The following issues were found
libavformat/tls_securetransport.c
6 issues
Line: 202
Column: 9
CWE codes:
120
20
TLSContext *c = h->priv_data;
size_t requested = *dataLength;
int read = ffurl_read(c->tls_shared.tcp, data, requested);
if (read <= 0) {
*dataLength = 0;
switch(AVUNERROR(read)) {
case ENOENT:
case 0:
return errSSLClosedGraceful;
Reported by FlawFinder.
Line: 204
Column: 26
CWE codes:
120
20
int read = ffurl_read(c->tls_shared.tcp, data, requested);
if (read <= 0) {
*dataLength = 0;
switch(AVUNERROR(read)) {
case ENOENT:
case 0:
return errSSLClosedGraceful;
case ECONNRESET:
return errSSLClosedAbort;
Reported by FlawFinder.
Line: 291
Column: 64
CWE codes:
126
if (s->cert_file)
if ((ret = load_cert(h)) < 0)
goto fail;
CHECK_ERROR(SSLSetPeerDomainName, c->ssl_context, s->host, strlen(s->host));
CHECK_ERROR(SSLSetIOFuncs, c->ssl_context, tls_read_cb, tls_write_cb);
CHECK_ERROR(SSLSetConnection, c->ssl_context, h);
while (1) {
OSStatus status = SSLHandshake(c->ssl_context);
if (status == errSSLServerAuthCompleted) {
Reported by FlawFinder.
libavfilter/f_sendcmd.c
6 issues
Line: 158
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
flag_buf, interval_count, cmd_count);
return AVERROR(EINVAL);
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_file_unmap(file_buf, file_bufsize);
return AVERROR(ENOMEM);
}
memcpy(buf, file_buf, file_bufsize);
buf[file_bufsize] = 0;
av_file_unmap(file_buf, file_bufsize);
s->commands_str = buf;
}
Reported by FlawFinder.
Line: 518
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; flags && j < interval->nb_commands; j++) {
Command *cmd = &interval->commands[j];
char *cmd_arg = cmd->arg;
char buf[1024];
if (cmd->flags & flags) {
if (cmd->flags & COMMAND_FLAG_EXPR) {
double var_values[VAR_VARS_NB], res;
double start = TS2T(interval->start_ts, AV_TIME_BASE_Q);
Reported by FlawFinder.
Line: 154
Column: 46
CWE codes:
126
while (**buf) {
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
Reported by FlawFinder.
Line: 155
Column: 46
CWE codes:
126
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
Reported by FlawFinder.
Line: 156
Column: 46
CWE codes:
126
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
Reported by FlawFinder.
libavfilter/median_template.c
6 issues
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
libavfilter/dnn/dnn_backend_tf.c
6 issues
Line: 503
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Tensor *kernel_tensor = NULL, *biases_tensor = NULL;
int64_t dims[4];
int dims_len;
char name_buffer[NAME_BUFFER_SIZE];
int32_t size;
size = params->input_num * params->output_num * params->kernel_size * params->kernel_size;
input.index = 0;
Reported by FlawFinder.
Line: 518
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[3] = params->input_num;
dims_len = 4;
kernel_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, size * sizeof(float));
memcpy(TF_TensorData(kernel_tensor), params->kernel, size * sizeof(float));
TF_SetAttrTensor(op_desc, "value", kernel_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 561
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[0] = params->output_num;
dims_len = 1;
biases_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, params->output_num * sizeof(float));
memcpy(TF_TensorData(biases_tensor), params->biases, params->output_num * sizeof(float));
TF_SetAttrTensor(op_desc, "value", biases_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 620
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TFContext *ctx = &tf_model->ctx;
TF_OperationDescription *op_desc;
TF_Output input;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "depth_to_space%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "DepthToSpace", name_buffer);
input.oper = *cur_op;
input.index = 0;
Reported by FlawFinder.
Line: 649
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int32_t *pads;
int64_t pads_shape[] = {4, 2};
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "pad%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_INT32);
tensor = TF_AllocateTensor(TF_INT32, pads_shape, 2, 4 * 2 * sizeof(int32_t));
Reported by FlawFinder.
