The following issues were found
compat/msvcrt/snprintf.h
6 issues
Line: 31
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int avpriv_snprintf(char *s, size_t n, const char *fmt, ...);
int avpriv_vsnprintf(char *s, size_t n, const char *fmt, va_list ap);
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
Reported by FlawFinder.
Line: 32
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int avpriv_vsnprintf(char *s, size_t n, const char *fmt, va_list ap);
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
Reported by FlawFinder.
Line: 33
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 34
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef snprintf
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 35
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef _snprintf
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef vsnprintf
#define snprintf avpriv_snprintf
#define _snprintf avpriv_snprintf
#define vsnprintf avpriv_vsnprintf
#endif /* COMPAT_MSVCRT_SNPRINTF_H */
Reported by FlawFinder.
libswscale/tests/swscale.c
6 issues
Line: 310
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum AVPixelFormat srcFormat_in,
enum AVPixelFormat dstFormat_in)
{
char buf[256];
while (fgets(buf, sizeof(buf), fp)) {
struct Results r;
enum AVPixelFormat srcFormat;
char srcStr[21];
Reported by FlawFinder.
Line: 315
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (fgets(buf, sizeof(buf), fp)) {
struct Results r;
enum AVPixelFormat srcFormat;
char srcStr[21];
int srcW = 0, srcH = 0;
enum AVPixelFormat dstFormat;
char dstStr[21];
int dstW = 0, dstH = 0;
int flags;
Reported by FlawFinder.
Line: 318
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char srcStr[21];
int srcW = 0, srcH = 0;
enum AVPixelFormat dstFormat;
char dstStr[21];
int dstW = 0, dstH = 0;
int flags;
int ret;
ret = sscanf(buf,
Reported by FlawFinder.
Line: 385
Column: 18
CWE codes:
362
if (argv[i][0] != '-' || i + 1 == argc)
goto bad_option;
if (!strcmp(argv[i], "-ref")) {
fp = fopen(argv[i + 1], "r");
if (!fp) {
fprintf(stderr, "could not open '%s'\n", argv[i + 1]);
goto error;
}
} else if (!strcmp(argv[i], "-cpuflags")) {
Reported by FlawFinder.
Line: 323
Column: 15
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
int flags;
int ret;
ret = sscanf(buf,
" %20s %dx%d -> %20s %dx%d flags=%d CRC=%x"
" SSD=%"SCNu64 ", %"SCNu64 ", %"SCNu64 ", %"SCNu64 "\n",
srcStr, &srcW, &srcH, dstStr, &dstW, &dstH,
&flags, &r.crc, &r.ssdY, &r.ssdU, &r.ssdV, &r.ssdA);
if (ret != 12) {
Reported by FlawFinder.
Line: 330
Column: 25
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
&flags, &r.crc, &r.ssdY, &r.ssdU, &r.ssdV, &r.ssdA);
if (ret != 12) {
srcStr[0] = dstStr[0] = 0;
ret = sscanf(buf, "%20s -> %20s\n", srcStr, dstStr);
}
srcFormat = av_get_pix_fmt(srcStr);
dstFormat = av_get_pix_fmt(dstStr);
Reported by FlawFinder.
libavcodec/libaomenc.c
5 issues
Line: 307
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int val)
{
AOMContext *ctx = avctx->priv_data;
char buf[80];
int width = -30;
int res;
snprintf(buf, sizeof(buf), "%s:", ctlidstr[id]);
av_log(avctx, AV_LOG_DEBUG, " %*s%d\n", width, buf, val);
Reported by FlawFinder.
Line: 983
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Error getting output packet of size %"SIZE_SPECIFIER".\n", cx_frame->sz);
return ret;
}
memcpy(pkt->data, cx_frame->buf, pkt->size);
pkt->pts = pkt->dts = cx_frame->pts;
if (!!(cx_frame->flags & AOM_FRAME_IS_KEY)) {
pkt->flags |= AV_PKT_FLAG_KEY;
#ifdef AOM_FRAME_IS_INTRAONLY
Reported by FlawFinder.
Line: 1085
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_freep(&cx_frame);
return AVERROR(ENOMEM);
}
memcpy(cx_frame->buf, pkt->data.frame.buf, pkt->data.frame.sz);
coded_frame_add(&ctx->coded_frame_list, cx_frame);
}
break;
case AOM_CODEC_STATS_PKT:
{
Reported by FlawFinder.
