The following issues were found
libavcodec/opusenc.c
5 issues
Line: 131
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CeltBlock *b = &f->block[ch];
const void *input = cur->extended_data[ch];
size_t bps = av_get_bytes_per_sample(cur->format);
memcpy(b->overlap, input, bps*cur->nb_samples);
}
av_frame_free(&cur);
for (int sf = 0; sf < subframes; sf++) {
Reported by FlawFinder.
Line: 148
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t bps = av_get_bytes_per_sample(cur->format);
const size_t left = (subframesize - cur->nb_samples)*bps;
const size_t len = FFMIN(subframesize, cur->nb_samples)*bps;
memcpy(&b->samples[sf*subframesize], input, len);
memset(&b->samples[cur->nb_samples], 0, left);
}
/* Last frame isn't popped off and freed yet - we need it for overlap */
if (sf != (subframes - 1))
Reported by FlawFinder.
Line: 219
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Overlap */
s->dsp->vector_fmul(temp, b->overlap, ff_celt_window, 128);
memcpy(win + lap_dst, temp, CELT_OVERLAP*sizeof(float));
/* Samples, flat top window */
memcpy(&win[lap_dst + CELT_OVERLAP], b->samples, rwin*sizeof(float));
/* Samples, windowed */
Reported by FlawFinder.
Line: 222
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(win + lap_dst, temp, CELT_OVERLAP*sizeof(float));
/* Samples, flat top window */
memcpy(&win[lap_dst + CELT_OVERLAP], b->samples, rwin*sizeof(float));
/* Samples, windowed */
s->dsp->vector_fmul_reverse(temp, b->samples + rwin,
ff_celt_window - 8, 128);
memcpy(win + lap_dst + blk_len, temp, CELT_OVERLAP*sizeof(float));
Reported by FlawFinder.
Line: 227
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Samples, windowed */
s->dsp->vector_fmul_reverse(temp, b->samples + rwin,
ff_celt_window - 8, 128);
memcpy(win + lap_dst + blk_len, temp, CELT_OVERLAP*sizeof(float));
s->mdct[f->size]->mdct(s->mdct[f->size], b->coeffs, win, 1);
}
}
Reported by FlawFinder.
libavformat/tests/url.c
5 issues
Line: 52
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test(const char *base, const char *rel)
{
char buf[200], buf2[200], buf_dos[200], buf_native[200];
int ret;
ret = ff_make_absolute_url2(buf, sizeof(buf), base, rel, 0);
if (ret < 0) {
printf("%50s %-20s => error %s\n", base, rel, av_err2str(ret));
Reported by FlawFinder.
Line: 85
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test2(const char *url)
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
Reported by FlawFinder.
Line: 86
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test2(const char *url)
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
Reported by FlawFinder.
Line: 87
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
printf("%-60s => %-15s %-15s %-15s %5d %s\n", url, proto, auth, host, port, path);
Reported by FlawFinder.
Line: 88
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char proto[64];
char auth[256];
char host[256];
char path[256];
int port=-1;
av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
printf("%-60s => %-15s %-15s %-15s %5d %s\n", url, proto, auth, host, port, path);
}
Reported by FlawFinder.
libavformat/tls.c
5 issues
Line: 92
Column: 50
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!c->host && !(c->host = av_strdup(c->underlying_host)))
return AVERROR(ENOMEM);
proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
proxy_path && av_strstart(proxy_path, "http://", NULL);
if (use_proxy) {
char proxy_host[200], proxy_auth[200], dest[200];
Reported by FlawFinder.
Line: 93
Column: 41
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return AVERROR(ENOMEM);
proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
proxy_path && av_strstart(proxy_path, "http://", NULL);
if (use_proxy) {
char proxy_host[200], proxy_auth[200], dest[200];
int proxy_port;
Reported by FlawFinder.
Line: 34
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void set_options(TLSShared *c, const char *uri)
{
char buf[1024];
const char *p = strchr(uri, '?');
if (!p)
return;
if (!c->ca_file && av_find_info_tag(buf, sizeof(buf), "cafile", p))
Reported by FlawFinder.
Line: 60
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int port;
const char *p;
char buf[200], opts[50] = "";
struct addrinfo hints = { 0 }, *ai = NULL;
const char *proxy_path;
int use_proxy;
set_options(c, uri);
Reported by FlawFinder.
