The following issues were found
libavcodec/mlpenc.c
5 issues
Line: 1954
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
****************************************************************************/
typedef struct {
char path[MAJOR_HEADER_INTERVAL + 2];
int cur_idx;
int bitcount;
} PathCounter;
#define CODEBOOK_CHANGE_BITS 21
Reported by FlawFinder.
Line: 2045
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (temp_bitcount < prev_best_bitcount) {
prev_best_bitcount = temp_bitcount;
if (src_path != dst_path)
memcpy(dst_path, src_path, sizeof(PathCounter));
if (dst_path->cur_idx < FF_ARRAY_ELEMS(dst_path->path) - 1)
dst_path->path[++dst_path->cur_idx] = codebook;
dst_path->bitcount = temp_bitcount;
}
}
Reported by FlawFinder.
Line: 2055
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prev_bo = cur_bo;
memcpy(&path_counter[NUM_CODEBOOKS], &path_counter[best_codebook], sizeof(PathCounter));
}
best_path = path_counter[NUM_CODEBOOKS].path + 1;
/* Update context. */
Reported by FlawFinder.
Line: 2096
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ctx->seq_offset[ctx->restart_intervals - 1])*(ctx->avctx->channels);
unsigned int channel;
for (index = 0; index < ctx->seq_size[ctx->restart_intervals-1]; index++) {
memcpy(&ctx->major_decoding_params[index][substr], seq_dp + index*(ctx->num_substreams) + substr, sizeof(DecodingParams));
for (channel = 0; channel < ctx->avctx->channels; channel++) {
uint8_t huff_lsbs = (seq_cp + index*(ctx->avctx->channels) + channel)->huff_lsbs;
if (max_huff_lsbs < huff_lsbs)
max_huff_lsbs = huff_lsbs;
memcpy(&ctx->major_channel_params[index][channel],
Reported by FlawFinder.
Line: 2101
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t huff_lsbs = (seq_cp + index*(ctx->avctx->channels) + channel)->huff_lsbs;
if (max_huff_lsbs < huff_lsbs)
max_huff_lsbs = huff_lsbs;
memcpy(&ctx->major_channel_params[index][channel],
(seq_cp + index*(ctx->avctx->channels) + channel),
sizeof(ChannelParams));
}
}
}
Reported by FlawFinder.
libavdevice/vfwcap.c
5 issues
Line: 204
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pktl_next->pkt.pts = vdhdr->dwTimeCaptured;
memcpy(pktl_next->pkt.data, vdhdr->lpData, vdhdr->dwBytesUsed);
for(ppktl = &ctx->pktl ; *ppktl ; ppktl = &(*ppktl)->next);
*ppktl = pktl_next;
ctx->curbufsize += vdhdr->dwBytesUsed;
Reported by FlawFinder.
Line: 262
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!strcmp(s->url, "list")) {
for (devnum = 0; devnum <= 9; devnum++) {
char driver_name[256];
char driver_ver[256];
ret = capGetDriverDescription(devnum,
driver_name, sizeof(driver_name),
driver_ver, sizeof(driver_ver));
if (ret) {
Reported by FlawFinder.
Line: 263
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!strcmp(s->url, "list")) {
for (devnum = 0; devnum <= 9; devnum++) {
char driver_name[256];
char driver_ver[256];
ret = capGetDriverDescription(devnum,
driver_name, sizeof(driver_name),
driver_ver, sizeof(driver_ver));
if (ret) {
av_log(s, AV_LOG_INFO, "Driver %d\n", devnum);
Reported by FlawFinder.
Line: 283
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
/* If atoi fails, devnum==0 and the default device is used */
devnum = atoi(s->url);
ret = SendMessage(ctx->hwnd, WM_CAP_DRIVER_CONNECT, devnum, 0);
if(!ret) {
av_log(s, AV_LOG_ERROR, "Could not connect to device.\n");
DestroyWindow(ctx->hwnd);
Reported by FlawFinder.
Line: 406
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
par->extradata = av_malloc(9 + AV_INPUT_BUFFER_PADDING_SIZE);
if (par->extradata) {
par->extradata_size = 9;
memcpy(par->extradata, "BottomUp", 9);
}
}
}
av_freep(&bi);
Reported by FlawFinder.
libavcodec/mlpdec.c
5 issues
Line: 934
CWE codes:
908
SubStream *s = &m->substream[substr];
const int32_t *fircoeff = s->channel_params[channel].coeff[FIR];
int32_t state_buffer[NUM_FILTERS][MAX_BLOCKSIZE + MAX_FIR_ORDER];
int32_t *firbuf = state_buffer[FIR] + MAX_BLOCKSIZE;
int32_t *iirbuf = state_buffer[IIR] + MAX_BLOCKSIZE;
FilterParams *fir = &s->channel_params[channel].filter_params[FIR];
FilterParams *iir = &s->channel_params[channel].filter_params[IIR];
unsigned int filter_shift = fir->shift;
int32_t mask = MSB_MASK(s->quant_step_size[channel]);
Reported by Cppcheck.
