The following issues were found
libavformat/httpauth.h
6 issues
Line: 36
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} HTTPAuthType;
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
Reported by FlawFinder.
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct DigestParams {
char nonce[300]; /**< Server specified nonce */
char algorithm[10]; /**< Server specified digest algorithm */
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
Reported by FlawFinder.
Line: 41
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char qop[30]; /**< Quality of protection, containing the one
* that we've chosen to use, from the
* alternatives that the server offered. */
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
char stale[10]; /**< The server indicated that the auth was ok,
* but needs to be redone with a new, non-stale
* nonce. */
Reported by FlawFinder.
Line: 44
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char opaque[300]; /**< A server-specified string that should be
* included in authentication responses, not
* included in the actual digest calculation. */
char stale[10]; /**< The server indicated that the auth was ok,
* but needs to be redone with a new, non-stale
* nonce. */
int nc; /**< Nonce count, the number of earlier replies
* where this particular nonce has been used. */
} DigestParams;
Reported by FlawFinder.
Line: 63
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/**
* Authentication realm
*/
char realm[200];
/**
* The parameters specific to digest authentication.
*/
DigestParams digest_params;
/**
Reported by FlawFinder.
libavfilter/median_template.c
6 issues
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
libavutil/hwcontext_vulkan.c
6 issues
Line: 1789
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
img_bar[i].subresourceRange.aspectMask = VK_IMAGE_ASPECT_COLOR_BIT;
frame->layout[i] = img_bar[i].newLayout;
frame->access[i] = img_bar[i].dstAccessMask;
}
vk->CmdPipelineBarrier(get_buf_exec_ctx(hwfc, ectx),
VK_PIPELINE_STAGE_TOP_OF_PIPE_BIT,
VK_PIPELINE_STAGE_TRANSFER_BIT,
Reported by FlawFinder.
Line: 1890
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
f->layout[i] = create_info.initialLayout;
f->access[i] = 0x0;
}
f->flags = 0x0;
f->tiling = tiling;
Reported by FlawFinder.
Line: 2376
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* just signal the semaphore we created. */
f->layout[i] = create_info.initialLayout;
f->access[i] = 0x0;
}
for (int i = 0; i < desc->nb_objects; i++) {
int use_ded_mem = 0;
VkMemoryFdPropertiesKHR fdmp = {
Reported by FlawFinder.
Line: 3249
Column: 57
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
sem_wait_dst[i] = VK_PIPELINE_STAGE_TOP_OF_PIPE_BIT;
/* If the layout matches and we have read access skip the barrier */
if ((frame->layout[i] == new_layout) && (frame->access[i] & new_access))
continue;
img_bar[bar_num].sType = VK_STRUCTURE_TYPE_IMAGE_MEMORY_BARRIER;
img_bar[bar_num].srcAccessMask = 0x0;
img_bar[bar_num].dstAccessMask = new_access;
Reported by FlawFinder.
Line: 3265
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
img_bar[bar_num].subresourceRange.aspectMask = VK_IMAGE_ASPECT_COLOR_BIT;
frame->layout[i] = img_bar[bar_num].newLayout;
frame->access[i] = img_bar[bar_num].dstAccessMask;
bar_num++;
}
if (bar_num)
Reported by FlawFinder.
Line: 165
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int req_dev;
size_t struct_offset;
enum VulkanExtensions ext_flag;
const char *names[3];
} VulkanFunctionsLoadInfo;
static const VulkanFunctionsLoadInfo vk_load_info[] = {
FN_LIST(PFN_LOAD_INFO)
};
Reported by FlawFinder.
libavfilter/dnn/dnn_backend_tf.c
6 issues
Line: 503
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Tensor *kernel_tensor = NULL, *biases_tensor = NULL;
int64_t dims[4];
int dims_len;
char name_buffer[NAME_BUFFER_SIZE];
int32_t size;
size = params->input_num * params->output_num * params->kernel_size * params->kernel_size;
input.index = 0;
Reported by FlawFinder.
