The following issues were found
libavcodec/proresenc_kostya.c
5 issues
Line: 303
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bh = FFMIN(h - y, 16);
for (j = 0; j < bh; j++) {
memcpy(emu_buf + j * 16,
(const uint8_t*)src + j * linesize,
bw * sizeof(*src));
pix = emu_buf[j * 16 + bw - 1];
for (k = bw; k < mb_width; k++)
emu_buf[j * 16 + k] = pix;
Reported by FlawFinder.
Line: 311
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
emu_buf[j * 16 + k] = pix;
}
for (; j < 16; j++)
memcpy(emu_buf + j * 16,
emu_buf + (bh - 1) * 16,
mb_width * sizeof(*emu_buf));
}
if (!is_chroma) {
ctx->fdct(&ctx->fdsp, esrc, elinesize, blocks);
Reported by FlawFinder.
Line: 355
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_w = FFMIN(w - x, slice_width);
copy_h = FFMIN(h - y, 16);
for (i = 0; i < copy_h; i++) {
memcpy(blocks, src, copy_w * sizeof(*src));
if (abits == 8)
for (j = 0; j < copy_w; j++)
blocks[j] >>= 2;
else
for (j = 0; j < copy_w; j++)
Reported by FlawFinder.
Line: 368
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += linesize >> 1;
}
for (; i < 16; i++) {
memcpy(blocks, blocks - slice_width, slice_width * sizeof(*blocks));
blocks += slice_width;
}
}
/**
Reported by FlawFinder.
Line: 1248
Column: 9
CWE codes:
126
ctx->quant_chroma_mat = prores_quant_matrices[ctx->quant_sel];
}
if (strlen(ctx->vendor) != 4) {
av_log(avctx, AV_LOG_ERROR, "vendor ID should be 4 bytes\n");
return AVERROR_INVALIDDATA;
}
ctx->force_quant = avctx->global_quality / FF_QP2LAMBDA;
Reported by FlawFinder.
libavcodec/imc.c
5 issues
Line: 255
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avctx->codec_id == AV_CODEC_ID_IAC) {
iac_generate_tabs(q, avctx->sample_rate);
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
Reported by FlawFinder.
Line: 256
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iac_generate_tabs(q, avctx->sample_rate);
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
Reported by FlawFinder.
Line: 257
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
if (!fdsp)
Reported by FlawFinder.
Line: 258
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(q->cyclTab, cyclTab, sizeof(cyclTab));
memcpy(q->cyclTab2, cyclTab2, sizeof(cyclTab2));
memcpy(q->weights1, imc_weights1, sizeof(imc_weights1));
memcpy(q->weights2, imc_weights2, sizeof(imc_weights2));
}
fdsp = avpriv_float_dsp_alloc(avctx->flags & AV_CODEC_FLAG_BITEXACT);
if (!fdsp)
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 926
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
counter = 0;
if (stream_format_code & 0x1) {
for (i = 0; i < BANDS; i++) {
chctx->bandWidthT[i] = band_tab[i + 1] - band_tab[i];
Reported by FlawFinder.
libavfilter/vf_bm3d.c
5 issues
Line: 427
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < block_size; i++) {
memcpy(buffer + k * buffer_linesize + i * block_size,
bufferv + i * block_size, block_size * 4);
}
}
for (i = 0; i < block_size; i++) {
Reported by FlawFinder.
Line: 485
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *den = sc->den + y * width + x;
for (i = 0; i < block_size; i++) {
memcpy(bufferv + i * block_size,
buffer + k * buffer_linesize + i * block_size,
block_size * 4);
}
for (i = 0; i < block_size; i++) {
Reported by FlawFinder.
Line: 554
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < block_size; i++) {
memcpy(buffer + k * buffer_linesize + i * block_size,
bufferv + i * block_size, block_size * 4);
memcpy(rbuffer + k * buffer_linesize + i * block_size,
rbufferv + i * block_size, block_size * 4);
}
}
Reported by FlawFinder.
Line: 556
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < block_size; i++) {
memcpy(buffer + k * buffer_linesize + i * block_size,
bufferv + i * block_size, block_size * 4);
memcpy(rbuffer + k * buffer_linesize + i * block_size,
rbufferv + i * block_size, block_size * 4);
}
}
for (i = 0; i < block_size; i++) {
Reported by FlawFinder.