Line: 941
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int filter_shift = fir->shift;
int32_t mask = MSB_MASK(s->quant_step_size[channel]);
memcpy(firbuf, fir->state, MAX_FIR_ORDER * sizeof(int32_t));
memcpy(iirbuf, iir->state, MAX_IIR_ORDER * sizeof(int32_t));
m->dsp.mlp_filter_channel(firbuf, fircoeff,
fir->order, iir->order,
filter_shift, mask, s->blocksize,
Reported by FlawFinder.
Line: 942
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int32_t mask = MSB_MASK(s->quant_step_size[channel]);
memcpy(firbuf, fir->state, MAX_FIR_ORDER * sizeof(int32_t));
memcpy(iirbuf, iir->state, MAX_IIR_ORDER * sizeof(int32_t));
m->dsp.mlp_filter_channel(firbuf, fircoeff,
fir->order, iir->order,
filter_shift, mask, s->blocksize,
&m->sample_buffer[s->blockpos][channel]);
Reported by FlawFinder.
Line: 949
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
filter_shift, mask, s->blocksize,
&m->sample_buffer[s->blockpos][channel]);
memcpy(fir->state, firbuf - s->blocksize, MAX_FIR_ORDER * sizeof(int32_t));
memcpy(iir->state, iirbuf - s->blocksize, MAX_IIR_ORDER * sizeof(int32_t));
}
/** Read a block of PCM residual data (or actual if no filtering active). */
Reported by FlawFinder.
Line: 950
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&m->sample_buffer[s->blockpos][channel]);
memcpy(fir->state, firbuf - s->blocksize, MAX_FIR_ORDER * sizeof(int32_t));
memcpy(iir->state, iirbuf - s->blocksize, MAX_IIR_ORDER * sizeof(int32_t));
}
/** Read a block of PCM residual data (or actual if no filtering active). */
static int read_block_data(MLPDecodeContext *m, GetBitContext *gbp,
Reported by FlawFinder.
libavcodec/opusenc_psy.c
5 issues
Line: 42
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *Y_orig = f->block[1].coeffs + (ff_celt_freq_bands[band] << f->size);
OPUS_RC_CHECKPOINT_SPAWN(rc);
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
Reported by FlawFinder.
Line: 44
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
int curr_balance = f->remaining / FFMIN(3, f->coded_bands - band);
b = av_clip_uintp2(FFMIN(f->remaining2 + 1, f->pulses[band] + curr_balance), 14);
Reported by FlawFinder.
Line: 91
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 1; i <= FFMIN(lap_size, index); i++) {
const int offset = i*120;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index - i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
Reported by FlawFinder.
Line: 96
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
s->dsp->vector_fmul(s->scratch, s->scratch, s->window[s->bsize_analysis],
(OPUS_BLOCK_SIZE(s->bsize_analysis) << 1));
Reported by FlawFinder.
Line: 450
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
f->tf_select = score[0] < score[1];
memcpy(f->tf_change, config[f->tf_select], sizeof(int)*CELT_MAX_BANDS);
return 0;
}
int ff_opus_psy_celt_frame_process(OpusPsyContext *s, CeltFrame *f, int index)
Reported by FlawFinder.
libavfilter/af_afir.c
5 issues
Line: 141
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block = (float *)seg->block->extended_data[ch] + seg->part_index[ch] * seg->block_size;
memset(block + seg->part_size, 0, sizeof(*block) * (seg->fft_length - seg->part_size));
memcpy(block, src, sizeof(*src) * seg->part_size);
av_rdft_calc(seg->rdft[ch], block);
block[2 * seg->part_size] = block[1];
block[1] = 0;
Reported by FlawFinder.