Line: 518
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[3] = params->input_num;
dims_len = 4;
kernel_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, size * sizeof(float));
memcpy(TF_TensorData(kernel_tensor), params->kernel, size * sizeof(float));
TF_SetAttrTensor(op_desc, "value", kernel_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 561
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[0] = params->output_num;
dims_len = 1;
biases_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, params->output_num * sizeof(float));
memcpy(TF_TensorData(biases_tensor), params->biases, params->output_num * sizeof(float));
TF_SetAttrTensor(op_desc, "value", biases_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 620
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TFContext *ctx = &tf_model->ctx;
TF_OperationDescription *op_desc;
TF_Output input;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "depth_to_space%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "DepthToSpace", name_buffer);
input.oper = *cur_op;
input.index = 0;
Reported by FlawFinder.
Line: 649
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int32_t *pads;
int64_t pads_shape[] = {4, 2};
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "pad%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_INT32);
tensor = TF_AllocateTensor(TF_INT32, pads_shape, 2, 4 * 2 * sizeof(int32_t));
Reported by FlawFinder.
Line: 706
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Output input;
float *y;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "maximum/y%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_FLOAT);
tensor = TF_AllocateTensor(TF_FLOAT, NULL, 0, TF_DataTypeSize(TF_FLOAT));
Reported by FlawFinder.
libavformat/flvdec.c
6 issues
Line: 410
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FLVContext *flv = s->priv_data;
unsigned int timeslen = 0, fileposlen = 0, i;
char str_val[256];
int64_t *times = NULL;
int64_t *filepositions = NULL;
int ret = AVERROR(ENOSYS);
int64_t initial_pos = avio_tell(ioc);
Reported by FlawFinder.
Line: 504
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FLVContext *flv = s->priv_data;
AVIOContext *ioc;
AMFDataType amf_type;
char str_val[1024];
double num_val;
amf_date date;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
Reported by FlawFinder.
Line: 712
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream av_unused *dstream;
AVIOContext *ioc;
int i;
char buffer[32];
astream = NULL;
vstream = NULL;
dstream = NULL;
ioc = s->pb;
Reported by FlawFinder.
Line: 908
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
AVIOContext *pb = s->pb;
AVStream *st = NULL;
char buf[20];
int ret = AVERROR_INVALIDDATA;
int i, length = -1;
int array = 0;
switch (avio_r8(pb)) {
Reported by FlawFinder.
Line: 330
Column: 53
CWE codes:
120
20
}
static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream,
int flv_codecid, int read)
{
int ret = 0;
AVCodecParameters *par = vstream->codecpar;
enum AVCodecID old_codec_id = vstream->codecpar->codec_id;
switch (flv_codecid) {
Reported by FlawFinder.
Line: 353
Column: 13
CWE codes:
120
20
case FLV_CODECID_VP6A:
if (flv_codecid == FLV_CODECID_VP6A)
par->codec_id = AV_CODEC_ID_VP6A;
if (read) {
if (par->extradata_size != 1) {
ff_alloc_extradata(par, 1);
}
if (par->extradata)
par->extradata[0] = avio_r8(s->pb);
Reported by FlawFinder.
libavcodec/aacsbr_fixed.c
6 issues
Line: 510
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
Reported by FlawFinder.
Line: 511
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
Reported by FlawFinder.
Line: 515
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
Reported by FlawFinder.
Line: 518
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
}
}
Reported by FlawFinder.
Line: 526
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
Reported by FlawFinder.
Line: 527
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
Reported by FlawFinder.
libavformat/sapenc.c
6 issues
Line: 71
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sap_write_header(AVFormatContext *s)
{
struct SAPState *sap = s->priv_data;
char host[1024], path[1024], url[1024], announce_addr[50] = "";
char *option_list;
int port = 9875, base_port = 5004, i, pos = 0, same_port = 0, ttl = 255;
AVFormatContext **contexts = NULL;
int ret = 0;
struct sockaddr_storage localaddr;
Reported by FlawFinder.
Line: 93
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* search for options */
option_list = strrchr(path, '?');
if (option_list) {
char buf[50];
if (av_find_info_tag(buf, sizeof(buf), "announce_port", option_list)) {
port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "same_port", option_list)) {
same_port = strtol(buf, NULL, 10);
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(&sap->ann[pos], av_get_random_seed());
pos += 2;
if (localaddr.ss_family == AF_INET) {
memcpy(&sap->ann[pos], &((struct sockaddr_in*)&localaddr)->sin_addr,
sizeof(struct in_addr));
pos += sizeof(struct in_addr);
#if HAVE_STRUCT_SOCKADDR_IN6
} else {
memcpy(&sap->ann[pos], &((struct sockaddr_in6*)&localaddr)->sin6_addr,
Reported by FlawFinder.