Line: 617
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *den = sc->den + y * width + x;
for (i = 0; i < block_size; i++) {
memcpy(bufferv + i * block_size,
buffer + k * buffer_linesize + i * block_size,
block_size * 4);
}
for (i = 0; i < block_size; i++) {
Reported by FlawFinder.
libavformat/tests/url.c
5 issues
Line: 52
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test(const char *base, const char *rel)
{
char buf[200], buf2[200], buf_dos[200], buf_native[200];
int ret;
ret = ff_make_absolute_url2(buf, sizeof(buf), base, rel, 0);
if (ret < 0) {
printf("%50s %-20s => error %s\n", base, rel, av_err2str(ret));
Reported by FlawFinder.
Line: 85
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test2(const char *url)
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
Reported by FlawFinder.
Line: 86
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test2(const char *url)
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
Reported by FlawFinder.
Line: 87
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
printf("%-60s => %-15s %-15s %-15s %5d %s\n", url, proto, auth, host, port, path);
Reported by FlawFinder.
Line: 88
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
printf("%-60s => %-15s %-15s %-15s %5d %s\n", url, proto, auth, host, port, path);
}
Reported by FlawFinder.
libavfilter/af_aiir.c
5 issues
Line: 857
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
biquad_process(impulse, resp, length - 1,
1., 0., 0., biquad->a[1], biquad->a[2]);
memcpy(M + n * 2 * (length - 1), resp, sizeof(*resp) * (length - 1));
memcpy(M + n * 2 * (length - 1) + length, resp, sizeof(*resp) * (length - 2));
memset(resp, 0, length * sizeof(*resp));
}
solve(M, &y[1], length - 1, &impulse[1], resp, W);
Reported by FlawFinder.
Line: 858
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
1., 0., 0., biquad->a[1], biquad->a[2]);
memcpy(M + n * 2 * (length - 1), resp, sizeof(*resp) * (length - 1));
memcpy(M + n * 2 * (length - 1) + length, resp, sizeof(*resp) * (length - 2));
memset(resp, 0, length * sizeof(*resp));
}
solve(M, &y[1], length - 1, &impulse[1], resp, W);
Reported by FlawFinder.
Line: 980
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!temp0 || !temp1)
goto next;
memcpy(temp0, iir->ab[0], iir->nb_ab[0] * sizeof(*temp0));
memcpy(temp1, iir->ab[1], iir->nb_ab[1] * sizeof(*temp1));
for (int n = 0; n < iir->nb_ab[0]; n++)
iir->ab[0][n] = coef_sf2zf(temp0, iir->nb_ab[0] - 1, n);
Reported by FlawFinder.
Line: 981
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto next;
memcpy(temp0, iir->ab[0], iir->nb_ab[0] * sizeof(*temp0));
memcpy(temp1, iir->ab[1], iir->nb_ab[1] * sizeof(*temp1));
for (int n = 0; n < iir->nb_ab[0]; n++)
iir->ab[0][n] = coef_sf2zf(temp0, iir->nb_ab[0] - 1, n);
for (int n = 0; n < iir->nb_ab[1]; n++)
Reported by FlawFinder.
Line: 1148
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
double *mag, *phase, *temp, *delay, min = DBL_MAX, max = -DBL_MAX;
double min_delay = DBL_MAX, max_delay = -DBL_MAX, min_phase, max_phase;
int prev_ymag = -1, prev_yphase = -1, prev_ydelay = -1;
char text[32];
int ch, i;
memset(out->data[0], 0, s->h * out->linesize[0]);
phase = av_malloc_array(s->w, sizeof(*phase));
Reported by FlawFinder.
libavfilter/af_afir.c
5 issues
Line: 141
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block = (float *)seg->block->extended_data[ch] + seg->part_index[ch] * seg->block_size;
memset(block + seg->part_size, 0, sizeof(*block) * (seg->fft_length - seg->part_size));
memcpy(block, src, sizeof(*src) * seg->part_size);
av_rdft_calc(seg->rdft[ch], block);
block[2 * seg->part_size] = block[1];
block[1] = 0;
Reported by FlawFinder.