Line: 167
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf = (float *)seg->buffer->extended_data[ch];
fir_fadd(s, buf, sum, seg->part_size);
memcpy(dst, buf, seg->part_size * sizeof(*dst));
buf = (float *)seg->buffer->extended_data[ch];
memcpy(buf, sum + seg->part_size, seg->part_size * sizeof(*buf));
seg->part_index[ch] = (seg->part_index[ch] + 1) % seg->nb_partitions;
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, buf, seg->part_size * sizeof(*dst));
buf = (float *)seg->buffer->extended_data[ch];
memcpy(buf, sum + seg->part_size, seg->part_size * sizeof(*buf));
seg->part_index[ch] = (seg->part_index[ch] + 1) % seg->nb_partitions;
memmove(src, src + s->min_part_size, (seg->input_size - s->min_part_size) * sizeof(*src));
Reported by FlawFinder.
Line: 296
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
float *mag, *phase, *delay, min = FLT_MAX, max = FLT_MIN;
float min_delay = FLT_MAX, max_delay = FLT_MIN;
int prev_ymag = -1, prev_yphase = -1, prev_ydelay = -1;
char text[32];
int channel, i, x;
memset(out->data[0], 0, s->h * out->linesize[0]);
phase = av_malloc_array(s->w, sizeof(*phase));
Reported by FlawFinder.
Line: 581
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(block, 0, sizeof(*block) * seg->fft_length);
memcpy(block, time + toffset, size * sizeof(*block));
av_rdft_calc(seg->rdft[0], block);
coeff[coffset].re = block[0] * scale;
coeff[coffset].im = 0;
Reported by FlawFinder.
libavcodec/opus_celt.c
5 issues
Line: 213
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
celt_postfilter_apply_transition(block, block->buf + 1024);
block->pf_period_old = block->pf_period;
memcpy(block->pf_gains_old, block->pf_gains, sizeof(block->pf_gains));
block->pf_period = block->pf_period_new;
memcpy(block->pf_gains, block->pf_gains_new, sizeof(block->pf_gains));
if (len > CELT_OVERLAP) {
Reported by FlawFinder.
Line: 227
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
filter_len);
block->pf_period_old = block->pf_period;
memcpy(block->pf_gains_old, block->pf_gains, sizeof(block->pf_gains));
}
memmove(block->buf, block->buf + len, (1024 + CELT_OVERLAP / 2) * sizeof(float));
}
Reported by FlawFinder.
Line: 422
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
f->dsp->vector_fmac_scalar(f->block[0].coeffs, f->block[1].coeffs, 1.0, FFALIGN(frame_size, 16));
downmix = 1;
} else if (f->output_channels > f->channels)
memcpy(f->block[1].coeffs, f->block[0].coeffs, frame_size * sizeof(float));
if (f->silence) {
for (i = 0; i < 2; i++) {
CeltBlock *block = &f->block[i];
Reported by FlawFinder.
Line: 462
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (channels == 1)
memcpy(f->block[1].energy, f->block[0].energy, sizeof(f->block[0].energy));
for (i = 0; i < 2; i++ ) {
CeltBlock *block = &f->block[i];
if (!f->transient) {
Reported by FlawFinder.
Line: 468
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CeltBlock *block = &f->block[i];
if (!f->transient) {
memcpy(block->prev_energy[1], block->prev_energy[0], sizeof(block->prev_energy[0]));
memcpy(block->prev_energy[0], block->energy, sizeof(block->prev_energy[0]));
} else {
for (j = 0; j < CELT_MAX_BANDS; j++)
block->prev_energy[0][j] = FFMIN(block->prev_energy[0][j], block->energy[j]);
}
Reported by FlawFinder.
libavformat/srtp.c
5 issues
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *out, int outlen)
{
uint8_t input[16] = { 0 };
memcpy(input, salt, 14);
// Key derivation rate assumed to be zero
input[14 - 7] ^= label;
memset(out, 0, outlen);
encrypt_counter(aes, input, out, outlen);
}
Reported by FlawFinder.
Line: 96
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->hmac = av_hmac_alloc(AV_HMAC_SHA1);
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
Reported by FlawFinder.
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, sizeof(s->rtp_key));
Reported by FlawFinder.
Line: 259
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len + padding > outlen)
return 0;
memcpy(out, in, len);
buf = out;
if (rtcp) {
ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++;
Reported by FlawFinder.
Line: 322
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
memcpy(buf + len, hmac, hmac_size);
len += hmac_size;
return buf + len - out;
}
Reported by FlawFinder.
libavcodec/opusenc.c
5 issues
Line: 131
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CeltBlock *b = &f->block[ch];
const void *input = cur->extended_data[ch];
size_t bps = av_get_bytes_per_sample(cur->format);
memcpy(b->overlap, input, bps*cur->nb_samples);
}
av_frame_free(&cur);
for (int sf = 0; sf < subframes; sf++) {
Reported by FlawFinder.
