The following issues were found
libavformat/flic.c
6 issues
Line: 90
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FlicDemuxContext *flic = s->priv_data;
AVIOContext *pb = s->pb;
unsigned char header[FLIC_HEADER_SIZE];
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
Reported by FlawFinder.
Line: 94
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
flic->frame_number = 0;
/* load the whole header and pull out the width and height */
if (avio_read(pb, header, FLIC_HEADER_SIZE) != FLIC_HEADER_SIZE)
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over the whole 128-byte FLIC header */
if ((ret = ff_alloc_extradata(st->codecpar, FLIC_HEADER_SIZE)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, FLIC_HEADER_SIZE);
/* peek at the preamble to detect TFTD videos - they seem to always start with an audio chunk */
if (avio_read(pb, preamble, FLIC_PREAMBLE_SIZE) != FLIC_PREAMBLE_SIZE) {
av_log(s, AV_LOG_ERROR, "Failed to peek at preamble\n");
return AVERROR(EIO);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over abbreviated FLIC header chunk */
if ((ret = ff_alloc_extradata(st->codecpar, 12)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, 12);
} else if (magic_number == FLIC_FILE_MAGIC_1) {
avpriv_set_pts_info(st, 64, speed, 70);
} else if ((magic_number == FLIC_FILE_MAGIC_2) ||
(magic_number == FLIC_FILE_MAGIC_3)) {
Reported by FlawFinder.
Line: 204
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int size;
int magic;
int ret = 0;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
int64_t pos = avio_tell(pb);
while (!packet_read && !avio_feof(pb)) {
if ((ret = avio_read(pb, preamble, FLIC_PREAMBLE_SIZE)) !=
Reported by FlawFinder.
Line: 224
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->stream_index = flic->video_stream_index;
pkt->pos = pos;
memcpy(pkt->data, preamble, FLIC_PREAMBLE_SIZE);
ret = avio_read(pb, pkt->data + FLIC_PREAMBLE_SIZE,
size - FLIC_PREAMBLE_SIZE);
if (ret != size - FLIC_PREAMBLE_SIZE) {
ret = AVERROR(EIO);
}
Reported by FlawFinder.
libavformat/flvdec.c
6 issues
Line: 410
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FLVContext *flv = s->priv_data;
unsigned int timeslen = 0, fileposlen = 0, i;
char str_val[256];
int64_t *times = NULL;
int64_t *filepositions = NULL;
int ret = AVERROR(ENOSYS);
int64_t initial_pos = avio_tell(ioc);
Reported by FlawFinder.
Line: 504
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FLVContext *flv = s->priv_data;
AVIOContext *ioc;
AMFDataType amf_type;
char str_val[1024];
double num_val;
amf_date date;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
Reported by FlawFinder.
Line: 712
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream av_unused *dstream;
AVIOContext *ioc;
int i;
char buffer[32];
astream = NULL;
vstream = NULL;
dstream = NULL;
ioc = s->pb;
Reported by FlawFinder.
Line: 908
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
AVIOContext *pb = s->pb;
AVStream *st = NULL;
char buf[20];
int ret = AVERROR_INVALIDDATA;
int i, length = -1;
int array = 0;
switch (avio_r8(pb)) {
Reported by FlawFinder.
Line: 330
Column: 53
CWE codes:
120
20
}
static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream,
int flv_codecid, int read)
{
int ret = 0;
AVCodecParameters *par = vstream->codecpar;
enum AVCodecID old_codec_id = vstream->codecpar->codec_id;
switch (flv_codecid) {
Reported by FlawFinder.
Line: 353
Column: 13
CWE codes:
120
20
case FLV_CODECID_VP6A:
if (flv_codecid == FLV_CODECID_VP6A)
par->codec_id = AV_CODEC_ID_VP6A;
if (read) {
if (par->extradata_size != 1) {
ff_alloc_extradata(par, 1);
}
if (par->extradata)
par->extradata[0] = avio_r8(s->pb);
Reported by FlawFinder.
libavcodec/aacsbr.c
6 issues
Line: 298
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
Reported by FlawFinder.
