVAL);
}
avctx->frame_size = 240;
memcpy(p->prev_lsp, dc_lsp, LPC_ORDER * sizeof(int16_t));
return 0;
}
/**
Reported by FlawFinder.
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
error = av_clipl_int32((int64_t) (error << 16) - temp +
(1 << 15)) >> 16;
memcpy(vector, lpc, i * sizeof(int16_t));
for (j = 0; j < i; j++) {
temp = partial_corr * vector[i - j - 1] << 1;
lpc[j] = av_clipl_int32((int64_t) (lpc[j] << 16) - temp +
(1 << 15)) >> 16;
}
Reported by FlawFinder.
Line: 332
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (count != LPC_ORDER)
memcpy(lsp, prev_lsp, LPC_ORDER * sizeof(int16_t));
}
/**
* Quantize the current LSP subvector.
*
Reported by FlawFinder.
Line: 445
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int16_t vector[FRAME_LEN + LPC_ORDER];
int i, j, k, l = 0;
memcpy(buf, p->iir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector, p->fir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector + LPC_ORDER, buf + LPC_ORDER, sizeof(int16_t) * FRAME_LEN);
for (i = LPC_ORDER, j = 0; j < SUBFRAMES; i += SUBFRAME_LEN, j++) {
for (k = 0; k < LPC_ORDER; k++) {
Reported by FlawFinder.
Line: 446
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j, k, l = 0;
memcpy(buf, p->iir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector, p->fir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector + LPC_ORDER, buf + LPC_ORDER, sizeof(int16_t) * FRAME_LEN);
for (i = LPC_ORDER, j = 0; j < SUBFRAMES; i += SUBFRAME_LEN, j++) {
for (k = 0; k < LPC_ORDER; k++) {
flt_coef[k + 2 * l] = (unq_lpc[k + l] * percept_flt_tbl[0][k] +
Reported by FlawFinder.
Line: 447
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf, p->iir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector, p->fir_mem, sizeof(int16_t) * LPC_ORDER);
memcpy(vector + LPC_ORDER, buf + LPC_ORDER, sizeof(int16_t) * FRAME_LEN);
for (i = LPC_ORDER, j = 0; j < SUBFRAMES; i += SUBFRAME_LEN, j++) {
for (k = 0; k < LPC_ORDER; k++) {
flt_coef[k + 2 * l] = (unq_lpc[k + l] * percept_flt_tbl[0][k] +
(1 << 14)) >> 15;
Reported by FlawFinder.
Line: 461
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vector + i, buf + i);
l += LPC_ORDER;
}
memcpy(p->iir_mem, buf + FRAME_LEN, sizeof(int16_t) * LPC_ORDER);
memcpy(p->fir_mem, vector + FRAME_LEN, sizeof(int16_t) * LPC_ORDER);
}
/**
* Estimate the open loop pitch period.
Reported by FlawFinder.
Line: 462
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
l += LPC_ORDER;
}
memcpy(p->iir_mem, buf + FRAME_LEN, sizeof(int16_t) * LPC_ORDER);
memcpy(p->fir_mem, vector + FRAME_LEN, sizeof(int16_t) * LPC_ORDER);
}
/**
* Estimate the open loop pitch period.
*
Reported by FlawFinder.
Line: 656
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int16_t *bptr_16 = buf_16 + LPC_ORDER;
memcpy(buf_16, perf_fir, sizeof(int16_t) * LPC_ORDER);
memcpy(dest - LPC_ORDER, perf_iir, sizeof(int16_t) * LPC_ORDER);
for (i = 0; i < SUBFRAME_LEN; i++) {
int64_t temp = 0;
for (j = 1; j <= LPC_ORDER; j++)
Reported by FlawFinder.
Line: 657
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int16_t *bptr_16 = buf_16 + LPC_ORDER;
memcpy(buf_16, perf_fir, sizeof(int16_t) * LPC_ORDER);
memcpy(dest - LPC_ORDER, perf_iir, sizeof(int16_t) * LPC_ORDER);
for (i = 0; i < SUBFRAME_LEN; i++) {
int64_t temp = 0;
for (j = 1; j <= LPC_ORDER; j++)
temp -= qnt_lpc[j - 1] * bptr_16[i - j];
Reported by FlawFinder.
fftools/cmdutils.c
32 issues
Line: 94
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
void log_callback_help(void *ptr, int level, const char *fmt, va_list vl)
{
vfprintf(stdout, fmt, vl);
}
static void log_callback_report(void *ptr, int level, const char *fmt, va_list vl)
{
va_list vl2;
Reported by FlawFinder.
