The following issues were found
libavcodec/sp5xdec.c
6 issues
Line: 53
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xFF;
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
Reported by FlawFinder.
Line: 54
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
recoded[j++] = 0xD8;
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 55
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dqt[0], sizeof(sp5x_data_dqt));
memcpy(recoded + j + 5, &sp5x_qscale_five_quant_table[0], 64);
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
Reported by FlawFinder.
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded + j + 70, &sp5x_qscale_five_quant_table[1], 64);
j += sizeof(sp5x_data_dqt);
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(recoded+j, &sp5x_data_dht[0], sizeof(sp5x_data_dht));
j += sizeof(sp5x_data_dht);
memcpy(recoded+j, &sp5x_data_sof[0], sizeof(sp5x_data_sof));
AV_WB16(recoded+j+5, avctx->coded_height);
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
Reported by FlawFinder.
Line: 66
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(recoded+j+7, avctx->coded_width);
j += sizeof(sp5x_data_sof);
memcpy(recoded+j, &sp5x_data_sos[0], sizeof(sp5x_data_sos));
j += sizeof(sp5x_data_sos);
if(avctx->codec_id==AV_CODEC_ID_AMV)
for (i = 2; i < buf_size-2 && j < buf_size+1024-2; i++)
recoded[j++] = buf[i];
Reported by FlawFinder.
libavcodec/dxa.c
6 issues
Line: 90
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0: // skip
case 5: // skip in method 12
for(y = 0; y < 4; y++){
memcpy(tmp, tmp2, 4);
tmp += stride;
tmp2 += stride;
}
break;
case 1: // masked change
Reported by FlawFinder.
Line: 128
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 3: // raw block
for(y = 0; y < 4; y++){
memcpy(tmp, data, 4);
data += 4;
tmp += stride;
}
break;
case 8: // subblocks - method 13 only
Reported by FlawFinder.
Line: 234
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;
memcpy(frame->data[1], c->pal, AVPALETTE_SIZE);
frame->palette_has_changed = pc;
outptr = frame->data[0];
srcptr = c->decomp_buf;
tmpptr = c->prev->data[0];
Reported by FlawFinder.
Line: 266
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame->key_frame = 0;
frame->pict_type = AV_PICTURE_TYPE_P;
if (c->prev->data[0])
memcpy(frame->data[0], c->prev->data[0], frame->linesize[0] * avctx->height);
else{ // Should happen only when first frame is 'NULL'
memset(frame->data[0], 0, frame->linesize[0] * avctx->height);
frame->key_frame = 1;
frame->pict_type = AV_PICTURE_TYPE_I;
}
Reported by FlawFinder.
Line: 278
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame->key_frame = 1;
frame->pict_type = AV_PICTURE_TYPE_I;
for (j = 0; j < avctx->height; j++) {
memcpy(outptr, srcptr, avctx->width);
outptr += stride;
srcptr += avctx->width;
}
break;
case 3:
Reported by FlawFinder.
Line: 298
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outptr[i] = srcptr[i] ^ tmpptr[i];
tmpptr += stride;
}else
memcpy(outptr, srcptr, avctx->width);
outptr += stride;
srcptr += avctx->width;
}
break;
case 12: // ScummVM coding
Reported by FlawFinder.
libavfilter/median_template.c
6 issues
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
Line: 130
CWE codes:
788
}
av_assert0(k < BINS);
if (luc[k] <= j - radius) {
memset(&fine[k], 0, BINS * sizeof(htype));
for (luc[k] = j - radius; luc[k] < FFMIN(j + radius + 1, width); luc[k]++)
s->hadd(fine[k], &cfine[BINS * (width * k + luc[k])], BINS);
if (luc[k] < j + radius + 1) {
s->hmuladd(&fine[k][0], &cfine[BINS * (width * k + width - 1)], j + radius + 1 - width, BINS);
Reported by Cppcheck.
libavformat/gxfenc.c
6 issues
Line: 184
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gxf_write_mpeg_auxiliary(AVIOContext *pb, AVStream *st)
{
GXFStreamContext *sc = st->priv_data;
char buffer[1024];
int size, starting_line;
if (sc->iframes) {
sc->p_per_gop = sc->pframes / sc->iframes;
if (sc->pframes % sc->iframes)
Reported by FlawFinder.