Line: 299
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sbr->reset) {
for (i = 0; i < h_SL; i++) {
memcpy(g_temp[i + 2*ch_data->t_env[0]], sbr->gain[0], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[i + 2*ch_data->t_env[0]], sbr->q_m[0], m_max * sizeof(sbr->q_m[0][0]));
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
Reported by FlawFinder.
Line: 303
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (h_SL) {
for (i = 0; i < 4; i++) {
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
Reported by FlawFinder.
Line: 306
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(g_temp[i + 2 * ch_data->t_env[0]],
g_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(g_temp[0]));
memcpy(q_temp[i + 2 * ch_data->t_env[0]],
q_temp[i + 2 * ch_data->t_env_num_env_old],
sizeof(q_temp[0]));
}
}
Reported by FlawFinder.
Line: 314
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
Reported by FlawFinder.
Line: 315
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
memcpy(g_temp[h_SL + i], sbr->gain[e], m_max * sizeof(sbr->gain[0][0]));
memcpy(q_temp[h_SL + i], sbr->q_m[e], m_max * sizeof(sbr->q_m[0][0]));
}
}
for (e = 0; e < ch_data->bs_num_env; e++) {
for (i = 2 * ch_data->t_env[e]; i < 2 * ch_data->t_env[e + 1]; i++) {
Reported by FlawFinder.
libavformat/gxfenc.c
6 issues
Line: 184
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gxf_write_mpeg_auxiliary(AVIOContext *pb, AVStream *st)
{
GXFStreamContext *sc = st->priv_data;
char buffer[1024];
int size, starting_line;
if (sc->iframes) {
sc->p_per_gop = sc->pframes / sc->iframes;
if (sc->pframes % sc->iframes)
Reported by FlawFinder.
Line: 262
Column: 17
CWE codes:
126
/* media file name */
avio_w8(pb, TRACK_NAME);
avio_w8(pb, strlen(ES_NAME_PATTERN) + 3);
avio_write(pb, ES_NAME_PATTERN, sizeof(ES_NAME_PATTERN) - 1);
avio_wb16(pb, sc->media_info);
avio_w8(pb, 0);
switch (sc->track_type) {
Reported by FlawFinder.
Line: 324
Column: 11
CWE codes:
126
filename++;
else
filename = s->url;
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
Reported by FlawFinder.
Line: 327
Column: 17
CWE codes:
126
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
avio_w8(pb, 0);
/* first field */
Reported by FlawFinder.
Line: 610
Column: 41
CWE codes:
126
avio_wl32(pb, 0); /* attributes rw, ro */
avio_wl32(pb, 0); /* mark in */
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
Reported by FlawFinder.
Line: 612
Column: 18
CWE codes:
126
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
avio_wl32(pb, sc->sample_size);
avio_wl32(pb, 0); /* reserved */
Reported by FlawFinder.
libavformat/spdifenc.c
6 issues
Line: 136
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
ctx->hd_buf[0] = tmp;
memcpy(&ctx->hd_buf[0][ctx->hd_buf_filled], pkt->data, pkt->size);
ctx->hd_buf_filled += pkt->size;
if (++ctx->hd_buf_count < repeat){
ctx->pkt_offset = 0;
return 0;
Reported by FlawFinder.
Line: 178
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sample_rate, int blocks)
{
IEC61937Context *ctx = s->priv_data;
static const char dtshd_start_code[10] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xfe };
int pkt_size = pkt->size;
int period;
int subtype;
if (!core_size) {
Reported by FlawFinder.
Line: 244
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->out_buf = ctx->hd_buf[0];
memcpy(ctx->hd_buf[0], dtshd_start_code, sizeof(dtshd_start_code));
AV_WB16(ctx->hd_buf[0] + sizeof(dtshd_start_code), pkt_size);
memcpy(ctx->hd_buf[0] + sizeof(dtshd_start_code) + 2, pkt->data, pkt_size);
return 0;
}
Reported by FlawFinder.