Line: 1580
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
continue;
printf(" ");
printf(avcodec_find_decoder(desc->id) ? "D" : ".");
printf(avcodec_find_encoder(desc->id) ? "E" : ".");
printf("%c", get_media_type_char(desc->type));
printf((desc->props & AV_CODEC_PROP_INTRA_ONLY) ? "I" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSY) ? "L" : ".");
Reported by FlawFinder.
Line: 1581
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf(" ");
printf(avcodec_find_decoder(desc->id) ? "D" : ".");
printf(avcodec_find_encoder(desc->id) ? "E" : ".");
printf("%c", get_media_type_char(desc->type));
printf((desc->props & AV_CODEC_PROP_INTRA_ONLY) ? "I" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSY) ? "L" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSLESS) ? "S" : ".");
Reported by FlawFinder.
Line: 1584
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf(avcodec_find_encoder(desc->id) ? "E" : ".");
printf("%c", get_media_type_char(desc->type));
printf((desc->props & AV_CODEC_PROP_INTRA_ONLY) ? "I" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSY) ? "L" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSLESS) ? "S" : ".");
printf(" %-20s %s", desc->name, desc->long_name ? desc->long_name : "");
Reported by FlawFinder.
Line: 1585
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf("%c", get_media_type_char(desc->type));
printf((desc->props & AV_CODEC_PROP_INTRA_ONLY) ? "I" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSY) ? "L" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSLESS) ? "S" : ".");
printf(" %-20s %s", desc->name, desc->long_name ? desc->long_name : "");
/* print decoders/encoders when there's more than one or their
Reported by FlawFinder.
Line: 1586
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf("%c", get_media_type_char(desc->type));
printf((desc->props & AV_CODEC_PROP_INTRA_ONLY) ? "I" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSY) ? "L" : ".");
printf((desc->props & AV_CODEC_PROP_LOSSLESS) ? "S" : ".");
printf(" %-20s %s", desc->name, desc->long_name ? desc->long_name : "");
/* print decoders/encoders when there's more than one or their
* names are different from codec name */
Reported by FlawFinder.
Line: 1635
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
while ((codec = next_codec_for_id(desc->id, &iter, encoder))) {
printf(" %c", get_media_type_char(desc->type));
printf((codec->capabilities & AV_CODEC_CAP_FRAME_THREADS) ? "F" : ".");
printf((codec->capabilities & AV_CODEC_CAP_SLICE_THREADS) ? "S" : ".");
printf((codec->capabilities & AV_CODEC_CAP_EXPERIMENTAL) ? "X" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DRAW_HORIZ_BAND)?"B" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DR1) ? "D" : ".");
Reported by FlawFinder.
Line: 1636
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
while ((codec = next_codec_for_id(desc->id, &iter, encoder))) {
printf(" %c", get_media_type_char(desc->type));
printf((codec->capabilities & AV_CODEC_CAP_FRAME_THREADS) ? "F" : ".");
printf((codec->capabilities & AV_CODEC_CAP_SLICE_THREADS) ? "S" : ".");
printf((codec->capabilities & AV_CODEC_CAP_EXPERIMENTAL) ? "X" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DRAW_HORIZ_BAND)?"B" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DR1) ? "D" : ".");
printf(" %-20s %s", codec->name, codec->long_name ? codec->long_name : "");
Reported by FlawFinder.
Line: 1637
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf(" %c", get_media_type_char(desc->type));
printf((codec->capabilities & AV_CODEC_CAP_FRAME_THREADS) ? "F" : ".");
printf((codec->capabilities & AV_CODEC_CAP_SLICE_THREADS) ? "S" : ".");
printf((codec->capabilities & AV_CODEC_CAP_EXPERIMENTAL) ? "X" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DRAW_HORIZ_BAND)?"B" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DR1) ? "D" : ".");
printf(" %-20s %s", codec->name, codec->long_name ? codec->long_name : "");
if (strcmp(codec->name, desc->name))
Reported by FlawFinder.