Line: 1100
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_ERROR, "Stat buffer realloc failed\n");
return err;
}
memcpy((uint8_t *)stats->buf + stats->sz,
pkt->data.twopass_stats.buf, pkt->data.twopass_stats.sz);
stats->sz += pkt->data.twopass_stats.sz;
break;
}
#ifdef AOM_FRAME_IS_INTRAONLY
Reported by FlawFinder.
Line: 719
Column: 33
CWE codes:
126
return AVERROR_INVALIDDATA;
}
ctx->twopass_stats.sz = strlen(avctx->stats_in) * 3 / 4;
ret = av_reallocp(&ctx->twopass_stats.buf, ctx->twopass_stats.sz);
if (ret < 0) {
av_log(avctx, AV_LOG_ERROR,
"Stat buffer alloc (%"SIZE_SPECIFIER" bytes) failed\n",
ctx->twopass_stats.sz);
Reported by FlawFinder.
libavfilter/avf_showcqt.c
5 issues
Line: 1038
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ls = FFMIN(out->linesize[0], sono->linesize[0]);
for (y = 0; y < h; y++) {
memcpy(out->data[0] + (off + y) * out->linesize[0],
sono->data[0] + (idx + y) % h * sono->linesize[0], ls);
}
for (i = 1; i < nb_planes; i++) {
ls = FFMIN(out->linesize[i], sono->linesize[i]);
Reported by FlawFinder.
Line: 1046
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ls = FFMIN(out->linesize[i], sono->linesize[i]);
for (y = 0; y < h; y += inc) {
yh = (fmt == AV_PIX_FMT_YUV420P) ? y / 2 : y;
memcpy(out->data[i] + (offh + yh) * out->linesize[i],
sono->data[i] + (idx + y) % h * sono->linesize[i], ls);
}
}
}
Reported by FlawFinder.
Line: 1142
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
last_time = av_gettime_relative();
memcpy(s->fft_input, s->fft_data, s->fft_len * sizeof(*s->fft_data));
if (s->attack_data) {
int k;
for (k = 0; k < s->remaining_fill_max; k++) {
s->fft_input[s->fft_len/2+k].re *= s->attack_data[k];
s->fft_input[s->fft_len/2+k].im *= s->attack_data[k];
Reported by FlawFinder.
Line: 1235
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_cscheme(ShowCQTContext *s)
{
char tail[2];
int k;
if (sscanf(s->cscheme, " %f | %f | %f | %f | %f | %f %1s", &s->cscheme_v[0],
&s->cscheme_v[1], &s->cscheme_v[2], &s->cscheme_v[3], &s->cscheme_v[4],
&s->cscheme_v[5], tail) != 6)
Reported by FlawFinder.
Line: 1238
Column: 9
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
char tail[2];
int k;
if (sscanf(s->cscheme, " %f | %f | %f | %f | %f | %f %1s", &s->cscheme_v[0],
&s->cscheme_v[1], &s->cscheme_v[2], &s->cscheme_v[3], &s->cscheme_v[4],
&s->cscheme_v[5], tail) != 6)
goto fail;
for (k = 0; k < 6; k++)
Reported by FlawFinder.
libavcodec/lagarith.c
5 issues
Line: 412
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (zero_run) {
zero_run = 0;
i += esc_count;
memcpy(dst, src, i);
dst += i;
l->zeros_rem = lag_calc_zero_run(src[i]);
src += i + 1;
goto output_zeros;
Reported by FlawFinder.
Line: 419
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += i + 1;
goto output_zeros;
} else {
memcpy(dst, src, i);
src += i;
dst += i;
}
}
return src - src_start;
Reported by FlawFinder.
Line: 495
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR_INVALIDDATA; // buffer not big enough
/* Plane is stored uncompressed */
for (i = 0; i < height; i++) {
memcpy(dst + (i * stride), src, width);
src += width;
}
}
} else if (esc_count == 0xff) {
/* Plane is a solid run of given value */
Reported by FlawFinder.
Line: 473
Column: 13
CWE codes:
120
20
stride, esc_count);
}
if (read > length)
av_log(l->avctx, AV_LOG_WARNING,
"Output more bytes than length (%d of %"PRIu32")\n", read,
length);
} else if (esc_count < 8) {
esc_count -= 4;
Reported by FlawFinder.