Line: 262
Column: 17
CWE codes:
126
/* media file name */
avio_w8(pb, TRACK_NAME);
avio_w8(pb, strlen(ES_NAME_PATTERN) + 3);
avio_write(pb, ES_NAME_PATTERN, sizeof(ES_NAME_PATTERN) - 1);
avio_wb16(pb, sc->media_info);
avio_w8(pb, 0);
switch (sc->track_type) {
Reported by FlawFinder.
Line: 324
Column: 11
CWE codes:
126
filename++;
else
filename = s->url;
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
Reported by FlawFinder.
Line: 327
Column: 17
CWE codes:
126
len = strlen(filename);
avio_w8(pb, MAT_NAME);
avio_w8(pb, strlen(SERVER_PATH) + len + 1);
avio_write(pb, SERVER_PATH, sizeof(SERVER_PATH) - 1);
avio_write(pb, filename, len);
avio_w8(pb, 0);
/* first field */
Reported by FlawFinder.
Line: 610
Column: 41
CWE codes:
126
avio_wl32(pb, 0); /* attributes rw, ro */
avio_wl32(pb, 0); /* mark in */
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
Reported by FlawFinder.
Line: 612
Column: 18
CWE codes:
126
avio_wl32(pb, gxf->nb_fields); /* mark out */
avio_write(pb, ES_NAME_PATTERN, strlen(ES_NAME_PATTERN));
avio_wb16(pb, sc->media_info);
for (j = strlen(ES_NAME_PATTERN)+2; j < 88; j++)
avio_w8(pb, 0);
avio_wl32(pb, sc->track_type);
avio_wl32(pb, sc->sample_rate);
avio_wl32(pb, sc->sample_size);
avio_wl32(pb, 0); /* reserved */
Reported by FlawFinder.
libavformat/flvdec.c
6 issues
Line: 410
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FLVContext *flv = s->priv_data;
unsigned int timeslen = 0, fileposlen = 0, i;
char str_val[256];
int64_t *times = NULL;
int64_t *filepositions = NULL;
int ret = AVERROR(ENOSYS);
int64_t initial_pos = avio_tell(ioc);
Reported by FlawFinder.
Line: 504
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FLVContext *flv = s->priv_data;
AVIOContext *ioc;
AMFDataType amf_type;
char str_val[1024];
double num_val;
amf_date date;
if (depth > MAX_DEPTH)
return AVERROR_PATCHWELCOME;
Reported by FlawFinder.
Line: 712
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream av_unused *dstream;
AVIOContext *ioc;
int i;
char buffer[32];
astream = NULL;
vstream = NULL;
dstream = NULL;
ioc = s->pb;
Reported by FlawFinder.
Line: 908
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
AVIOContext *pb = s->pb;
AVStream *st = NULL;
char buf[20];
int ret = AVERROR_INVALIDDATA;
int i, length = -1;
int array = 0;
switch (avio_r8(pb)) {
Reported by FlawFinder.
Line: 330
Column: 53
CWE codes:
120
20
}
static int flv_set_video_codec(AVFormatContext *s, AVStream *vstream,
int flv_codecid, int read)
{
int ret = 0;
AVCodecParameters *par = vstream->codecpar;
enum AVCodecID old_codec_id = vstream->codecpar->codec_id;
switch (flv_codecid) {
Reported by FlawFinder.
Line: 353
Column: 13
CWE codes:
120
20
case FLV_CODECID_VP6A:
if (flv_codecid == FLV_CODECID_VP6A)
par->codec_id = AV_CODEC_ID_VP6A;
if (read) {
if (par->extradata_size != 1) {
ff_alloc_extradata(par, 1);
}
if (par->extradata)
par->extradata[0] = avio_r8(s->pb);
Reported by FlawFinder.
libavfilter/dnn/dnn_backend_tf.c
6 issues
Line: 503
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Tensor *kernel_tensor = NULL, *biases_tensor = NULL;
int64_t dims[4];
int dims_len;
char name_buffer[NAME_BUFFER_SIZE];
int32_t size;
size = params->input_num * params->output_num * params->kernel_size * params->kernel_size;
input.index = 0;
Reported by FlawFinder.