Line: 97
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
proxy_path && av_strstart(proxy_path, "http://", NULL);
if (use_proxy) {
char proxy_host[200], proxy_auth[200], dest[200];
int proxy_port;
av_url_split(NULL, 0, proxy_auth, sizeof(proxy_auth),
proxy_host, sizeof(proxy_host), &proxy_port, NULL, 0,
proxy_path);
ff_url_join(dest, sizeof(dest), NULL, NULL, c->underlying_host, port, NULL);
Reported by FlawFinder.
libavformat/dxa.c
5 issues
Line: 185
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_new_packet(pkt, 4 + pal_size)) < 0)
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
pkt->stream_index = 0;
if(pal_size) memcpy(pkt->data, pal, pal_size);
memcpy(pkt->data + pal_size, buf, 4);
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
case MKTAG('C', 'M', 'A', 'P'):
Reported by FlawFinder.
Line: 193
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
case MKTAG('C', 'M', 'A', 'P'):
pal_size = 768+4;
memcpy(pal, buf, 4);
avio_read(s->pb, pal + 4, 768);
break;
case MKTAG('F', 'R', 'A', 'M'):
if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
Reported by FlawFinder.
Line: 210
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size + DXA_EXTRA_SIZE + pal_size);
if (ret < 0)
return ret;
memcpy(pkt->data + pal_size, buf, DXA_EXTRA_SIZE);
ret = avio_read(s->pb, pkt->data + DXA_EXTRA_SIZE + pal_size, size);
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
Reported by FlawFinder.
Line: 215
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(ret != size){
return AVERROR(EIO);
}
if(pal_size) memcpy(pkt->data, pal, pal_size);
pkt->stream_index = 0;
c->frames--;
c->vidpos = avio_tell(s->pb);
c->readvid = 0;
return 0;
Reported by FlawFinder.
libavcodec/libvorbisenc.c
5 issues
Line: 160
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
avctx->channels == 8 &&
avctx->channel_layout != AV_CH_LAYOUT_7POINT1) {
if (avctx->channel_layout) {
char name[32];
av_get_channel_layout_string(name, sizeof(name), avctx->channels,
avctx->channel_layout);
av_log(avctx, AV_LOG_ERROR, "%s not supported by Vorbis: "
"output stream will have incorrect "
"channel layout.\n", name);
Reported by FlawFinder.
Line: 255
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset = 1;
offset += av_xiphlacing(&p[offset], header.bytes);
offset += av_xiphlacing(&p[offset], header_comm.bytes);
memcpy(&p[offset], header.packet, header.bytes);
offset += header.bytes;
memcpy(&p[offset], header_comm.packet, header_comm.bytes);
offset += header_comm.bytes;
memcpy(&p[offset], header_code.packet, header_code.bytes);
offset += header_code.bytes;
Reported by FlawFinder.
Line: 257
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += av_xiphlacing(&p[offset], header_comm.bytes);
memcpy(&p[offset], header.packet, header.bytes);
offset += header.bytes;
memcpy(&p[offset], header_comm.packet, header_comm.bytes);
offset += header_comm.bytes;
memcpy(&p[offset], header_code.packet, header_code.bytes);
offset += header_code.bytes;
av_assert0(offset == avctx->extradata_size);
Reported by FlawFinder.
Line: 259
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += header.bytes;
memcpy(&p[offset], header_comm.packet, header_comm.bytes);
offset += header_comm.bytes;
memcpy(&p[offset], header_code.packet, header_code.bytes);
offset += header_code.bytes;
av_assert0(offset == avctx->extradata_size);
s->vp = av_vorbis_parse_init(avctx->extradata, avctx->extradata_size);
if (!s->vp) {
Reported by FlawFinder.
Line: 303
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (c = 0; c < channels; c++) {
int co = (channels > 8) ? c :
vorbis_encoding_channel_layout_offsets[channels - 1][c];
memcpy(buffer[c], frame->extended_data[co],
samples * sizeof(*buffer[c]));
}
if ((ret = vorbis_analysis_wrote(&s->vd, samples)) < 0) {
av_log(avctx, AV_LOG_ERROR, "error in vorbis_analysis_wrote()\n");
return vorbis_error_to_averror(ret);
Reported by FlawFinder.
libavfilter/vf_kerndeint.c
5 issues
Line: 164
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dstp = dstp_saved + (1 - order) * dst_linesize;
for (y = 0; y < h; y += 2) {
memcpy(dstp, srcp, bwidth);
srcp += 2 * src_linesize;
dstp += 2 * dst_linesize;
}
// Copy through the lines that will be missed below.
