The following issues were found
libavcodec/codec_par.c
4 issues
Line: 75
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int avcodec_parameters_copy(AVCodecParameters *dst, const AVCodecParameters *src)
{
codec_parameters_reset(dst);
memcpy(dst, src, sizeof(*dst));
dst->extradata = NULL;
dst->extradata_size = 0;
if (src->extradata) {
dst->extradata = av_mallocz(src->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
Reported by FlawFinder.
Line: 83
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst->extradata = av_mallocz(src->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!dst->extradata)
return AVERROR(ENOMEM);
memcpy(dst->extradata, src->extradata, src->extradata_size);
dst->extradata_size = src->extradata_size;
}
return 0;
}
Reported by FlawFinder.
Line: 140
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
par->extradata = av_mallocz(codec->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!par->extradata)
return AVERROR(ENOMEM);
memcpy(par->extradata, codec->extradata, codec->extradata_size);
par->extradata_size = codec->extradata_size;
}
return 0;
}
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
codec->extradata = av_mallocz(par->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (!codec->extradata)
return AVERROR(ENOMEM);
memcpy(codec->extradata, par->extradata, par->extradata_size);
codec->extradata_size = par->extradata_size;
}
return 0;
}
Reported by FlawFinder.
libavformat/subtitles.c
4 issues
Line: 123
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_len = sub->size;
if (av_grow_packet(sub, len) < 0)
return NULL;
memcpy(sub->data + old_len, event, len);
} else {
/* new event */
if (q->nb_subs >= INT_MAX/sizeof(*q->subs) - 1)
return NULL;
Reported by FlawFinder.
Line: 144
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
subs[q->nb_subs++] = sub;
sub->flags |= AV_PKT_FLAG_KEY;
sub->pts = sub->dts = 0;
memcpy(sub->data, event, len);
}
return sub;
}
static int cmp_pkt_sub_ts_pos(const void *a, const void *b)
Reported by FlawFinder.
Line: 387
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ff_subtitles_read_text_chunk(FFTextReader *tr, AVBPrint *buf)
{
char eol_buf[5], last_was_cr = 0;
int n = 0, i = 0, nb_eol = 0;
av_bprint_clear(buf);
for (;;) {
Reported by FlawFinder.
Line: 363
Column: 24
CWE codes:
126
const char *ff_smil_get_attr_ptr(const char *s, const char *attr)
{
int in_quotes = 0;
const size_t len = strlen(attr);
while (*s) {
while (*s) {
if (!in_quotes && av_isspace(*s))
break;
Reported by FlawFinder.
libavcodec/wavpack.c
4 issues
Line: 574
CWE codes:
476
memset(dst_left, 0x69, s->samples * 4);
if (dst_r)
memset(dst_right, 0x69, s->samples * 4);
}
return 0;
}
Reported by Cppcheck.
Line: 735
CWE codes:
476
memset(dst_left, 0x69, s->samples * 4);
if (dst_r)
memset(dst_right, 0x69, s->samples * 4);
}
return 0;
}
Reported by Cppcheck.
Line: 767
CWE codes:
476
memset(dst_left, 0x69, s->samples * 4);
if (dst_r)
memset(dst_right, 0x69, s->samples * 4);
}
return 0;
}
Reported by Cppcheck.
Line: 1602
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (s->stereo)
memcpy(samples_r, samples_l, bpp * s->samples);
}
return 0;
}
Reported by FlawFinder.
libavformat/srtdec.c
4 issues
Line: 80
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
ei->x1 = ei->x2 = ei->y1 = ei->y2 = ei->duration = -1;
ei->pts = AV_NOPTS_VALUE;
ei->pos = -1;
if (sscanf(line, "%d:%d:%d%*1[,.]%d --> %d:%d:%d%*1[,.]%d"
"%*[ ]X1:%"PRId32" X2:%"PRId32" Y1:%"PRId32" Y2:%"PRId32,
&hh1, &mm1, &ss1, &ms1,
&hh2, &mm2, &ss2, &ms2,
&ei->x1, &ei->x2, &ei->y1, &ei->y2) >= 8) {
const int64_t start = (hh1*3600LL + mm1*60LL + ss1) * 1000LL + ms1;
Reported by FlawFinder.