Line: 706
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Output input;
float *y;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "maximum/y%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_FLOAT);
tensor = TF_AllocateTensor(TF_FLOAT, NULL, 0, TF_DataTypeSize(TF_FLOAT));
Reported by FlawFinder.
libavcodec/mf_utils.c
6 issues
Line: 61
CWE codes:
908
HRESULT (WINAPI *MFTEnumEx_ptr)(GUID guidCategory, UINT32 Flags,
const MFT_REGISTER_TYPE_INFO *pInputType,
const MFT_REGISTER_TYPE_INFO *pOutputType,
IMFActivate ***pppMFTActivate,
UINT32 *pnumMFTActivate) = NULL;
#if !HAVE_UWP
HANDLE lib = GetModuleHandleW(L"mfplat.dll");
if (lib)
MFTEnumEx_ptr = (void *)GetProcAddress(lib, "MFTEnumEx");
Reported by Cppcheck.
Line: 134
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IMFSample_Release(sample);
return NULL;
}
memcpy(tmp, fill_data, size);
IMFMediaBuffer_SetCurrentLength(buffer, size);
IMFMediaBuffer_Unlock(buffer);
}
Reported by FlawFinder.
Line: 403
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (n = 0; n < count; n++) {
GUID key;
MF_ATTRIBUTE_TYPE type;
char extra[80] = {0};
const char *name = NULL;
hr = IMFAttributes_GetItemByIndex(attrs, n, &key, NULL);
if (FAILED(hr))
goto err;
Reported by FlawFinder.
Line: 464
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
break;
}
case MF_ATTRIBUTE_STRING: {
wchar_t s[512]; // being lazy here
hr = IMFAttributes_GetString(attrs, &key, s, sizeof(s), NULL);
if (FAILED(hr))
goto err;
av_log(log, AV_LOG_VERBOSE, " %s='%ls'%s\n", name, s, extra);
break;
Reported by FlawFinder.
Line: 487
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
goto err;
if (sz <= sizeof(buffer)) {
// hex-dump it
char str[512] = {0};
size_t pos = 0;
hr = IMFAttributes_GetBlob(attrs, &key, buffer, sizeof(buffer), &sz);
if (FAILED(hr))
goto err;
for (pos = 0; pos < sz; pos++) {
Reported by FlawFinder.
Line: 648
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (log) {
wchar_t s[512]; // being lazy here
IMFAttributes *attrs;
hr = IMFTransform_GetAttributes(*res, &attrs);
if (!FAILED(hr) && attrs) {
av_log(log, AV_LOG_VERBOSE, "MFT attributes\n");
Reported by FlawFinder.
libavformat/spdifenc.c
6 issues
Line: 136
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
ctx->hd_buf[0] = tmp;
memcpy(&ctx->hd_buf[0][ctx->hd_buf_filled], pkt->data, pkt->size);
ctx->hd_buf_filled += pkt->size;
if (++ctx->hd_buf_count < repeat){
ctx->pkt_offset = 0;
return 0;
Reported by FlawFinder.
Line: 178
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sample_rate, int blocks)
{
IEC61937Context *ctx = s->priv_data;
static const char dtshd_start_code[10] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xfe };
int pkt_size = pkt->size;
int period;
int subtype;
if (!core_size) {
Reported by FlawFinder.
Line: 244
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->out_buf = ctx->hd_buf[0];
memcpy(ctx->hd_buf[0], dtshd_start_code, sizeof(dtshd_start_code));
AV_WB16(ctx->hd_buf[0] + sizeof(dtshd_start_code), pkt_size);
memcpy(ctx->hd_buf[0] + sizeof(dtshd_start_code) + 2, pkt->data, pkt_size);
return 0;
}
Reported by FlawFinder.
Line: 246
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ctx->hd_buf[0], dtshd_start_code, sizeof(dtshd_start_code));
AV_WB16(ctx->hd_buf[0] + sizeof(dtshd_start_code), pkt_size);
memcpy(ctx->hd_buf[0] + sizeof(dtshd_start_code) + 2, pkt->data, pkt_size);
return 0;
}
static int spdif_header_dts(AVFormatContext *s, AVPacket *pkt)
Reported by FlawFinder.