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
// Copy through the lines that will be missed below.
memcpy(dstp_saved + order * dst_linesize, srcp_saved + (1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (2 + order ) * dst_linesize, srcp_saved + (3 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 2 + order) * dst_linesize, srcp_saved + (h - 1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 4 + order) * dst_linesize, srcp_saved + (h - 3 - order) * src_linesize, bwidth);
/* For the other field choose adaptively between using the previous field
Reported by FlawFinder.
Line: 171
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Copy through the lines that will be missed below.
memcpy(dstp_saved + order * dst_linesize, srcp_saved + (1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (2 + order ) * dst_linesize, srcp_saved + (3 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 2 + order) * dst_linesize, srcp_saved + (h - 1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 4 + order) * dst_linesize, srcp_saved + (h - 3 - order) * src_linesize, bwidth);
/* For the other field choose adaptively between using the previous field
or the interpolant from the current field. */
Reported by FlawFinder.
Line: 172
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Copy through the lines that will be missed below.
memcpy(dstp_saved + order * dst_linesize, srcp_saved + (1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (2 + order ) * dst_linesize, srcp_saved + (3 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 2 + order) * dst_linesize, srcp_saved + (h - 1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 4 + order) * dst_linesize, srcp_saved + (h - 3 - order) * src_linesize, bwidth);
/* For the other field choose adaptively between using the previous field
or the interpolant from the current field. */
prvp = kerndeint->tmp_data[plane] + 5 * psrc_linesize - (1 - order) * psrc_linesize;
Reported by FlawFinder.
Line: 173
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dstp_saved + order * dst_linesize, srcp_saved + (1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (2 + order ) * dst_linesize, srcp_saved + (3 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 2 + order) * dst_linesize, srcp_saved + (h - 1 - order) * src_linesize, bwidth);
memcpy(dstp_saved + (h - 4 + order) * dst_linesize, srcp_saved + (h - 3 - order) * src_linesize, bwidth);
/* For the other field choose adaptively between using the previous field
or the interpolant from the current field. */
prvp = kerndeint->tmp_data[plane] + 5 * psrc_linesize - (1 - order) * psrc_linesize;
prvpp = prvp - psrc_linesize;
Reported by FlawFinder.
libavformat/srtp.c
5 issues
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *out, int outlen)
{
uint8_t input[16] = { 0 };
memcpy(input, salt, 14);
// Key derivation rate assumed to be zero
input[14 - 7] ^= label;
memset(out, 0, outlen);
encrypt_counter(aes, input, out, outlen);
}
Reported by FlawFinder.
Line: 96
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->hmac = av_hmac_alloc(AV_HMAC_SHA1);
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
Reported by FlawFinder.
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, sizeof(s->rtp_key));
Reported by FlawFinder.
Line: 259
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len + padding > outlen)
return 0;
memcpy(out, in, len);
buf = out;
if (rtcp) {
ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++;
Reported by FlawFinder.
Line: 322
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
memcpy(buf + len, hmac, hmac_size);
len += hmac_size;
return buf + len - out;
}
Reported by FlawFinder.
libavcodec/libtheoraenc.c
5 issues
Line: 85
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avc_context->extradata_size = newsize;
AV_WB16(avc_context->extradata + (*offset), packet->bytes);
*offset += 2;
memcpy(avc_context->extradata + (*offset), packet->packet, packet->bytes);
(*offset) += packet->bytes;
return 0;
}
static int get_stats(AVCodecContext *avctx, int eos)
Reported by FlawFinder.
Line: 108
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!tmp)
return AVERROR(ENOMEM);
h->stats = tmp;
memcpy(h->stats + h->stats_offset, buf, bytes);
h->stats_offset += bytes;
} else {
int b64_size = AV_BASE64_SIZE(h->stats_offset);
// libtheora generates a summary header at the end
memcpy(h->stats, buf, bytes);
Reported by FlawFinder.
Line: 113
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
int b64_size = AV_BASE64_SIZE(h->stats_offset);
// libtheora generates a summary header at the end
memcpy(h->stats, buf, bytes);
avctx->stats_out = av_malloc(b64_size);
if (!avctx->stats_out)
return AVERROR(ENOMEM);
av_base64_encode(avctx->stats_out, b64_size, h->stats, h->stats_offset);
}
Reported by FlawFinder.