Line: 475
Column: 73
CWE codes:
120
20
if (read > length)
av_log(l->avctx, AV_LOG_WARNING,
"Output more bytes than length (%d of %"PRIu32")\n", read,
length);
} else if (esc_count < 8) {
esc_count -= 4;
src ++;
src_size --;
Reported by FlawFinder.
libavcodec/proresenc_kostya.c
5 issues
Line: 303
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = FFMIN(h - y, 16);
for (j = 0; j < bh; j++) {
memcpy(emu_buf + j * 16,
(const uint8_t*)src + j * linesize,
bw * sizeof(*src));
pix = emu_buf[j * 16 + bw - 1];
for (k = bw; k < mb_width; k++)
emu_buf[j * 16 + k] = pix;
Reported by FlawFinder.
Line: 311
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
emu_buf[j * 16 + k] = pix;
}
for (; j < 16; j++)
memcpy(emu_buf + j * 16,
emu_buf + (bh - 1) * 16,
mb_width * sizeof(*emu_buf));
}
if (!is_chroma) {
ctx->fdct(&ctx->fdsp, esrc, elinesize, blocks);
Reported by FlawFinder.
Line: 355
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_w = FFMIN(w - x, slice_width);
copy_h = FFMIN(h - y, 16);
for (i = 0; i < copy_h; i++) {
memcpy(blocks, src, copy_w * sizeof(*src));
if (abits == 8)
for (j = 0; j < copy_w; j++)
blocks[j] >>= 2;
else
for (j = 0; j < copy_w; j++)
Reported by FlawFinder.
Line: 368
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += linesize >> 1;
}
for (; i < 16; i++) {
memcpy(blocks, blocks - slice_width, slice_width * sizeof(*blocks));
blocks += slice_width;
}
}
/**
Reported by FlawFinder.
Line: 1248
Column: 9
CWE codes:
126
ctx->quant_chroma_mat = prores_quant_matrices[ctx->quant_sel];
}
if (strlen(ctx->vendor) != 4) {
av_log(avctx, AV_LOG_ERROR, "vendor ID should be 4 bytes\n");
return AVERROR_INVALIDDATA;
}
ctx->force_quant = avctx->global_quality / FF_QP2LAMBDA;
Reported by FlawFinder.
libavfilter/af_atempo.c
5 issues
Line: 454
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (na) {
uint8_t *a = atempo->buffer + atempo->tail * atempo->stride;
memcpy(a, src, na * atempo->stride);
src += na * atempo->stride;
atempo->position[0] += na;
atempo->size = FFMIN(atempo->size + na, atempo->ring);
Reported by FlawFinder.
Line: 469
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nb) {
uint8_t *b = atempo->buffer;
memcpy(b, src, nb * atempo->stride);
src += nb * atempo->stride;
atempo->position[0] += nb;
atempo->size = FFMIN(atempo->size + nb, atempo->ring);
Reported by FlawFinder.
Line: 565
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n1 = nsamples - zeros - n0;
if (n0) {
memcpy(dst, a + i0 * atempo->stride, n0 * atempo->stride);
dst += n0 * atempo->stride;
}
if (n1) {
memcpy(dst, b + i1 * atempo->stride, n1 * atempo->stride);
Reported by FlawFinder.
Line: 570
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (n1) {
memcpy(dst, b + i1 * atempo->stride, n1 * atempo->stride);
}
return 0;
}
Reported by FlawFinder.
Line: 971
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_size = dst_end - dst;
nbytes = FFMIN(src_size, dst_size);
memcpy(dst, src, nbytes);
dst += nbytes;
atempo->position[1] += (nbytes / atempo->stride);
// pass-back the updated destination buffer pointer:
Reported by FlawFinder.
libavfilter/af_channelmap.c
5 issues
Line: 125
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ChannelMapContext *s = ctx->priv;
char *mapping, separator = '|';
int map_entries = 0;
char buf[256];
enum MappingMode mode;
uint64_t out_ch_mask = 0;
int i;
mapping = s->mapping_str;
Reported by FlawFinder.
Line: 307
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ch;
uint8_t *source_planes[MAX_CH];
memcpy(source_planes, buf->extended_data,
nch_in * sizeof(source_planes[0]));
if (nch_out > nch_in) {
if (nch_out > FF_ARRAY_ELEMS(buf->data)) {
uint8_t **new_extended_data =
Reported by FlawFinder.