Line: 518
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[3] = params->input_num;
dims_len = 4;
kernel_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, size * sizeof(float));
memcpy(TF_TensorData(kernel_tensor), params->kernel, size * sizeof(float));
TF_SetAttrTensor(op_desc, "value", kernel_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 561
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dims[0] = params->output_num;
dims_len = 1;
biases_tensor = TF_AllocateTensor(TF_FLOAT, dims, dims_len, params->output_num * sizeof(float));
memcpy(TF_TensorData(biases_tensor), params->biases, params->output_num * sizeof(float));
TF_SetAttrTensor(op_desc, "value", biases_tensor, tf_model->status);
if (TF_GetCode(tf_model->status) != TF_OK){
goto err;
}
op = TF_FinishOperation(op_desc, tf_model->status);
Reported by FlawFinder.
Line: 620
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TFContext *ctx = &tf_model->ctx;
TF_OperationDescription *op_desc;
TF_Output input;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "depth_to_space%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "DepthToSpace", name_buffer);
input.oper = *cur_op;
input.index = 0;
Reported by FlawFinder.
Line: 649
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int32_t *pads;
int64_t pads_shape[] = {4, 2};
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "pad%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_INT32);
tensor = TF_AllocateTensor(TF_INT32, pads_shape, 2, 4 * 2 * sizeof(int32_t));
Reported by FlawFinder.
Line: 706
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TF_Output input;
float *y;
char name_buffer[NAME_BUFFER_SIZE];
snprintf(name_buffer, NAME_BUFFER_SIZE, "maximum/y%d", layer);
op_desc = TF_NewOperation(tf_model->graph, "Const", name_buffer);
TF_SetAttrType(op_desc, "dtype", TF_FLOAT);
tensor = TF_AllocateTensor(TF_FLOAT, NULL, 0, TF_DataTypeSize(TF_FLOAT));
Reported by FlawFinder.
libavfilter/f_sendcmd.c
6 issues
Line: 158
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
flag_buf, interval_count, cmd_count);
return AVERROR(EINVAL);
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_file_unmap(file_buf, file_bufsize);
return AVERROR(ENOMEM);
}
memcpy(buf, file_buf, file_bufsize);
buf[file_bufsize] = 0;
av_file_unmap(file_buf, file_bufsize);
s->commands_str = buf;
}
Reported by FlawFinder.
Line: 518
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; flags && j < interval->nb_commands; j++) {
Command *cmd = &interval->commands[j];
char *cmd_arg = cmd->arg;
char buf[1024];
if (cmd->flags & flags) {
if (cmd->flags & COMMAND_FLAG_EXPR) {
double var_values[VAR_VARS_NB], res;
double start = TS2T(interval->start_ts, AV_TIME_BASE_Q);
Reported by FlawFinder.
Line: 154
Column: 46
CWE codes:
126
while (**buf) {
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
Reported by FlawFinder.
Line: 155
Column: 46
CWE codes:
126
int len = strcspn(*buf, "|+]");
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
Reported by FlawFinder.
Line: 156
Column: 46
CWE codes:
126
if (!strncmp(*buf, "enter", strlen("enter"))) cmd->flags |= COMMAND_FLAG_ENTER;
else if (!strncmp(*buf, "leave", strlen("leave"))) cmd->flags |= COMMAND_FLAG_LEAVE;
else if (!strncmp(*buf, "expr", strlen("expr"))) cmd->flags |= COMMAND_FLAG_EXPR;
else {
char flag_buf[64];
av_strlcpy(flag_buf, *buf, sizeof(flag_buf));
av_log(log_ctx, AV_LOG_ERROR,
"Unknown flag '%s' in interval #%d, command #%d\n",
Reported by FlawFinder.
libavcodec/rasc.c
6 issues
Line: 88
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dstp = dst->data[0];
for (int y = 0; y < avctx->height; y++) {
memcpy(dstp, srcp, s->stride);
srcp += src->linesize[0];
dstp += dst->linesize[0];
}
}
Reported by FlawFinder.