Line: 496
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* time to insert MAT code */
int code_len = mat_codes[next_code_idx].len;
int code_len_remaining = code_len;
memcpy(hd_buf + mat_codes[next_code_idx].pos,
mat_codes[next_code_idx].code, code_len);
ctx->hd_buf_filled += code_len;
next_code_idx++;
if (next_code_idx == FF_ARRAY_ELEMS(mat_codes)) {
Reported by FlawFinder.
Line: 543
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int data_to_insert = FFMIN(mat_codes[next_code_idx].pos - ctx->hd_buf_filled,
data_remaining);
memcpy(hd_buf + ctx->hd_buf_filled, dataptr, data_to_insert);
ctx->hd_buf_filled += data_to_insert;
dataptr += data_to_insert;
data_remaining -= data_to_insert;
}
}
Reported by FlawFinder.
libavcodec/cbs_h2645.c
6 issues
Line: 42
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t value;
int position, i, j;
unsigned int k;
char bits[65];
position = get_bits_count(gbc);
for (i = 0; i < 32; i++) {
if (get_bits_left(gbc) < i + 1) {
Reported by FlawFinder.
Line: 95
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int position, i, j;
unsigned int k;
uint32_t v;
char bits[65];
position = get_bits_count(gbc);
for (i = 0; i < 32; i++) {
if (get_bits_left(gbc) < i + 1) {
Reported by FlawFinder.
Line: 162
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[65];
int i;
for (i = 0; i < len; i++)
bits[i] = '0';
bits[len] = '1';
Reported by FlawFinder.
Line: 213
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[65];
int i;
for (i = 0; i < len; i++)
bits[i] = '0';
bits[len] = '1';
Reported by FlawFinder.
Line: 965
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// memcpy can be used to improve performance.
// This happens normally for CABAC.
flush_put_bits(pbc);
memcpy(put_bits_ptr(pbc), pos, rest);
skip_put_bytes(pbc, rest);
} else {
// If not, we have to copy manually.
// rbsp_stop_one_bit forces us to special-case
// the last byte.
Reported by FlawFinder.
Line: 300
Column: 19
CWE codes:
120
20
#define READ
#define READWRITE read
#define RWContext GetBitContext
#define xu(width, name, var, range_min, range_max, subs, ...) do { \
uint32_t value; \
CHECK(ff_cbs_read_unsigned(ctx, rw, width, #name, \
Reported by FlawFinder.
libavcodec/mpegaudiodec_template.c
6 issues
Line: 465
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sblimit; /* number of used subbands */
const unsigned char *alloc_table;
int table, bit_alloc_bits, i, j, ch, bound, v;
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_code[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_factors[MPA_MAX_CHANNELS][SBLIMIT][3], *sf;
int scale, qindex, bits, steps, k, l, m, b;
int ret;
Reported by FlawFinder.
Line: 466
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *alloc_table;
int table, bit_alloc_bits, i, j, ch, bound, v;
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_code[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_factors[MPA_MAX_CHANNELS][SBLIMIT][3], *sf;
int scale, qindex, bits, steps, k, l, m, b;
int ret;
/* select decoding table */
Reported by FlawFinder.
Line: 467
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int table, bit_alloc_bits, i, j, ch, bound, v;
unsigned char bit_alloc[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_code[MPA_MAX_CHANNELS][SBLIMIT];
unsigned char scale_factors[MPA_MAX_CHANNELS][SBLIMIT][3], *sf;
int scale, qindex, bits, steps, k, l, m, b;
int ret;
/* select decoding table */
table = ff_mpa_l2_select_table(s->bit_rate / 1000, s->nb_channels,
Reported by FlawFinder.
Line: 929
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr++;
}
ptr += 2 * len;
memcpy(ptr1, tmp, len * 3 * sizeof(*ptr1));
}
}
#define ISQRT2 FIXR(0.70710678118654752440)
Reported by FlawFinder.