Line: 179
Column: 17
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (strtol(line, &pline, 10) < 0 || line == pline)
av_bprintf(&buf, "%s\n", line);
else
strcpy(line_cache, line);
} else {
if (has_event_info) {
/* We have the information of previous event, append it to the
* queue. We insert the cached line if and only if the payload
* is empty and the cached line is not a standalone number. */
Reported by FlawFinder.
Line: 36
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int srt_probe(const AVProbeData *p)
{
int v;
char buf[64], *pbuf;
FFTextReader tr;
ff_text_init_buf(&tr, p->buf, p->buf_size);
while (ff_text_peek_r8(&tr) == '\r' || ff_text_peek_r8(&tr) == '\n')
Reported by FlawFinder.
Line: 132
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVBPrint buf;
AVStream *st = avformat_new_stream(s, NULL);
int res = 0;
char line[4096], line_cache[4096];
int has_event_info = 0;
struct event_info ei;
FFTextReader tr;
ff_text_init_avio(s, &tr, s->pb);
Reported by FlawFinder.
libavformat/dump.c
4 issues
Line: 47
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!f) \
av_log(avcl, level, __VA_ARGS__); \
else \
fprintf(f, __VA_ARGS__); \
} while (0)
static void hex_dump_internal(void *avcl, FILE *f, int level,
const uint8_t *buf, int size)
{
Reported by FlawFinder.
Line: 148
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
av_log(ctx, AV_LOG_INFO,
"%s %-16s: ", indent, tag->key);
while (*p) {
char tmp[256];
size_t len = strcspn(p, "\x8\xa\xb\xc\xd");
av_strlcpy(tmp, p, FFMIN(sizeof(tmp), len+1));
av_log(ctx, AV_LOG_INFO, "%s", tmp);
p += len;
if (*p == 0xd) av_log(ctx, AV_LOG_INFO, " ");
Reported by FlawFinder.
Line: 418
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
for (int j = 1; j <= tc[0]; j++) {
char tcbuf[AV_TIMECODE_STR_SIZE];
av_timecode_make_smpte_tc_string2(tcbuf, st->avg_frame_rate, tc[j], 0, 0);
av_log(ctx, AV_LOG_INFO, "timecode - %s%s", tcbuf, j != tc[0] ? ", " : "");
}
}
Reported by FlawFinder.
Line: 508
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dump_stream_format(const AVFormatContext *ic, int i,
int index, int is_output)
{
char buf[256];
int flags = (is_output ? ic->oformat->flags : ic->iformat->flags);
const AVStream *st = ic->streams[i];
const AVDictionaryEntry *lang = av_dict_get(st->metadata, "language", NULL, 0);
const char *separator = ic->dump_separator;
AVCodecContext *avctx;
Reported by FlawFinder.
libavformat/flacenc.c
4 issues
Line: 252
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
"already present, this muxer will not overwrite it.\n");
} else {
uint8_t buf[32];
snprintf(buf, sizeof(buf), "0x%"PRIx64, par->channel_layout);
av_dict_set(&s->metadata, "WAVEFORMATEXTENSIBLE_CHANNEL_MASK", buf, 0);
}
}
return 0;
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
streaminfo = av_packet_get_side_data(pkt, AV_PKT_DATA_NEW_EXTRADATA,
&streaminfo_size);
if (streaminfo && streaminfo_size == FLAC_STREAMINFO_SIZE) {
memcpy(c->streaminfo, streaminfo, FLAC_STREAMINFO_SIZE);
c->updated_streaminfo = 1;
}
if (pkt->size)
avio_write(s->pb, pkt->data, pkt->size);
Reported by FlawFinder.