Line: 1638
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf((codec->capabilities & AV_CODEC_CAP_FRAME_THREADS) ? "F" : ".");
printf((codec->capabilities & AV_CODEC_CAP_SLICE_THREADS) ? "S" : ".");
printf((codec->capabilities & AV_CODEC_CAP_EXPERIMENTAL) ? "X" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DRAW_HORIZ_BAND)?"B" : ".");
printf((codec->capabilities & AV_CODEC_CAP_DR1) ? "D" : ".");
printf(" %-20s %s", codec->name, codec->long_name ? codec->long_name : "");
if (strcmp(codec->name, desc->name))
printf(" (codec %s)", desc->name);
Reported by FlawFinder.
libavformat/matroskadec.c
29 issues
Line: 1662
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pkt_data)
return AVERROR(ENOMEM);
memcpy(pkt_data, header, header_size);
memcpy(pkt_data + header_size, data, isize);
break;
}
#if CONFIG_LZO
case MATROSKA_TRACK_ENCODING_COMP_LZO:
Reported by FlawFinder.
Line: 1663
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
memcpy(pkt_data, header, header_size);
memcpy(pkt_data + header_size, data, isize);
break;
}
#if CONFIG_LZO
case MATROSKA_TRACK_ENCODING_COMP_LZO:
do {
Reported by FlawFinder.
Line: 1772
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVDictionary **metadata, char *prefix)
{
MatroskaTag *tags = list->elem;
char key[1024];
int i;
for (i = 0; i < list->nb_elem; i++) {
const char *lang = tags[i].lang &&
strcmp(tags[i].lang, "und") ? tags[i].lang : NULL;
Reported by FlawFinder.
Line: 2618
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!extradata)
return AVERROR(ENOMEM);
AV_WB32(extradata, extradata_size);
memcpy(&extradata[4], "alac", 4);
AV_WB32(&extradata[8], 0);
memcpy(&extradata[12], track->codec_priv.data,
track->codec_priv.size);
} else if (codec_id == AV_CODEC_ID_TTA) {
uint8_t *ptr;
Reported by FlawFinder.
Line: 2620
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB32(extradata, extradata_size);
memcpy(&extradata[4], "alac", 4);
AV_WB32(&extradata[8], 0);
memcpy(&extradata[12], track->codec_priv.data,
track->codec_priv.size);
} else if (codec_id == AV_CODEC_ID_TTA) {
uint8_t *ptr;
if (track->audio.channels > UINT16_MAX ||
track->audio.bitdepth > UINT16_MAX) {
Reported by FlawFinder.
Line: 2769
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (track->codec_priv.data && track->codec_priv.size > 0) {
if (ff_alloc_extradata(st->codecpar, track->codec_priv.size))
return AVERROR(ENOMEM);
memcpy(st->codecpar->extradata,
track->codec_priv.data + extradata_offset,
track->codec_priv.size);
}
}
Reported by FlawFinder.
Line: 2826
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* if we have virtual track, mark the real tracks */
for (j=0; j < track->operation.combine_planes.nb_elem; j++) {
char buf[32];
if (planes[j].type >= MATROSKA_VIDEO_STEREO_PLANE_COUNT)
continue;
snprintf(buf, sizeof(buf), "%s_%d",
ff_matroska_video_stereo_plane[planes[j].type], i);
for (k=0; k < matroska->tracks.nb_elem; k++)
Reported by FlawFinder.
Line: 3012
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
st->codecpar->codec_type = AVMEDIA_TYPE_ATTACHMENT;
if (ff_alloc_extradata(st->codecpar, attachments[j].bin.size))
break;
memcpy(st->codecpar->extradata, attachments[j].bin.data,
attachments[j].bin.size);
for (i = 0; mkv_mime_tags[i].id != AV_CODEC_ID_NONE; i++) {
if (av_strstart(attachments[j].mime, mkv_mime_tags[i].str, NULL)) {
st->codecpar->codec_id = mkv_mime_tags[i].id;
Reported by FlawFinder.
Line: 3062
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pal) {
av_log(matroska->ctx, AV_LOG_ERROR, "Cannot append palette to packet\n");
} else {
memcpy(pal, track->palette, AVPALETTE_SIZE);
}
track->has_palette = 0;
}
return 0;
}
Reported by FlawFinder.