Line: 1304
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_dlog(s->avctx, "seekback:%d, lastbuf:%d\n",
main_data_begin, s->last_buf_size);
memcpy(s->last_buf + s->last_buf_size, ptr, s->extrasize);
s->in_gb = s->gb;
init_get_bits(&s->gb, s->last_buf, (s->last_buf_size + s->extrasize) * 8);
s->last_buf_size <<= 3;
for (gr = 0; gr < nb_granules && (s->last_buf_size >> 3) < main_data_begin; gr++) {
for (ch = 0; ch < s->nb_channels; ch++) {
Reported by FlawFinder.
Line: 1510
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = FFMIN(BACKSTEP_SIZE, buf_size - HEADER_SIZE);
}
av_assert1(i <= buf_size - HEADER_SIZE && i >= 0);
memcpy(s->last_buf + s->last_buf_size, s->gb.buffer + buf_size - HEADER_SIZE - i, i);
s->last_buf_size += i;
}
if(nb_frames < 0)
return nb_frames;
Reported by FlawFinder.
libavcodec/cbs_av1_syntax_template.c
6 issues
Line: 27
CWE codes:
908
HEADER("OBU header");
fc(1, obu_forbidden_bit, 0, 0);
fc(4, obu_type, 0, AV1_OBU_PADDING);
flag(obu_extension_flag);
flag(obu_has_size_field);
Reported by Cppcheck.
Line: 1667
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.bit_depth = priv->bit_depth,
.order_hint = priv->order_hint,
};
memcpy(priv->ref[i].loop_filter_ref_deltas, current->loop_filter_ref_deltas,
sizeof(current->loop_filter_ref_deltas));
memcpy(priv->ref[i].loop_filter_mode_deltas, current->loop_filter_mode_deltas,
sizeof(current->loop_filter_mode_deltas));
memcpy(priv->ref[i].feature_enabled, current->feature_enabled,
sizeof(current->feature_enabled));
Reported by FlawFinder.
Line: 1669
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
memcpy(priv->ref[i].loop_filter_ref_deltas, current->loop_filter_ref_deltas,
sizeof(current->loop_filter_ref_deltas));
memcpy(priv->ref[i].loop_filter_mode_deltas, current->loop_filter_mode_deltas,
sizeof(current->loop_filter_mode_deltas));
memcpy(priv->ref[i].feature_enabled, current->feature_enabled,
sizeof(current->feature_enabled));
memcpy(priv->ref[i].feature_value, current->feature_value,
sizeof(current->feature_value));
Reported by FlawFinder.
Line: 1671
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(current->loop_filter_ref_deltas));
memcpy(priv->ref[i].loop_filter_mode_deltas, current->loop_filter_mode_deltas,
sizeof(current->loop_filter_mode_deltas));
memcpy(priv->ref[i].feature_enabled, current->feature_enabled,
sizeof(current->feature_enabled));
memcpy(priv->ref[i].feature_value, current->feature_value,
sizeof(current->feature_value));
}
}
Reported by FlawFinder.
Line: 1673
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(current->loop_filter_mode_deltas));
memcpy(priv->ref[i].feature_enabled, current->feature_enabled,
sizeof(current->feature_enabled));
memcpy(priv->ref[i].feature_value, current->feature_value,
sizeof(current->feature_value));
}
}
return 0;
Reported by FlawFinder.
Line: 1764
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!priv->frame_header_ref)
return AVERROR(ENOMEM);
priv->frame_header = priv->frame_header_ref->data;
memcpy(priv->frame_header, fh_start, fh_bytes);
}
}
}
return 0;
Reported by FlawFinder.
libavformat/httpauth.h
6 issues
Line: 36
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} HTTPAuthType;
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
Reported by FlawFinder.
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
Reported by FlawFinder.
Line: 41
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
char stale[10]; /**< The server indicated that the auth was ok,
* but needs to be redone with a new, non-stale
* nonce. */
Reported by FlawFinder.
Line: 44
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
char stale[10]; /**< The server indicated that the auth was ok,
* but needs to be redone with a new, non-stale
* nonce. */
int nc; /**< Nonce count, the number of earlier replies
* where this particular nonce has been used. */
} DigestParams;
Reported by FlawFinder.
Line: 63
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/**
* Authentication realm
*/
char realm[200];
/**
* The parameters specific to digest authentication.
*/
DigestParams digest_params;
/**
Reported by FlawFinder.