Line: 246
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ctx->hd_buf[0], dtshd_start_code, sizeof(dtshd_start_code));
AV_WB16(ctx->hd_buf[0] + sizeof(dtshd_start_code), pkt_size);
memcpy(ctx->hd_buf[0] + sizeof(dtshd_start_code) + 2, pkt->data, pkt_size);
return 0;
}
static int spdif_header_dts(AVFormatContext *s, AVPacket *pkt)
Reported by FlawFinder.
Line: 496
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* time to insert MAT code */
int code_len = mat_codes[next_code_idx].len;
int code_len_remaining = code_len;
memcpy(hd_buf + mat_codes[next_code_idx].pos,
mat_codes[next_code_idx].code, code_len);
ctx->hd_buf_filled += code_len;
next_code_idx++;
if (next_code_idx == FF_ARRAY_ELEMS(mat_codes)) {
Reported by FlawFinder.
Line: 543
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int data_to_insert = FFMIN(mat_codes[next_code_idx].pos - ctx->hd_buf_filled,
data_remaining);
memcpy(hd_buf + ctx->hd_buf_filled, dataptr, data_to_insert);
ctx->hd_buf_filled += data_to_insert;
dataptr += data_to_insert;
data_remaining -= data_to_insert;
}
}
Reported by FlawFinder.
libavcodec/sp5xdec.c
6 issues
Line: 53
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xFF;
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
Reported by FlawFinder.
Line: 54
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 55
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
Reported by FlawFinder.
Line: 66
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
j += sizeof(sp5x_data_sos);
if(avctx->codec_id==AV_CODEC_ID_AMV)
for (i = 2; i < buf_size-2 && j < buf_size+1024-2; i++)
recoded[j++] = buf[i];
Reported by FlawFinder.
libavfilter/f_sendcmd.c
6 issues
Line: 158
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
flag_buf, interval_count, cmd_count);
return AVERROR(EINVAL);
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_file_unmap(file_buf, file_bufsize);
return AVERROR(ENOMEM);
}
memcpy(buf, file_buf, file_bufsize);
buf[file_bufsize] = 0;
av_file_unmap(file_buf, file_bufsize);
s->commands_str = buf;
}
Reported by FlawFinder.
Line: 518
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; flags && j < interval->nb_commands; j++) {
Command *cmd = &interval->commands[j];
char *cmd_arg = cmd->arg;
char buf[1024];
if (cmd->flags & flags) {
if (cmd->flags & COMMAND_FLAG_EXPR) {
double var_values[VAR_VARS_NB], res;
double start = TS2T(interval->start_ts, AV_TIME_BASE_Q);
Reported by FlawFinder.
Line: 154
Column: 46
CWE codes:
126
while (**buf) {
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
Reported by FlawFinder.
Line: 155
Column: 46
CWE codes:
126
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
Reported by FlawFinder.
Line: 156
Column: 46
CWE codes:
126
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
Reported by FlawFinder.
libavformat/sapenc.c
6 issues
Line: 71
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sap_write_header(AVFormatContext *s)
{
struct SAPState *sap = s->priv_data;
char host[1024], path[1024], url[1024], announce_addr[50] = "";
char *option_list;
int port = 9875, base_port = 5004, i, pos = 0, same_port = 0, ttl = 255;
AVFormatContext **contexts = NULL;
int ret = 0;
struct sockaddr_storage localaddr;
Reported by FlawFinder.
Line: 93
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* search for options */
option_list = strrchr(path, '?');
if (option_list) {
char buf[50];
if (av_find_info_tag(buf, sizeof(buf), "announce_port", option_list)) {
port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "same_port", option_list)) {
same_port = strtol(buf, NULL, 10);
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(&sap->ann[pos], av_get_random_seed());
pos += 2;
if (localaddr.ss_family == AF_INET) {
memcpy(&sap->ann[pos], &((struct sockaddr_in*)&localaddr)->sin_addr,
sizeof(struct in_addr));
pos += sizeof(struct in_addr);
#if HAVE_STRUCT_SOCKADDR_IN6
} else {
memcpy(&sap->ann[pos], &((struct sockaddr_in6*)&localaddr)->sin6_addr,
Reported by FlawFinder.