Line: 3199
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR_INVALIDDATA;
}
for (x = 0; x < h / 2; x++)
memcpy(track->audio.buf + x * 2 * w + y * cfs,
data + x * cfs, cfs);
} else if (st->codecpar->codec_id == AV_CODEC_ID_SIPR) {
if (size < w) {
av_log(matroska->ctx, AV_LOG_ERROR,
"Corrupt sipr RM-style audio packet size\n");
Reported by FlawFinder.
libavcodec/hevc_ps.c
28 issues
Line: 482
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
vps->data_size = nal_size;
}
memcpy(vps->data, gb->buffer, vps->data_size);
vps_id = get_bits(gb, 4);
if (get_bits(gb, 2) != 3) { // vps_reserved_three_2bits
av_log(avctx, AV_LOG_ERROR, "vps_reserved_three_2bits is not three\n");
Reported by FlawFinder.
Line: 702
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// at where def_disp_win is normally located
av_log(avctx, AV_LOG_WARNING,
"Strange VUI timing information, retrying...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
vui->vui_num_units_in_tick = get_bits_long(gb, 32);
Reported by FlawFinder.
Line: 703
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_WARNING,
"Strange VUI timing information, retrying...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
vui->vui_num_units_in_tick = get_bits_long(gb, 32);
vui->vui_time_scale = get_bits_long(gb, 32);
Reported by FlawFinder.
Line: 727
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_WARNING,
"Strange VUI bitstream restriction information, retrying"
" from timing information...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
vui->tiles_fixed_structure_flag = get_bits1(gb);
Reported by FlawFinder.
Line: 728
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Strange VUI bitstream restriction information, retrying"
" from timing information...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
vui->tiles_fixed_structure_flag = get_bits1(gb);
vui->motion_vectors_over_pic_boundaries_flag = get_bits1(gb);
Reported by FlawFinder.
Line: 746
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// XXX: Alternate syntax when sps_range_extension_flag != 0?
av_log(avctx, AV_LOG_WARNING,
"Overread in VUI, retrying from timing information...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
}
Reported by FlawFinder.
Line: 747
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_WARNING,
"Overread in VUI, retrying from timing information...\n");
memcpy(vui, &backup_vui, sizeof(backup_vui));
memcpy(gb, &backup, sizeof(backup));
alt = 1;
goto timing_info;
}
}
Reported by FlawFinder.
Line: 763
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sl->sl_dc[0][matrixId] = 16; // default for 16x16
sl->sl_dc[1][matrixId] = 16; // default for 32x32
}
memcpy(sl->sl[1][0], default_scaling_list_intra, 64);
memcpy(sl->sl[1][1], default_scaling_list_intra, 64);
memcpy(sl->sl[1][2], default_scaling_list_intra, 64);
memcpy(sl->sl[1][3], default_scaling_list_inter, 64);
memcpy(sl->sl[1][4], default_scaling_list_inter, 64);
memcpy(sl->sl[1][5], default_scaling_list_inter, 64);
Reported by FlawFinder.
Line: 764
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sl->sl_dc[1][matrixId] = 16; // default for 32x32
}
memcpy(sl->sl[1][0], default_scaling_list_intra, 64);
memcpy(sl->sl[1][1], default_scaling_list_intra, 64);
memcpy(sl->sl[1][2], default_scaling_list_intra, 64);
memcpy(sl->sl[1][3], default_scaling_list_inter, 64);
memcpy(sl->sl[1][4], default_scaling_list_inter, 64);
memcpy(sl->sl[1][5], default_scaling_list_inter, 64);
memcpy(sl->sl[2][0], default_scaling_list_intra, 64);
Reported by FlawFinder.