Line: 106
Column: 15
CWE codes:
126
"write an attached picture.\n", st->index);
return AVERROR(EINVAL);
}
mimelen = strlen(mimetype);
/* get the picture type */
e = av_dict_get(st->metadata, "comment", NULL, 0);
for (i = 0; e && i < FF_ARRAY_ELEMS(ff_id3v2_picture_types); i++) {
if (!av_strcasecmp(e->value, ff_id3v2_picture_types[i])) {
Reported by FlawFinder.
Line: 134
Column: 15
CWE codes:
126
/* get the description */
if ((e = av_dict_get(st->metadata, "title", NULL, 0)))
desc = e->value;
desclen = strlen(desc);
blocklen = 4 + 4 + mimelen + 4 + desclen + 4 + 4 + 4 + 4 + 4 + pkt->size;
if (blocklen >= 1<<24) {
av_log(s, AV_LOG_ERROR, "Picture block too big %d >= %d\n", blocklen, 1<<24);
return AVERROR(EINVAL);
Reported by FlawFinder.
libavformat/cafdec.c
4 issues
Line: 162
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avio_skip(pb, size - ALAC_PREAMBLE - ALAC_HEADER);
} else {
AV_WB32(st->codecpar->extradata, 36);
memcpy(&st->codecpar->extradata[4], "alac", 4);
AV_WB32(&st->codecpar->extradata[8], 0);
memcpy(&st->codecpar->extradata[12], preamble, 12);
if (avio_read(pb, &st->codecpar->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
av_freep(&st->codecpar->extradata);
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB32(st->codecpar->extradata, 36);
memcpy(&st->codecpar->extradata[4], "alac", 4);
AV_WB32(&st->codecpar->extradata[8], 0);
memcpy(&st->codecpar->extradata[12], preamble, 12);
if (avio_read(pb, &st->codecpar->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
av_freep(&st->codecpar->extradata);
return AVERROR_INVALIDDATA;
}
Reported by FlawFinder.
Line: 240
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int i;
unsigned int nb_entries = avio_rb32(pb);
for (i = 0; i < nb_entries && !avio_feof(pb); i++) {
char key[32];
char value[1024];
avio_get_str(pb, INT_MAX, key, sizeof(key));
avio_get_str(pb, INT_MAX, value, sizeof(value));
av_dict_set(&s->metadata, key, value, 0);
}
Reported by FlawFinder.
Line: 241
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nb_entries = avio_rb32(pb);
for (i = 0; i < nb_entries && !avio_feof(pb); i++) {
char key[32];
char value[1024];
avio_get_str(pb, INT_MAX, key, sizeof(key));
avio_get_str(pb, INT_MAX, value, sizeof(value));
av_dict_set(&s->metadata, key, value, 0);
}
}
Reported by FlawFinder.
libavcodec/hevcpred_template.c
4 issues
Line: 296
CWE codes:
786
int intra_hor_ver_dist_thresh[] = { 7, 1, 0 };
int min_dist_vert_hor = FFMIN(FFABS((int)(mode - 26U)),
FFABS((int)(mode - 10U)));
if (min_dist_vert_hor > intra_hor_ver_dist_thresh[log2_size - 3]) {
int threshold = 1 << (BIT_DEPTH - 5);
if (s->ps.sps->sps_strong_intra_smoothing_enable_flag && c_idx == 0 &&
log2_size == 5 &&
FFABS(top[-1] + top[63] - 2 * top[31]) < threshold &&
FFABS(left[-1] + left[63] - 2 * left[31]) < threshold) {
Reported by Cppcheck.
Line: 296
CWE codes:
786
int intra_hor_ver_dist_thresh[] = { 7, 1, 0 };
int min_dist_vert_hor = FFMIN(FFABS((int)(mode - 26U)),
FFABS((int)(mode - 10U)));
if (min_dist_vert_hor > intra_hor_ver_dist_thresh[log2_size - 3]) {
int threshold = 1 << (BIT_DEPTH - 5);
if (s->ps.sps->sps_strong_intra_smoothing_enable_flag && c_idx == 0 &&
log2_size == 5 &&
FFABS(top[-1] + top[63] - 2 * top[31]) < threshold &&
FFABS(left[-1] + left[63] - 2 * left[31]) < threshold) {
Reported by Cppcheck.