Line: 220
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += sizeof(struct in_addr);
#if HAVE_STRUCT_SOCKADDR_IN6
} else {
memcpy(&sap->ann[pos], &((struct sockaddr_in6*)&localaddr)->sin6_addr,
sizeof(struct in6_addr));
pos += sizeof(struct in6_addr);
#endif
}
Reported by FlawFinder.
Line: 227
Column: 12
CWE codes:
126
}
av_strlcpy(&sap->ann[pos], "application/sdp", sap->ann_size - pos);
pos += strlen(&sap->ann[pos]) + 1;
if (av_sdp_create(contexts, s->nb_streams, &sap->ann[pos],
sap->ann_size - pos)) {
ret = AVERROR_INVALIDDATA;
goto fail;
Reported by FlawFinder.
Line: 236
Column: 12
CWE codes:
126
}
av_freep(&contexts);
av_log(s, AV_LOG_VERBOSE, "SDP:\n%s\n", &sap->ann[pos]);
pos += strlen(&sap->ann[pos]);
sap->ann_size = pos;
if (sap->ann_size > sap->ann_fd->max_packet_size) {
av_log(s, AV_LOG_ERROR, "Announcement too large to send in one "
"packet\n");
Reported by FlawFinder.
libavcodec/evrcdec.c
6 issues
Line: 617
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sum2 += e->postfilter_residual[i] * e->postfilter_residual[i - best];
if (sum2 * sum1 == 0 || e->bitrate == RATE_QUANT) {
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
} else {
gamma = sum2 / sum1;
if (gamma < 0.5)
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
else {
Reported by FlawFinder.
Line: 621
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
gamma = sum2 / sum1;
if (gamma < 0.5)
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
else {
gamma = FFMIN(gamma, 1.0);
for (i = 0; i < length; i++) {
temp[i] = e->postfilter_residual[ACB_SIZE + i] + gamma *
Reported by FlawFinder.
Line: 632
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(scratch, temp, length * sizeof(float));
memcpy(mem, e->postfilter_iir, FILTER_ORDER * sizeof(float));
synthesis_filter(scratch, wcoef2, mem, length, scratch);
/* Gain computation, TIA/IS-127 5.9.4-2 */
for (i = 0, sum1 = 0, sum2 = 0; i < length; i++) {
Reported by FlawFinder.
Line: 633
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(scratch, temp, length * sizeof(float));
memcpy(mem, e->postfilter_iir, FILTER_ORDER * sizeof(float));
synthesis_filter(scratch, wcoef2, mem, length, scratch);
/* Gain computation, TIA/IS-127 5.9.4-2 */
for (i = 0, sum1 = 0, sum2 = 0; i < length; i++) {
sum1 += in[i] * in[i];
Reported by FlawFinder.
Line: 669
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (e->prev_error_flag)
e->avg_acb_gain *= 0.75;
if (e->bitrate == RATE_FULL)
memcpy(e->pitch_back, e->pitch, ACB_SIZE * sizeof(float));
if (e->last_valid_bitrate == RATE_QUANT)
e->bitrate = RATE_QUANT;
else
e->bitrate = RATE_FULL;
Reported by FlawFinder.
Line: 811
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->bitrate == RATE_FULL && e->prev_error_flag) {
float delay;
memcpy(e->pitch, e->pitch_back, ACB_SIZE * sizeof(float));
delay = e->prev_pitch_delay;
e->prev_pitch_delay = delay - e->frame.delay_diff + 16.0;
if (fabs(e->pitch_delay - delay) > 15)
Reported by FlawFinder.
libavfilter/median_template.c
6 issues
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.