Line: 765
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(sl->sl[1][0], default_scaling_list_intra, 64);
memcpy(sl->sl[1][1], default_scaling_list_intra, 64);
memcpy(sl->sl[1][2], default_scaling_list_intra, 64);
memcpy(sl->sl[1][3], default_scaling_list_inter, 64);
memcpy(sl->sl[1][4], default_scaling_list_inter, 64);
memcpy(sl->sl[1][5], default_scaling_list_inter, 64);
memcpy(sl->sl[2][0], default_scaling_list_intra, 64);
memcpy(sl->sl[2][1], default_scaling_list_intra, 64);
Reported by FlawFinder.
libavcodec/aacdec_template.c
27 issues
Line: 544
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t type_counts[TYPE_END] = { 0 };
if (ac->oc[1].layout_map != layout_map) {
memcpy(ac->oc[1].layout_map, layout_map, tags * sizeof(layout_map[0]));
ac->oc[1].layout_map_tags = tags;
}
for (i = 0; i < tags; i++) {
int type = layout_map[i][0];
int id = layout_map[i][1];
Reported by FlawFinder.
Line: 629
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR_INVALIDDATA;
}
*tags = tags_per_config[channel_config];
memcpy(layout_map, aac_channel_layout_map[channel_config - 1],
*tags * sizeof(*layout_map));
/*
* AAC specification has 7.1(wide) as a default layout for 8-channel streams.
* However, at least Nero AAC encoder encodes 7.1 streams using the default
Reported by FlawFinder.
Line: 2720
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
memcpy(saved_ltp, saved, 512 * sizeof(*saved_ltp));
memset(saved_ltp + 576, 0, 448 * sizeof(*saved_ltp));
ac->fdsp->vector_fmul_reverse(saved_ltp + 448, ac->buf_mdct + 960, &swindow[64], 64);
for (i = 0; i < 64; i++)
saved_ltp[i + 512] = AAC_MUL31(ac->buf_mdct[1023 - i], swindow[63 - i]);
Reported by FlawFinder.
Line: 2727
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 64; i++)
saved_ltp[i + 512] = AAC_MUL31(ac->buf_mdct[1023 - i], swindow[63 - i]);
} else if (ics->window_sequence[0] == LONG_START_SEQUENCE) {
memcpy(saved_ltp, ac->buf_mdct + 512, 448 * sizeof(*saved_ltp));
memset(saved_ltp + 576, 0, 448 * sizeof(*saved_ltp));
ac->fdsp->vector_fmul_reverse(saved_ltp + 448, ac->buf_mdct + 960, &swindow[64], 64);
for (i = 0; i < 64; i++)
saved_ltp[i + 512] = AAC_MUL31(ac->buf_mdct[1023 - i], swindow[63 - i]);
Reported by FlawFinder.
Line: 2740
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
saved_ltp[i + 512] = AAC_MUL31(ac->buf_mdct[1023 - i], lwindow[511 - i]);
}
memcpy(sce->ltp_state, sce->ltp_state+1024, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+1024, sce->ret, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+2048, saved_ltp, 1024 * sizeof(*sce->ltp_state));
}
/**
Reported by FlawFinder.
Line: 2741
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(sce->ltp_state, sce->ltp_state+1024, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+1024, sce->ret, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+2048, saved_ltp, 1024 * sizeof(*sce->ltp_state));
}
/**
* Conduct IMDCT and windowing.
Reported by FlawFinder.
Line: 2742
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sce->ltp_state, sce->ltp_state+1024, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+1024, sce->ret, 1024 * sizeof(*sce->ltp_state));
memcpy(sce->ltp_state+2048, saved_ltp, 1024 * sizeof(*sce->ltp_state));
}
/**
* Conduct IMDCT and windowing.
*/
Reported by FlawFinder.
Line: 2783
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ics->window_sequence[0] == ONLY_LONG_SEQUENCE || ics->window_sequence[0] == LONG_START_SEQUENCE)) {
ac->fdsp->vector_fmul_window( out, saved, buf, lwindow_prev, 512);
} else {
memcpy( out, saved, 448 * sizeof(*out));
if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
ac->fdsp->vector_fmul_window(out + 448 + 0*128, saved + 448, buf + 0*128, swindow_prev, 64);
ac->fdsp->vector_fmul_window(out + 448 + 1*128, buf + 0*128 + 64, buf + 1*128, swindow, 64);
ac->fdsp->vector_fmul_window(out + 448 + 2*128, buf + 1*128 + 64, buf + 2*128, swindow, 64);
Reported by FlawFinder.
