The following issues were found
libavformat/flvdec.c
6 issues
Line: 410
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FLVContext *flv = s->priv_data;
unsigned int timeslen = 0, fileposlen = 0, i;
char str_val[256];
int64_t *times = NULL;
int64_t *filepositions = NULL;
int ret = AVERROR(ENOSYS);
int64_t initial_pos = avio_tell(ioc);
Reported by FlawFinder.
Line: 504
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FLVContext *flv = s->priv_data;
AVIOContext *ioc;
AMFDataType amf_type;
char str_val[1024];
double num_val;
amf_date date;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
Reported by FlawFinder.
Line: 712
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream av_unused *dstream;
AVIOContext *ioc;
int i;
char buffer[32];
astream = NULL;
vstream = NULL;
dstream = NULL;
ioc = s->pb;
Reported by FlawFinder.
Line: 908
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
AVIOContext *pb = s->pb;
AVStream *st = NULL;
char buf[20];
int ret = AVERROR_INVALIDDATA;
int i, length = -1;
int array = 0;
switch (avio_r8(pb)) {
Reported by FlawFinder.
Line: 330
Column: 53
CWE codes:
120
20
}
static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream,
int flv_codecid, int read)
{
int ret = 0;
AVCodecParameters *par = vstream->codecpar;
enum AVCodecID old_codec_id = vstream->codecpar->codec_id;
switch (flv_codecid) {
Reported by FlawFinder.
Line: 353
Column: 13
CWE codes:
120
20
case FLV_CODECID_VP6A:
if (flv_codecid == FLV_CODECID_VP6A)
par->codec_id = AV_CODEC_ID_VP6A;
if (read) {
if (par->extradata_size != 1) {
ff_alloc_extradata(par, 1);
}
if (par->extradata)
par->extradata[0] = avio_r8(s->pb);
Reported by FlawFinder.
libavformat/oggdec.c
6 issues
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ost->curidx = ogg->curidx;
ost->next = ogg->state;
ost->nstreams = ogg->nstreams;
memcpy(ost->streams, ogg->streams, ogg->nstreams * sizeof(*ogg->streams));
for (i = 0; i < ogg->nstreams; i++) {
struct ogg_stream *os = ogg->streams + i;
os->buf = av_mallocz(os->bufsize + AV_INPUT_BUFFER_PADDING_SIZE);
if (os->buf)
Reported by FlawFinder.
Line: 103
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ogg_stream *os = ogg->streams + i;
os->buf = av_mallocz(os->bufsize + AV_INPUT_BUFFER_PADDING_SIZE);
if (os->buf)
memcpy(os->buf, ost->streams[i].buf, os->bufpos);
else
ret = AVERROR(ENOMEM);
os->new_metadata = NULL;
os->new_metadata_size = 0;
}
Reported by FlawFinder.
Line: 149
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ogg->nstreams = 0;
return err;
} else
memcpy(ogg->streams, ost->streams,
ost->nstreams * sizeof(*ogg->streams));
av_free(ost);
return 0;
Reported by FlawFinder.
Line: 451
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(os->buf + os->bufpos, readout_buf, size);
av_free(readout_buf);
}
ogg->page_pos = page_pos;
os->page_pos = page_pos;
Reported by FlawFinder.
Line: 463
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
os->bufpos += size;
os->granule = gp;
os->flags = flags;
memcpy(os->segments, segments, nsegs);
memset(os->buf + os->bufpos, 0, AV_INPUT_BUFFER_PADDING_SIZE);
if (flags & OGG_FLAG_CONT || os->incomplete) {
if (!os->psize) {
// If this is the very first segment we started
Reported by FlawFinder.
Line: 855
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
pkt->stream_index = idx;
memcpy(pkt->data, os->buf + pstart, psize);
pkt->pts = pts;
pkt->dts = dts;
pkt->flags = os->pflags;
pkt->duration = os->pduration;
Reported by FlawFinder.
libavformat/flic.c
6 issues
Line: 90
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FlicDemuxContext *flic = s->priv_data;
AVIOContext *pb = s->pb;
unsigned char header[FLIC_HEADER_SIZE];
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
Reported by FlawFinder.