Line: 285
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (type == 2) {
for (int j = 0; j < h; j++) {
memcpy(b1, b2, w * s->bpp);
b1 -= s->frame1->linesize[0];
b2 -= s->frame2->linesize[0];
}
} else if (type == 1) {
for (int j = 0; j < h; j++) {
Reported by FlawFinder.
Line: 303
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
for (int j = 0; j < h; j++) {
memcpy(buffer + j * w * s->bpp, e2, w * s->bpp);
e2 -= s->frame2->linesize[0];
}
for (int j = 0; j < h; j++) {
memcpy(b2, buffer + j * w * s->bpp, w * s->bpp);
Reported by FlawFinder.
Line: 308
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (int j = 0; j < h; j++) {
memcpy(b2, buffer + j * w * s->bpp, w * s->bpp);
b2 -= s->frame2->linesize[0];
}
} else {
return AVERROR_INVALIDDATA;
}
Reported by FlawFinder.
Line: 565
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uncompressed_size);
if (ret < 0)
return ret;
memcpy(s->cursor, s->delta, uncompressed_size);
bytestream2_skip(gb, size - (bytestream2_tell(gb) - pos));
s->cursor_w = w;
s->cursor_h = h;
Reported by FlawFinder.
Line: 738
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_plane(avctx, s->frame2, s->frame);
if (avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(s->frame->data[1], s->frame2->data[1], 1024);
if (!s->skip_cursor)
draw_cursor(avctx);
s->frame->key_frame = intra;
s->frame->pict_type = intra ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
Reported by FlawFinder.
compat/msvcrt/snprintf.h
6 issues
Line: 31
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int avpriv_snprintf(char *s, size_t n, const char *fmt, ...);
int avpriv_vsnprintf(char *s, size_t n, const char *fmt, va_list ap);
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
Reported by FlawFinder.
Line: 32
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int avpriv_vsnprintf(char *s, size_t n, const char *fmt, va_list ap);
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
Reported by FlawFinder.
Line: 33
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 34
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 35
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
libavformat/flic.c
6 issues
Line: 90
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FlicDemuxContext *flic = s->priv_data;
AVIOContext *pb = s->pb;
unsigned char header[FLIC_HEADER_SIZE];
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
Reported by FlawFinder.
Line: 94
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st, *ast;
int speed, ret;
int magic_number;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
flic->frame_number = 0;
/* load the whole header and pull out the width and height */
if (avio_read(pb, header, FLIC_HEADER_SIZE) != FLIC_HEADER_SIZE)
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over the whole 128-byte FLIC header */
if ((ret = ff_alloc_extradata(st->codecpar, FLIC_HEADER_SIZE)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, FLIC_HEADER_SIZE);
/* peek at the preamble to detect TFTD videos - they seem to always start with an audio chunk */
if (avio_read(pb, preamble, FLIC_PREAMBLE_SIZE) != FLIC_PREAMBLE_SIZE) {
av_log(s, AV_LOG_ERROR, "Failed to peek at preamble\n");
return AVERROR(EIO);
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* send over abbreviated FLIC header chunk */
if ((ret = ff_alloc_extradata(st->codecpar, 12)) < 0)
return ret;
memcpy(st->codecpar->extradata, header, 12);
} else if (magic_number == FLIC_FILE_MAGIC_1) {
avpriv_set_pts_info(st, 64, speed, 70);
} else if ((magic_number == FLIC_FILE_MAGIC_2) ||
(magic_number == FLIC_FILE_MAGIC_3)) {
Reported by FlawFinder.
Line: 204
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int size;
int magic;
int ret = 0;
unsigned char preamble[FLIC_PREAMBLE_SIZE];
int64_t pos = avio_tell(pb);
while (!packet_read && !avio_feof(pb)) {
if ((ret = avio_read(pb, preamble, FLIC_PREAMBLE_SIZE)) !=
Reported by FlawFinder.
Line: 224
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->stream_index = flic->video_stream_index;
pkt->pos = pos;
memcpy(pkt->data, preamble, FLIC_PREAMBLE_SIZE);
ret = avio_read(pb, pkt->data + FLIC_PREAMBLE_SIZE,
size - FLIC_PREAMBLE_SIZE);
if (ret != size - FLIC_PREAMBLE_SIZE) {
ret = AVERROR(EIO);
}
Reported by FlawFinder.