Line: 167
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf = (float *)seg->buffer->extended_data[ch];
fir_fadd(s, buf, sum, seg->part_size);
memcpy(dst, buf, seg->part_size * sizeof(*dst));
buf = (float *)seg->buffer->extended_data[ch];
memcpy(buf, sum + seg->part_size, seg->part_size * sizeof(*buf));
seg->part_index[ch] = (seg->part_index[ch] + 1) % seg->nb_partitions;
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, buf, seg->part_size * sizeof(*dst));
buf = (float *)seg->buffer->extended_data[ch];
memcpy(buf, sum + seg->part_size, seg->part_size * sizeof(*buf));
seg->part_index[ch] = (seg->part_index[ch] + 1) % seg->nb_partitions;
memmove(src, src + s->min_part_size, (seg->input_size - s->min_part_size) * sizeof(*src));
Reported by FlawFinder.
Line: 296
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
float *mag, *phase, *delay, min = FLT_MAX, max = FLT_MIN;
float min_delay = FLT_MAX, max_delay = FLT_MIN;
int prev_ymag = -1, prev_yphase = -1, prev_ydelay = -1;
char text[32];
int channel, i, x;
memset(out->data[0], 0, s->h * out->linesize[0]);
phase = av_malloc_array(s->w, sizeof(*phase));
Reported by FlawFinder.
Line: 581
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(block, 0, sizeof(*block) * seg->fft_length);
memcpy(block, time + toffset, size * sizeof(*block));
av_rdft_calc(seg->rdft[0], block);
coeff[coffset].re = block[0] * scale;
coeff[coffset].im = 0;
Reported by FlawFinder.
libavformat/dxa.c
5 issues
Line: 185
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_new_packet(pkt, 4 + pal_size)) < 0)
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
case MKTAG('C', 'M', 'A', 'P'):
Reported by FlawFinder.
Line: 193
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
case MKTAG('C', 'M', 'A', 'P'):
pal_size = 768+4;
memcpy(pal, buf, 4);
avio_read(s->pb, pal + 4, 768);
break;
case MKTAG('F', 'R', 'A', 'M'):
if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
Reported by FlawFinder.
Line: 210
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size + DXA_EXTRA_SIZE + pal_size);
if (ret < 0)
return ret;
memcpy(pkt->data + pal_size, buf, DXA_EXTRA_SIZE);
ret = avio_read(s->pb, pkt->data + DXA_EXTRA_SIZE + pal_size, size);
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
Reported by FlawFinder.
Line: 215
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
pkt->stream_index = 0;
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.
libavcodec/opusenc_psy.c
5 issues
Line: 42
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *Y_orig = f->block[1].coeffs + (ff_celt_freq_bands[band] << f->size);
OPUS_RC_CHECKPOINT_SPAWN(rc);
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
Reported by FlawFinder.
Line: 44
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
int curr_balance = f->remaining / FFMIN(3, f->coded_bands - band);
b = av_clip_uintp2(FFMIN(f->remaining2 + 1, f->pulses[band] + curr_balance), 14);
Reported by FlawFinder.
Line: 91
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 1; i <= FFMIN(lap_size, index); i++) {
const int offset = i*120;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index - i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
Reported by FlawFinder.
Line: 96
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
s->dsp->vector_fmul(s->scratch, s->scratch, s->window[s->bsize_analysis],
(OPUS_BLOCK_SIZE(s->bsize_analysis) << 1));
Reported by FlawFinder.
Line: 450
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
f->tf_select = score[0] < score[1];
memcpy(f->tf_change, config[f->tf_select], sizeof(int)*CELT_MAX_BANDS);
return 0;
}
int ff_opus_psy_celt_frame_process(OpusPsyContext *s, CeltFrame *f, int index)
Reported by FlawFinder.
libavcodec/hevc_filter.c
5 issues
Line: 200
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int h = s->ps.sps->height >> s->ps.sps->vshift[c_idx];
/* copy horizontal edges */
memcpy(s->sao_pixel_buffer_h[c_idx] + (((2 * y_ctb) * w + x) << sh),
src, width << sh);
memcpy(s->sao_pixel_buffer_h[c_idx] + (((2 * y_ctb + 1) * w + x) << sh),
src + stride_src * (height - 1), width << sh);
/* copy vertical edges */
Reported by FlawFinder.