Line: 94
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
flic->frame_number = 0;
/* load the whole header and pull out the width and height */
if (avio_read(pb, header, FLIC_HEADER_SIZE) != FLIC_HEADER_SIZE)
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over the whole 128-byte FLIC header */
if ((ret = ff_alloc_extradata(st->codecpar, FLIC_HEADER_SIZE)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, FLIC_HEADER_SIZE);
/* peek at the preamble to detect TFTD videos - they seem to always start with an audio chunk */
if (avio_read(pb, preamble, FLIC_PREAMBLE_SIZE) != FLIC_PREAMBLE_SIZE) {
av_log(s, AV_LOG_ERROR, "Failed to peek at preamble\n");
return AVERROR(EIO);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over abbreviated FLIC header chunk */
if ((ret = ff_alloc_extradata(st->codecpar, 12)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, 12);
} else if (magic_number == FLIC_FILE_MAGIC_1) {
avpriv_set_pts_info(st, 64, speed, 70);
} else if ((magic_number == FLIC_FILE_MAGIC_2) ||
(magic_number == FLIC_FILE_MAGIC_3)) {
Reported by FlawFinder.
Line: 204
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int size;
int magic;
int ret = 0;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
int64_t pos = avio_tell(pb);
while (!packet_read && !avio_feof(pb)) {
if ((ret = avio_read(pb, preamble, FLIC_PREAMBLE_SIZE)) !=
Reported by FlawFinder.
Line: 224
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->stream_index = flic->video_stream_index;
pkt->pos = pos;
memcpy(pkt->data, preamble, FLIC_PREAMBLE_SIZE);
ret = avio_read(pb, pkt->data + FLIC_PREAMBLE_SIZE,
size - FLIC_PREAMBLE_SIZE);
if (ret != size - FLIC_PREAMBLE_SIZE) {
ret = AVERROR(EIO);
}
Reported by FlawFinder.
libavcodec/evrcdec.c
6 issues
Line: 617
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sum2 += e->postfilter_residual[i] * e->postfilter_residual[i - best];
if (sum2 * sum1 == 0 || e->bitrate == RATE_QUANT) {
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
} else {
gamma = sum2 / sum1;
if (gamma < 0.5)
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
else {
Reported by FlawFinder.
Line: 621
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
gamma = sum2 / sum1;
if (gamma < 0.5)
memcpy(temp, e->postfilter_residual + ACB_SIZE, length * sizeof(float));
else {
gamma = FFMIN(gamma, 1.0);
for (i = 0; i < length; i++) {
temp[i] = e->postfilter_residual[ACB_SIZE + i] + gamma *
Reported by FlawFinder.
Line: 632
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(scratch, temp, length * sizeof(float));
memcpy(mem, e->postfilter_iir, FILTER_ORDER * sizeof(float));
synthesis_filter(scratch, wcoef2, mem, length, scratch);
/* Gain computation, TIA/IS-127 5.9.4-2 */
for (i = 0, sum1 = 0, sum2 = 0; i < length; i++) {
Reported by FlawFinder.
Line: 633
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(scratch, temp, length * sizeof(float));
memcpy(mem, e->postfilter_iir, FILTER_ORDER * sizeof(float));
synthesis_filter(scratch, wcoef2, mem, length, scratch);
/* Gain computation, TIA/IS-127 5.9.4-2 */
for (i = 0, sum1 = 0, sum2 = 0; i < length; i++) {
sum1 += in[i] * in[i];
Reported by FlawFinder.
Line: 669
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (e->prev_error_flag)
e->avg_acb_gain *= 0.75;
if (e->bitrate == RATE_FULL)
memcpy(e->pitch_back, e->pitch, ACB_SIZE * sizeof(float));
if (e->last_valid_bitrate == RATE_QUANT)
e->bitrate = RATE_QUANT;
else
e->bitrate = RATE_FULL;
Reported by FlawFinder.
Line: 811
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->bitrate == RATE_FULL && e->prev_error_flag) {
float delay;
memcpy(e->pitch, e->pitch_back, ACB_SIZE * sizeof(float));
delay = e->prev_pitch_delay;
e->prev_pitch_delay = delay - e->frame.delay_diff + 16.0;
if (fabs(e->pitch_delay - delay) > 15)
Reported by FlawFinder.
libavfilter/median_template.c
6 issues
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
libavformat/gxfenc.c
6 issues
Line: 184
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gxf_write_mpeg_auxiliary(AVIOContext *pb, AVStream *st)
{
GXFStreamContext *sc = st->priv_data;
char buffer[1024];
int size, starting_line;
if (sc->iframes) {
sc->p_per_gop = sc->pframes / sc->iframes;
if (sc->pframes % sc->iframes)
Reported by FlawFinder.