Line: 220
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += sizeof(struct in_addr);
#if HAVE_STRUCT_SOCKADDR_IN6
} else {
memcpy(&sap->ann[pos], &((struct sockaddr_in6*)&localaddr)->sin6_addr,
sizeof(struct in6_addr));
pos += sizeof(struct in6_addr);
#endif
}
Reported by FlawFinder.
Line: 227
Column: 12
CWE codes:
126
}
av_strlcpy(&sap->ann[pos], "application/sdp", sap->ann_size - pos);
pos += strlen(&sap->ann[pos]) + 1;
if (av_sdp_create(contexts, s->nb_streams, &sap->ann[pos],
sap->ann_size - pos)) {
ret = AVERROR_INVALIDDATA;
goto fail;
Reported by FlawFinder.
Line: 236
Column: 12
CWE codes:
126
}
av_freep(&contexts);
av_log(s, AV_LOG_VERBOSE, "SDP:\n%s\n", &sap->ann[pos]);
pos += strlen(&sap->ann[pos]);
sap->ann_size = pos;
if (sap->ann_size > sap->ann_fd->max_packet_size) {
av_log(s, AV_LOG_ERROR, "Announcement too large to send in one "
"packet\n");
Reported by FlawFinder.
libavcodec/aacsbr.c
6 issues
Line: 298
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
Reported by FlawFinder.
Line: 299
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
Reported by FlawFinder.
Line: 303
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
Reported by FlawFinder.
Line: 306
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
}
}
Reported by FlawFinder.
Line: 314
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
Reported by FlawFinder.
Line: 315
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
Reported by FlawFinder.
libavformat/flic.c
6 issues
Line: 90
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FlicDemuxContext *flic = s->priv_data;
AVIOContext *pb = s->pb;
unsigned char header[FLIC_HEADER_SIZE];
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
Reported by FlawFinder.
Line: 94
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
flic->frame_number = 0;
/* load the whole header and pull out the width and height */
if (avio_read(pb, header, FLIC_HEADER_SIZE) != FLIC_HEADER_SIZE)
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over the whole 128-byte FLIC header */
if ((ret = ff_alloc_extradata(st->codecpar, FLIC_HEADER_SIZE)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, FLIC_HEADER_SIZE);
/* peek at the preamble to detect TFTD videos - they seem to always start with an audio chunk */
if (avio_read(pb, preamble, FLIC_PREAMBLE_SIZE) != FLIC_PREAMBLE_SIZE) {
av_log(s, AV_LOG_ERROR, "Failed to peek at preamble\n");
return AVERROR(EIO);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over abbreviated FLIC header chunk */
if ((ret = ff_alloc_extradata(st->codecpar, 12)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, 12);
} else if (magic_number == FLIC_FILE_MAGIC_1) {
avpriv_set_pts_info(st, 64, speed, 70);
} else if ((magic_number == FLIC_FILE_MAGIC_2) ||
(magic_number == FLIC_FILE_MAGIC_3)) {
Reported by FlawFinder.
Line: 204
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int size;
int magic;
int ret = 0;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
int64_t pos = avio_tell(pb);
while (!packet_read && !avio_feof(pb)) {
if ((ret = avio_read(pb, preamble, FLIC_PREAMBLE_SIZE)) !=
Reported by FlawFinder.
Line: 224
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->stream_index = flic->video_stream_index;
pkt->pos = pos;
memcpy(pkt->data, preamble, FLIC_PREAMBLE_SIZE);
ret = avio_read(pb, pkt->data + FLIC_PREAMBLE_SIZE,
size - FLIC_PREAMBLE_SIZE);
if (ret != size - FLIC_PREAMBLE_SIZE) {
ret = AVERROR(EIO);
}
Reported by FlawFinder.
libavcodec/sp5xdec.c
6 issues
Line: 53
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xFF;
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
Reported by FlawFinder.
Line: 54
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 55
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
Reported by FlawFinder.
Line: 66
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
j += sizeof(sp5x_data_sos);
if(avctx->codec_id==AV_CODEC_ID_AMV)
for (i = 2; i < buf_size-2 && j < buf_size+1024-2; i++)
recoded[j++] = buf[i];
Reported by FlawFinder.