Line: 202
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy horizontal edges */
memcpy(s->sao_pixel_buffer_h[c_idx] + (((2 * y_ctb) * w + x) << sh),
src, width << sh);
memcpy(s->sao_pixel_buffer_h[c_idx] + (((2 * y_ctb + 1) * w + x) << sh),
src + stride_src * (height - 1), width << sh);
/* copy vertical edges */
copy_vert(s->sao_pixel_buffer_v[c_idx] + (((2 * x_ctb) * h + y) << sh), src, sh, height, 1 << sh, stride_src);
Reported by FlawFinder.
Line: 234
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *src = src1 + (((y << s->ps.sps->log2_min_pu_size) - y0) >> vshift) * stride_src + ((((x << s->ps.sps->log2_min_pu_size) - x0) >> hshift) << s->ps.sps->pixel_shift);
const uint8_t *dst = dst1 + (((y << s->ps.sps->log2_min_pu_size) - y0) >> vshift) * stride_dst + ((((x << s->ps.sps->log2_min_pu_size) - x0) >> hshift) << s->ps.sps->pixel_shift);
for (n = 0; n < (min_pu_size >> vshift); n++) {
memcpy(src, dst, len);
src += stride_src;
dst += stride_dst;
}
}
}
Reported by FlawFinder.
Line: 373
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
src_idx = (CTB(s->sao, x_ctb, y_ctb-1).type_idx[c_idx] ==
SAO_APPLIED);
memcpy(dst1 + pos, src1[src_idx] + pos, width << sh);
if (right) {
pos += width << sh;
src_idx = (CTB(s->sao, x_ctb+1, y_ctb-1).type_idx[c_idx] ==
SAO_APPLIED);
copy_pixel(dst1 + pos, src1[src_idx] + pos, sh);
Reported by FlawFinder.
Line: 400
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
src_idx = (CTB(s->sao, x_ctb, y_ctb+1).type_idx[c_idx] ==
SAO_APPLIED);
memcpy(dst1 + pos, src1[src_idx] + pos, width << sh);
if (right) {
pos += width << sh;
src_idx = (CTB(s->sao, x_ctb+1, y_ctb+1).type_idx[c_idx] ==
SAO_APPLIED);
copy_pixel(dst1 + pos, src1[src_idx] + pos, sh);
Reported by FlawFinder.
libavcodec/cbs_jpeg.c
5 issues
Line: 209
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data)
return AVERROR(ENOMEM);
memcpy(data, frag->data + start, length);
for (i = start + length, j = length; i < end; i++, j++) {
if (frag->data[i] == 0xff) {
while (frag->data[i] == 0xff)
++i;
data[j] = 0xff;
Reported by FlawFinder.
Line: 347
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flush_put_bits(pbc);
memcpy(put_bits_ptr(pbc), scan->data, scan->data_size);
skip_put_bytes(pbc, scan->data_size);
}
return 0;
}
Reported by FlawFinder.
Line: 430
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data[dp++] = unit->type;
if (unit->type != JPEG_MARKER_SOS) {
memcpy(data + dp, unit->data, unit->data_size);
dp += unit->data_size;
} else {
sp = AV_RB16(unit->data);
av_assert0(sp <= unit->data_size);
memcpy(data + dp, unit->data, sp);
Reported by FlawFinder.
Line: 435
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
sp = AV_RB16(unit->data);
av_assert0(sp <= unit->data_size);
memcpy(data + dp, unit->data, sp);
dp += sp;
for (; sp < unit->data_size; sp++) {
if (unit->data[sp] == 0xff) {
data[dp++] = 0xff;
Reported by FlawFinder.
Line: 43
Column: 19
CWE codes:
120
20
#define READ
#define READWRITE read
#define RWContext GetBitContext
#define FUNC(name) cbs_jpeg_read_ ## name
#define xu(width, name, range_min, range_max, subs, ...) do { \
uint32_t value; \
Reported by FlawFinder.