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (buf->data != buf->extended_data)
memcpy(buf->data, buf->extended_data,
FFMIN(FF_ARRAY_ELEMS(buf->data), nch_out) * sizeof(buf->data[0]));
buf->channel_layout = outlink->channel_layout;
buf->channels = outlink->channels;
Reported by FlawFinder.
Line: 352
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nb_channels = inlink->channels;
int i, err = 0;
const char *channel_name;
char layout_name[256];
for (i = 0; i < s->nch; i++) {
struct ChannelMap *m = &s->map[i];
if (s->mode == MAP_PAIR_STR_INT || s->mode == MAP_PAIR_STR_STR) {
Reported by FlawFinder.
Line: 98
Column: 11
CWE codes:
126
next = split(*map, delim);
if (!next && delim == '-')
return AVERROR(EINVAL);
len = strlen(*map);
sscanf(*map, "%d%n", ch, &n);
if (n != len)
return AVERROR(EINVAL);
if (*ch < 0 || *ch > max_ch)
return AVERROR(EINVAL);
Reported by FlawFinder.
libavcodec/imc.c
5 issues
Line: 255
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avctx->codec_id == AV_CODEC_ID_IAC) {
iac_generate_tabs(q, avctx->sample_rate);
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
Reported by FlawFinder.
Line: 256
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iac_generate_tabs(q, avctx->sample_rate);
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
Reported by FlawFinder.
Line: 257
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
if (!fdsp)
Reported by FlawFinder.
Line: 258
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
if (!fdsp)
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 926
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
counter = 0;
if (stream_format_code & 0x1) {
for (i = 0; i < BANDS; i++) {
chctx->bandWidthT[i] = band_tab[i + 1] - band_tab[i];
Reported by FlawFinder.
libavfilter/af_aiir.c
5 issues
Line: 857
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
biquad_process(impulse, resp, length - 1,
1., 0., 0., biquad->a[1], biquad->a[2]);
memcpy(M + n * 2 * (length - 1), resp, sizeof(*resp) * (length - 1));
memcpy(M + n * 2 * (length - 1) + length, resp, sizeof(*resp) * (length - 2));
memset(resp, 0, length * sizeof(*resp));
}
solve(M, &y[1], length - 1, &impulse[1], resp, W);
Reported by FlawFinder.
Line: 858
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
1., 0., 0., biquad->a[1], biquad->a[2]);
memcpy(M + n * 2 * (length - 1), resp, sizeof(*resp) * (length - 1));
memcpy(M + n * 2 * (length - 1) + length, resp, sizeof(*resp) * (length - 2));
memset(resp, 0, length * sizeof(*resp));
}
solve(M, &y[1], length - 1, &impulse[1], resp, W);
Reported by FlawFinder.
Line: 980
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!temp0 || !temp1)
goto next;
memcpy(temp0, iir->ab[0], iir->nb_ab[0] * sizeof(*temp0));
memcpy(temp1, iir->ab[1], iir->nb_ab[1] * sizeof(*temp1));
for (int n = 0; n < iir->nb_ab[0]; n++)
iir->ab[0][n] = coef_sf2zf(temp0, iir->nb_ab[0] - 1, n);
Reported by FlawFinder.
Line: 981
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto next;
memcpy(temp0, iir->ab[0], iir->nb_ab[0] * sizeof(*temp0));
memcpy(temp1, iir->ab[1], iir->nb_ab[1] * sizeof(*temp1));
for (int n = 0; n < iir->nb_ab[0]; n++)
iir->ab[0][n] = coef_sf2zf(temp0, iir->nb_ab[0] - 1, n);
for (int n = 0; n < iir->nb_ab[1]; n++)
Reported by FlawFinder.
Line: 1148
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
double *mag, *phase, *temp, *delay, min = DBL_MAX, max = -DBL_MAX;
double min_delay = DBL_MAX, max_delay = -DBL_MAX, min_phase, max_phase;
int prev_ymag = -1, prev_yphase = -1, prev_ydelay = -1;
char text[32];
int ch, i;
memset(out->data[0], 0, s->h * out->linesize[0]);
phase = av_malloc_array(s->w, sizeof(*phase));
Reported by FlawFinder.