Line: 345
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy ogg_packet content out to buffer */
if ((ret = ff_get_encode_buffer(avc_context, pkt, o_packet.bytes, 0)) < 0)
return ret;
memcpy(pkt->data, o_packet.packet, o_packet.bytes);
// HACK: assumes no encoder delay, this is true until libtheora becomes
// multithreaded (which will be disabled unless explicitly requested)
pkt->pts = pkt->dts = frame->pts;
if (!(o_packet.granulepos & h->keyframe_mask))
Reported by FlawFinder.
Line: 138
Column: 25
CWE codes:
126
av_log(avctx, AV_LOG_ERROR, "No statsfile for second pass\n");
return AVERROR(EINVAL);
}
h->stats_size = strlen(avctx->stats_in) * 3/4;
h->stats = av_malloc(h->stats_size);
if (!h->stats) {
h->stats_size = 0;
return AVERROR(ENOMEM);
}
Reported by FlawFinder.
libavfilter/af_channelmap.c
5 issues
Line: 125
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ChannelMapContext *s = ctx->priv;
char *mapping, separator = '|';
int map_entries = 0;
char buf[256];
enum MappingMode mode;
uint64_t out_ch_mask = 0;
int i;
mapping = s->mapping_str;
Reported by FlawFinder.
Line: 307
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ch;
uint8_t *source_planes[MAX_CH];
memcpy(source_planes, buf->extended_data,
nch_in * sizeof(source_planes[0]));
if (nch_out > nch_in) {
if (nch_out > FF_ARRAY_ELEMS(buf->data)) {
uint8_t **new_extended_data =
Reported by FlawFinder.
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (buf->data != buf->extended_data)
memcpy(buf->data, buf->extended_data,
FFMIN(FF_ARRAY_ELEMS(buf->data), nch_out) * sizeof(buf->data[0]));
buf->channel_layout = outlink->channel_layout;
buf->channels = outlink->channels;
Reported by FlawFinder.
Line: 352
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nb_channels = inlink->channels;
int i, err = 0;
const char *channel_name;
char layout_name[256];
for (i = 0; i < s->nch; i++) {
struct ChannelMap *m = &s->map[i];
if (s->mode == MAP_PAIR_STR_INT || s->mode == MAP_PAIR_STR_STR) {
Reported by FlawFinder.
Line: 98
Column: 11
CWE codes:
126
next = split(*map, delim);
if (!next && delim == '-')
return AVERROR(EINVAL);
len = strlen(*map);
sscanf(*map, "%d%n", ch, &n);
if (n != len)
return AVERROR(EINVAL);
if (*ch < 0 || *ch > max_ch)
return AVERROR(EINVAL);
Reported by FlawFinder.
libavcodec/opusenc_psy.c
5 issues
Line: 42
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *Y_orig = f->block[1].coeffs + (ff_celt_freq_bands[band] << f->size);
OPUS_RC_CHECKPOINT_SPAWN(rc);
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
Reported by FlawFinder.
Line: 44
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(X, X_orig, band_size*sizeof(float));
if (Y)
memcpy(Y, Y_orig, band_size*sizeof(float));
f->remaining2 = ((f->framebits << 3) - f->anticollapse_needed) - opus_rc_tell_frac(rc) - 1;
if (band <= f->coded_bands - 1) {
int curr_balance = f->remaining / FFMIN(3, f->coded_bands - band);
b = av_clip_uintp2(FFMIN(f->remaining2 + 1, f->pulses[band] + curr_balance), 14);
Reported by FlawFinder.
Line: 91
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 1; i <= FFMIN(lap_size, index); i++) {
const int offset = i*120;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index - i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
Reported by FlawFinder.
Line: 96
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < lap_size; i++) {
const int offset = i*120 + lap_size;
AVFrame *cur = ff_bufqueue_peek(s->bufqueue, index + i);
memcpy(&s->scratch[offset], cur->extended_data[ch], cur->nb_samples*sizeof(float));
}
s->dsp->vector_fmul(s->scratch, s->scratch, s->window[s->bsize_analysis],
(OPUS_BLOCK_SIZE(s->bsize_analysis) << 1));
Reported by FlawFinder.
Line: 450
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
f->tf_select = score[0] < score[1];
memcpy(f->tf_change, config[f->tf_select], sizeof(int)*CELT_MAX_BANDS);
return 0;
}
int ff_opus_psy_celt_frame_process(OpusPsyContext *s, CeltFrame *f, int index)
Reported by FlawFinder.