Line: 148
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t bps = av_get_bytes_per_sample(cur->format);
const size_t left = (subframesize - cur->nb_samples)*bps;
const size_t len = FFMIN(subframesize, cur->nb_samples)*bps;
memcpy(&b->samples[sf*subframesize], input, len);
memset(&b->samples[cur->nb_samples], 0, left);
}
/* Last frame isn't popped off and freed yet - we need it for overlap */
if (sf != (subframes - 1))
Reported by FlawFinder.
Line: 219
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Overlap */
s->dsp->vector_fmul(temp, b->overlap, ff_celt_window, 128);
memcpy(win + lap_dst, temp, CELT_OVERLAP*sizeof(float));
/* Samples, flat top window */
memcpy(&win[lap_dst + CELT_OVERLAP], b->samples, rwin*sizeof(float));
/* Samples, windowed */
Reported by FlawFinder.
Line: 222
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(win + lap_dst, temp, CELT_OVERLAP*sizeof(float));
/* Samples, flat top window */
memcpy(&win[lap_dst + CELT_OVERLAP], b->samples, rwin*sizeof(float));
/* Samples, windowed */
s->dsp->vector_fmul_reverse(temp, b->samples + rwin,
ff_celt_window - 8, 128);
memcpy(win + lap_dst + blk_len, temp, CELT_OVERLAP*sizeof(float));
Reported by FlawFinder.
Line: 227
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Samples, windowed */
s->dsp->vector_fmul_reverse(temp, b->samples + rwin,
ff_celt_window - 8, 128);
memcpy(win + lap_dst + blk_len, temp, CELT_OVERLAP*sizeof(float));
s->mdct[f->size]->mdct(s->mdct[f->size], b->coeffs, win, 1);
}
}
Reported by FlawFinder.
libavcodec/mediacodecdec.c
5 issues
Line: 87
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*out = p;
*out_size = sizeof(nalu_header) + src_size;
memcpy(p, nalu_header, sizeof(nalu_header));
memcpy(p + sizeof(nalu_header), src, src_size);
/* Escape 0x00, 0x00, 0x0{0-3} pattern */
for (i = 4; i < *out_size; i++) {
if (i < *out_size - 3 &&
Reported by FlawFinder.
Line: 88
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*out_size = sizeof(nalu_header) + src_size;
memcpy(p, nalu_header, sizeof(nalu_header));
memcpy(p + sizeof(nalu_header), src, src_size);
/* Escape 0x00, 0x00, 0x0{0-3} pattern */
for (i = 4; i < *out_size; i++) {
if (i < *out_size - 3 &&
p[i + 0] == 0 &&
Reported by FlawFinder.
Line: 252
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(data , vps_data, vps_data_size);
memcpy(data + vps_data_size , sps_data, sps_data_size);
memcpy(data + vps_data_size + sps_data_size, pps_data, pps_data_size);
ff_AMediaFormat_setBuffer(format, "csd-0", data, data_size);
Reported by FlawFinder.
Line: 253
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(data , vps_data, vps_data_size);
memcpy(data + vps_data_size , sps_data, sps_data_size);
memcpy(data + vps_data_size + sps_data_size, pps_data, pps_data_size);
ff_AMediaFormat_setBuffer(format, "csd-0", data, data_size);
av_freep(&data);
Reported by FlawFinder.
Line: 254
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(data , vps_data, vps_data_size);
memcpy(data + vps_data_size , sps_data, sps_data_size);
memcpy(data + vps_data_size + sps_data_size, pps_data, pps_data_size);
ff_AMediaFormat_setBuffer(format, "csd-0", data, data_size);
av_freep(&data);
} else {
Reported by FlawFinder.
libavformat/dxa.c
5 issues
Line: 185
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_new_packet(pkt, 4 + pal_size)) < 0)
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
case MKTAG('C', 'M', 'A', 'P'):
Reported by FlawFinder.
Line: 193
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
case MKTAG('C', 'M', 'A', 'P'):
pal_size = 768+4;
memcpy(pal, buf, 4);
avio_read(s->pb, pal + 4, 768);
break;
case MKTAG('F', 'R', 'A', 'M'):
if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
Reported by FlawFinder.
Line: 210
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size + DXA_EXTRA_SIZE + pal_size);
if (ret < 0)
return ret;
memcpy(pkt->data + pal_size, buf, DXA_EXTRA_SIZE);
ret = avio_read(s->pb, pkt->data + DXA_EXTRA_SIZE + pal_size, size);
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
Reported by FlawFinder.
Line: 215
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
pkt->stream_index = 0;
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.