Line: 2791
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ac->fdsp->vector_fmul_window(out + 448 + 2*128, buf + 1*128 + 64, buf + 2*128, swindow, 64);
ac->fdsp->vector_fmul_window(out + 448 + 3*128, buf + 2*128 + 64, buf + 3*128, swindow, 64);
ac->fdsp->vector_fmul_window(temp, buf + 3*128 + 64, buf + 4*128, swindow, 64);
memcpy( out + 448 + 4*128, temp, 64 * sizeof(*out));
} else {
ac->fdsp->vector_fmul_window(out + 448, saved + 448, buf, swindow_prev, 64);
memcpy( out + 576, buf + 64, 448 * sizeof(*out));
}
}
Reported by FlawFinder.
Line: 2794
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy( out + 448 + 4*128, temp, 64 * sizeof(*out));
} else {
ac->fdsp->vector_fmul_window(out + 448, saved + 448, buf, swindow_prev, 64);
memcpy( out + 576, buf + 64, 448 * sizeof(*out));
}
}
// buffer update
if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
Reported by FlawFinder.
libavfilter/f_graphmonitor.c
26 issues
Line: 222
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
snprintf(buffer, sizeof(buffer)-1, " | queue: ");
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
snprintf(buffer, sizeof(buffer)-1, "%"SIZE_SPECIFIER, frames);
drawtext(out, xpos, ypos, buffer, frames > 0 ? frames >= 10 ? frames >= 50 ? s->red : s->yellow : s->green : s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_FCIN) {
snprintf(buffer, sizeof(buffer)-1, " | in: %"PRId64, l->frame_count_in);
Reported by FlawFinder.
Line: 227
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_FCIN) {
snprintf(buffer, sizeof(buffer)-1, " | in: %"PRId64, l->frame_count_in);
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_FCOUT) {
snprintf(buffer, sizeof(buffer)-1, " | out: %"PRId64, l->frame_count_out);
Reported by FlawFinder.
Line: 232
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_FCOUT) {
snprintf(buffer, sizeof(buffer)-1, " | out: %"PRId64, l->frame_count_out);
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_SCIN) {
snprintf(buffer, sizeof(buffer)-1, " | sin: %"PRId64, l->sample_count_in);
Reported by FlawFinder.
Line: 237
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_SCIN) {
snprintf(buffer, sizeof(buffer)-1, " | sin: %"PRId64, l->sample_count_in);
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_SCOUT) {
snprintf(buffer, sizeof(buffer)-1, " | sout: %"PRId64, l->sample_count_out);
Reported by FlawFinder.
Line: 242
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_SCOUT) {
snprintf(buffer, sizeof(buffer)-1, " | sout: %"PRId64, l->sample_count_out);
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_PTS) {
snprintf(buffer, sizeof(buffer)-1, " | pts: %s", av_ts2str(l->current_pts_us));
Reported by FlawFinder.
Line: 182
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t frames)
{
GraphMonitorContext *s = ctx->priv;
char buffer[1024] = { 0 };
if (s->flags & MODE_FMT) {
if (l->type == AVMEDIA_TYPE_VIDEO) {
snprintf(buffer, sizeof(buffer)-1, " | format: %s",
av_get_pix_fmt_name(l->format));
Reported by FlawFinder.
Line: 278
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (int i = 0; i < ctx->graph->nb_filters; i++) {
AVFilterContext *filter = ctx->graph->filters[i];
char buffer[1024] = { 0 };
if (s->mode && !filter_have_queued(filter))
continue;
xpos = 0;
Reported by FlawFinder.
Line: 134
Column: 13
CWE codes:
126
font = avpriv_cga_font, font_height = 8;
if (y + 8 >= pic->height ||
x + strlen(txt) * 8 >= pic->width)
return;
for (i = 0; txt[i]; i++) {
int char_y, mask;
Reported by FlawFinder.
Line: 193
Column: 17
CWE codes:
126
av_get_sample_fmt_name(l->format));
}
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_SIZE) {
if (l->type == AVMEDIA_TYPE_VIDEO) {
snprintf(buffer, sizeof(buffer)-1, " | size: %dx%d", l->w, l->h);
} else if (l->type == AVMEDIA_TYPE_AUDIO) {
Reported by FlawFinder.