Line: 262
Column: 17
CWE codes:
126
/* media file name */
avio_w8(pb, TRACK_NAME);
avio_w8(pb, strlen(ES_NAME_PATTERN) + 3);
avio_write(pb, ES_NAME_PATTERN, sizeof(ES_NAME_PATTERN) - 1);
avio_wb16(pb, sc->media_info);
avio_w8(pb, 0);
switch (sc->track_type) {
Reported by FlawFinder.
Line: 324
Column: 11
CWE codes:
126
filename++;
else
filename = s->url;
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
Reported by FlawFinder.
Line: 327
Column: 17
CWE codes:
126
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
avio_w8(pb, 0);
/* first field */
Reported by FlawFinder.
Line: 610
Column: 41
CWE codes:
126
avio_wl32(pb, 0); /* attributes rw, ro */
avio_wl32(pb, 0); /* mark in */
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
Reported by FlawFinder.
Line: 612
Column: 18
CWE codes:
126
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
avio_wl32(pb, sc->sample_size);
avio_wl32(pb, 0); /* reserved */
Reported by FlawFinder.
libavformat/tls_securetransport.c
6 issues
Line: 202
Column: 9
CWE codes:
120
20
TLSContext *c = h->priv_data;
size_t requested = *dataLength;
int read = ffurl_read(c->tls_shared.tcp, data, requested);
if (read <= 0) {
*dataLength = 0;
switch(AVUNERROR(read)) {
case ENOENT:
case 0:
return errSSLClosedGraceful;
Reported by FlawFinder.
Line: 204
Column: 26
CWE codes:
120
20
int read = ffurl_read(c->tls_shared.tcp, data, requested);
if (read <= 0) {
*dataLength = 0;
switch(AVUNERROR(read)) {
case ENOENT:
case 0:
return errSSLClosedGraceful;
case ECONNRESET:
return errSSLClosedAbort;
Reported by FlawFinder.
Line: 291
Column: 64
CWE codes:
126
if (s->cert_file)
if ((ret = load_cert(h)) < 0)
goto fail;
CHECK_ERROR(SSLSetPeerDomainName, c->ssl_context, s->host, strlen(s->host));
CHECK_ERROR(SSLSetIOFuncs, c->ssl_context, tls_read_cb, tls_write_cb);
CHECK_ERROR(SSLSetConnection, c->ssl_context, h);
while (1) {
OSStatus status = SSLHandshake(c->ssl_context);
if (status == errSSLServerAuthCompleted) {
Reported by FlawFinder.
libavcodec/eacmv.c
6 issues
Line: 66
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i=0; i < s->avctx->height && buf_end - buf >= s->avctx->width; i++) {
memcpy(dst, buf, s->avctx->width);
dst += frame->linesize[0];
buf += s->avctx->width;
}
}
Reported by FlawFinder.
Line: 104
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char *dst = frame->data[0] + (y*4)*frame->linesize[0] + x*4;
if (raw+16<buf_end && *raw==0xFF) { /* intra */
raw++;
memcpy(dst, raw, 4);
memcpy(dst + frame->linesize[0], raw+4, 4);
memcpy(dst + 2 * frame->linesize[0], raw+8, 4);
memcpy(dst + 3 * frame->linesize[0], raw+12, 4);
raw+=16;
}else if(raw<buf_end) { /* inter using second-last frame as reference */
Reported by FlawFinder.
Line: 105
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (raw+16<buf_end && *raw==0xFF) { /* intra */
raw++;
memcpy(dst, raw, 4);
memcpy(dst + frame->linesize[0], raw+4, 4);
memcpy(dst + 2 * frame->linesize[0], raw+8, 4);
memcpy(dst + 3 * frame->linesize[0], raw+12, 4);
raw+=16;
}else if(raw<buf_end) { /* inter using second-last frame as reference */
int xoffset = (*raw & 0xF) - 7;
Reported by FlawFinder.
Line: 106
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
raw++;
memcpy(dst, raw, 4);
memcpy(dst + frame->linesize[0], raw+4, 4);
memcpy(dst + 2 * frame->linesize[0], raw+8, 4);
memcpy(dst + 3 * frame->linesize[0], raw+12, 4);
raw+=16;
}else if(raw<buf_end) { /* inter using second-last frame as reference */
int xoffset = (*raw & 0xF) - 7;
int yoffset = ((*raw >> 4)) - 7;
Reported by FlawFinder.