Line: 171
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
top[-1] = left[-1];
}
if (cand_up)
memcpy(top, src - stride, size * sizeof(pixel));
if (cand_up_right) {
memcpy(top + size, src - stride + size, size * sizeof(pixel));
EXTEND(top + size + top_right_size, POS(size + top_right_size - 1, -1),
size - top_right_size);
}
Reported by FlawFinder.
Line: 173
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cand_up)
memcpy(top, src - stride, size * sizeof(pixel));
if (cand_up_right) {
memcpy(top + size, src - stride + size, size * sizeof(pixel));
EXTEND(top + size + top_right_size, POS(size + top_right_size - 1, -1),
size - top_right_size);
}
if (cand_left)
for (i = 0; i < size; i++)
Reported by FlawFinder.
libavcodec/vb.c
4 issues
Line: 120
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0x00: //skip
for (y = 0; y < 4; y++)
if (check_line(prev + y*width, pstart, pend))
memcpy(cur + y*width, prev + y*width, 4);
else
memset(cur + y*width, 0, 4);
break;
case 0x40:
t = bytestream2_get_byte(&g);
Reported by FlawFinder.
Line: 139
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t = x + y*width;
for (y = 0; y < 4; y++)
if (check_line(prev + t + y*width, pstart, pend))
memcpy(cur + y*width, prev + t + y*width, 4);
else
memset(cur + y*width, 0, 4);
}
break;
case 0x80: // fill
Reported by FlawFinder.
Line: 235
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vb_decode_palette(c, size);
}
memcpy(frame->data[1], c->pal, AVPALETTE_SIZE);
frame->palette_has_changed = flags & VB_HAS_PALETTE;
outptr = frame->data[0];
srcptr = c->frame;
Reported by FlawFinder.
Line: 242
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
srcptr = c->frame;
for (i = 0; i < avctx->height; i++) {
memcpy(outptr, srcptr, avctx->width);
srcptr += avctx->width;
outptr += frame->linesize[0];
}
FFSWAP(uint8_t*, c->frame, c->prev_frame);
Reported by FlawFinder.
libavcodec/hevc_cabac.c
4 issues
Line: 456
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ctb_addr_ts % s->ps.sps->ctb_width == 2 ||
(s->ps.sps->ctb_width == 2 &&
ctb_addr_ts % s->ps.sps->ctb_width == 0))) {
memcpy(s->cabac_state, s->HEVClc->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
memcpy(s->stat_coeff, s->HEVClc->stat_coeff, HEVC_STAT_COEFFS);
}
}
}
Reported by FlawFinder.
Line: 458
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctb_addr_ts % s->ps.sps->ctb_width == 0))) {
memcpy(s->cabac_state, s->HEVClc->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
memcpy(s->stat_coeff, s->HEVClc->stat_coeff, HEVC_STAT_COEFFS);
}
}
}
static void load_states(HEVCContext *s, int thread)
Reported by FlawFinder.
Line: 465
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void load_states(HEVCContext *s, int thread)
{
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
const HEVCContext *prev = s->sList[(thread + s->threads_number - 1) % s->threads_number];
memcpy(s->HEVClc->stat_coeff, prev->stat_coeff, HEVC_STAT_COEFFS);
}
}
Reported by FlawFinder.
Line: 468
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
const HEVCContext *prev = s->sList[(thread + s->threads_number - 1) % s->threads_number];
memcpy(s->HEVClc->stat_coeff, prev->stat_coeff, HEVC_STAT_COEFFS);
}
}
static int cabac_reinit(HEVCLocalContext *lc)
{
Reported by FlawFinder.