Line: 202
Column: 17
CWE codes:
126
snprintf(buffer, sizeof(buffer)-1, " | channels: %d", l->channels);
}
drawtext(out, xpos, ypos, buffer, s->white);
xpos += strlen(buffer) * 8;
}
if (s->flags & MODE_RATE) {
if (l->type == AVMEDIA_TYPE_VIDEO) {
snprintf(buffer, sizeof(buffer)-1, " | fps: %d/%d", l->frame_rate.num, l->frame_rate.den);
} else if (l->type == AVMEDIA_TYPE_AUDIO) {
Reported by FlawFinder.
libavformat/mpegtsenc.c
25 issues
Line: 140
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void mpegts_write_section(MpegTSSection *s, uint8_t *buf, int len)
{
unsigned int crc;
unsigned char packet[TS_PACKET_SIZE];
const unsigned char *buf_ptr;
unsigned char *q;
int first, b, len1, left;
crc = av_bswap32(av_crc(av_crc_get_table(AV_CRC_32_IEEE),
Reported by FlawFinder.
Line: 177
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len1 = TS_PACKET_SIZE - (q - packet);
if (len1 > len)
len1 = len;
memcpy(q, buf_ptr, len1);
q += len1;
/* add known padding data */
left = TS_PACKET_SIZE - (q - packet);
if (left > 0)
memset(q, 0xff, left);
Reported by FlawFinder.
Line: 221
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*q++ = 0xc1 | (version << 1); /* current_next_indicator = 1 */
*q++ = sec_num;
*q++ = last_sec_num;
memcpy(q, buf, len);
mpegts_write_section(s, section, tot_len);
return 0;
}
Reported by FlawFinder.
Line: 286
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void putbuf(uint8_t **q_ptr, const uint8_t *buf, size_t len)
{
memcpy(*q_ptr, buf, len);
*q_ptr += len;
}
static int put_arib_caption_descriptor(AVFormatContext *s, uint8_t **q_ptr,
AVCodecParameters *codecpar)
Reported by FlawFinder.
Line: 722
Column: 24
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (st->codecpar->extradata_size - extradata_copied >= 5) {
*q++ = st->codecpar->extradata[extradata_copied + 4]; /* subtitling_type */
memcpy(q, st->codecpar->extradata + extradata_copied, 4); /* composition_page_id and ancillary_page_id */
extradata_copied += 5;
q += 4;
} else {
/* subtitling_type:
* 0x10 - normal with no monitor aspect ratio criticality
Reported by FlawFinder.
Line: 732
Column: 28
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*q++ = (st->disposition & AV_DISPOSITION_HEARING_IMPAIRED) ? 0x20 : 0x10;
if ((st->codecpar->extradata_size == 4) && (extradata_copied == 0)) {
/* support of old 4-byte extradata format */
memcpy(q, st->codecpar->extradata, 4); /* composition_page_id and ancillary_page_id */
extradata_copied += 4;
q += 4;
} else {
put16(&q, 1); /* composition_page_id */
put16(&q, 1); /* ancillary_page_id */
Reported by FlawFinder.
Line: 760
Column: 24
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
language++;
if (st->codecpar->extradata_size - 1 > extradata_copied) {
memcpy(q, st->codecpar->extradata + extradata_copied, 2);
extradata_copied += 2;
q += 2;
} else {
/* The Teletext descriptor:
* teletext_type: This 5-bit field indicates the type of Teletext page indicated. (0x01 Initial Teletext page)
Reported by FlawFinder.
Line: 923
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(EINVAL);
buf[0] = str_len + 1;
buf[1] = 0x15;
memcpy(&buf[2], str, str_len);
return 0;
}
}
invalid:
/* Otherwise let's just encode the string as is! */
Reported by FlawFinder.
Line: 932
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (str_len > 255)
return AVERROR(EINVAL);
buf[0] = str_len;
memcpy(&buf[1], str, str_len);
return 0;
}
static int64_t get_pcr(const MpegTSWrite *ts)
{
Reported by FlawFinder.
Line: 969
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MpegTSWrite *ts = s->priv_data;
MpegTSService *service;
AVDictionaryEntry *title, *provider;
char default_service_name[32];
const char *service_name;
const char *provider_name;
title = av_dict_get(metadata, "service_name", NULL, 0);
if (!title)
Reported by FlawFinder.