Line: 107
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, raw, 4);
memcpy(dst + frame->linesize[0], raw+4, 4);
memcpy(dst + 2 * frame->linesize[0], raw+8, 4);
memcpy(dst + 3 * frame->linesize[0], raw+12, 4);
raw+=16;
}else if(raw<buf_end) { /* inter using second-last frame as reference */
int xoffset = (*raw & 0xF) - 7;
int yoffset = ((*raw >> 4)) - 7;
if (s->last2_frame->data[0])
Reported by FlawFinder.
Line: 201
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;
memcpy(frame->data[1], s->palette, AVPALETTE_SIZE);
buf += EA_PREAMBLE_SIZE;
if ((buf[0]&1)) { // subtype
cmv_decode_inter(s, frame, buf+2, buf_end);
frame->key_frame = 0;
Reported by FlawFinder.
libavcodec/dxva2_vp9.c
6 issues
Line: 197
CWE codes:
908
}
#endif
dxva_data = dxva_data_ptr;
if (ctx_pic->slice.SliceBytesInBuffer > dxva_size) {
av_log(avctx, AV_LOG_ERROR, "Failed to build bitstream");
return -1;
}
Reported by Cppcheck.
Line: 199
CWE codes:
908
dxva_data = dxva_data_ptr;
if (ctx_pic->slice.SliceBytesInBuffer > dxva_size) {
av_log(avctx, AV_LOG_ERROR, "Failed to build bitstream");
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->slice.SliceBytesInBuffer);
Reported by Cppcheck.
Line: 204
CWE codes:
908
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->slice.SliceBytesInBuffer);
padding = FFMIN(128 - ((ctx_pic->slice.SliceBytesInBuffer) & 127), dxva_size - ctx_pic->slice.SliceBytesInBuffer);
if (padding > 0) {
memset(dxva_data + ctx_pic->slice.SliceBytesInBuffer, 0, padding);
ctx_pic->slice.SliceBytesInBuffer += padding;
Reported by Cppcheck.
Line: 208
CWE codes:
908
padding = FFMIN(128 - ((ctx_pic->slice.SliceBytesInBuffer) & 127), dxva_size - ctx_pic->slice.SliceBytesInBuffer);
if (padding > 0) {
memset(dxva_data + ctx_pic->slice.SliceBytesInBuffer, 0, padding);
ctx_pic->slice.SliceBytesInBuffer += padding;
}
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx))
Reported by Cppcheck.
Line: 247
CWE codes:
908
#endif
return ff_dxva2_commit_buffer(avctx, ctx, sc,
type,
&ctx_pic->slice, sizeof(ctx_pic->slice), 0);
}
static int dxva2_vp9_start_frame(AVCodecContext *avctx,
Reported by Cppcheck.
Line: 204
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
memcpy(dxva_data, ctx_pic->bitstream, ctx_pic->slice.SliceBytesInBuffer);
padding = FFMIN(128 - ((ctx_pic->slice.SliceBytesInBuffer) & 127), dxva_size - ctx_pic->slice.SliceBytesInBuffer);
if (padding > 0) {
memset(dxva_data + ctx_pic->slice.SliceBytesInBuffer, 0, padding);
ctx_pic->slice.SliceBytesInBuffer += padding;
Reported by FlawFinder.
libavfilter/f_sendcmd.c
6 issues
Line: 158
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
flag_buf, interval_count, cmd_count);
return AVERROR(EINVAL);
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_file_unmap(file_buf, file_bufsize);
return AVERROR(ENOMEM);
}
memcpy(buf, file_buf, file_bufsize);
buf[file_bufsize] = 0;
av_file_unmap(file_buf, file_bufsize);
s->commands_str = buf;
}
Reported by FlawFinder.
Line: 518
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; flags && j < interval->nb_commands; j++) {
Command *cmd = &interval->commands[j];
char *cmd_arg = cmd->arg;
char buf[1024];
if (cmd->flags & flags) {
if (cmd->flags & COMMAND_FLAG_EXPR) {
double var_values[VAR_VARS_NB], res;
double start = TS2T(interval->start_ts, AV_TIME_BASE_Q);
Reported by FlawFinder.
Line: 154
Column: 46
CWE codes:
126
while (**buf) {
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
Reported by FlawFinder.
Line: 155
Column: 46
CWE codes:
126
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
Reported by FlawFinder.
Line: 156
Column: 46
CWE codes:
126
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
Reported by FlawFinder.