The following issues were found
libavcodec/hevc_cabac.c
4 issues
Line: 456
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ctb_addr_ts % s->ps.sps->ctb_width == 2 ||
(s->ps.sps->ctb_width == 2 &&
ctb_addr_ts % s->ps.sps->ctb_width == 0))) {
memcpy(s->cabac_state, s->HEVClc->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
memcpy(s->stat_coeff, s->HEVClc->stat_coeff, HEVC_STAT_COEFFS);
}
}
}
Reported by FlawFinder.
Line: 458
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctb_addr_ts % s->ps.sps->ctb_width == 0))) {
memcpy(s->cabac_state, s->HEVClc->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
memcpy(s->stat_coeff, s->HEVClc->stat_coeff, HEVC_STAT_COEFFS);
}
}
}
static void load_states(HEVCContext *s, int thread)
Reported by FlawFinder.
Line: 465
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void load_states(HEVCContext *s, int thread)
{
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
const HEVCContext *prev = s->sList[(thread + s->threads_number - 1) % s->threads_number];
memcpy(s->HEVClc->stat_coeff, prev->stat_coeff, HEVC_STAT_COEFFS);
}
}
Reported by FlawFinder.
Line: 468
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
if (s->ps.sps->persistent_rice_adaptation_enabled_flag) {
const HEVCContext *prev = s->sList[(thread + s->threads_number - 1) % s->threads_number];
memcpy(s->HEVClc->stat_coeff, prev->stat_coeff, HEVC_STAT_COEFFS);
}
}
static int cabac_reinit(HEVCLocalContext *lc)
{
Reported by FlawFinder.
libavformat/libamqp.c
4 issues
Line: 65
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int amqp_proto_open(URLContext *h, const char *uri, int flags)
{
int ret, server_msg;
char hostname[STR_LEN], credentials[STR_LEN], path[STR_LEN];
int port;
const char *user, *password = NULL, *vhost;
const char *user_decoded, *password_decoded, *vhost_decoded;
char *p;
amqp_rpc_reply_t broker_reply;
Reported by FlawFinder.
Line: 178
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (h->flags & AVIO_FLAG_READ) {
amqp_bytes_t queuename;
char queuename_buff[STR_LEN];
amqp_queue_declare_ok_t *r;
r = amqp_queue_declare(s->conn, DEFAULT_CHANNEL, amqp_empty_bytes,
0, 0, 0, 1, amqp_empty_table);
broker_reply = amqp_get_rpc_reply(s->conn);
Reported by FlawFinder.
Line: 193
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* store queuename */
queuename.bytes = queuename_buff;
queuename.len = FFMIN(r->queue.len, STR_LEN);
memcpy(queuename.bytes, r->queue.bytes, queuename.len);
amqp_queue_bind(s->conn, DEFAULT_CHANNEL, queuename,
amqp_cstring_bytes(s->exchange),
amqp_cstring_bytes(s->routing_key), amqp_empty_table);
Reported by FlawFinder.
Line: 291
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
size = FFMIN(size, envelope.message.body.len);
memcpy(buf, envelope.message.body.bytes, size);
amqp_destroy_envelope(&envelope);
return size;
}
Reported by FlawFinder.
libavformat/cafdec.c
4 issues
Line: 162
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avio_skip(pb, size - ALAC_PREAMBLE - ALAC_HEADER);
} else {
AV_WB32(st->codecpar->extradata, 36);
memcpy(&st->codecpar->extradata[4], "alac", 4);
AV_WB32(&st->codecpar->extradata[8], 0);
memcpy(&st->codecpar->extradata[12], preamble, 12);
if (avio_read(pb, &st->codecpar->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
av_freep(&st->codecpar->extradata);
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB32(st->codecpar->extradata, 36);
memcpy(&st->codecpar->extradata[4], "alac", 4);
AV_WB32(&st->codecpar->extradata[8], 0);
memcpy(&st->codecpar->extradata[12], preamble, 12);
if (avio_read(pb, &st->codecpar->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
av_freep(&st->codecpar->extradata);
return AVERROR_INVALIDDATA;
}
Reported by FlawFinder.
Line: 240
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int i;
unsigned int nb_entries = avio_rb32(pb);
for (i = 0; i < nb_entries && !avio_feof(pb); i++) {
char key[32];
char value[1024];
avio_get_str(pb, INT_MAX, key, sizeof(key));
avio_get_str(pb, INT_MAX, value, sizeof(value));
av_dict_set(&s->metadata, key, value, 0);
}
Reported by FlawFinder.
Line: 241
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nb_entries = avio_rb32(pb);
for (i = 0; i < nb_entries && !avio_feof(pb); i++) {
char key[32];
char value[1024];
avio_get_str(pb, INT_MAX, key, sizeof(key));
avio_get_str(pb, INT_MAX, value, sizeof(value));
av_dict_set(&s->metadata, key, value, 0);
}
}
Reported by FlawFinder.
libavcodec/h264_mb_template.c
4 issues
Line: 135
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
for (i = 0; i < 16; i++)
memcpy(dest_y + i * linesize, sl->intra_pcm_ptr + i * 16, 16);
if (SIMPLE || !CONFIG_GRAY || !(h->flags & AV_CODEC_FLAG_GRAY)) {
if (!h->ps.sps->chroma_format_idc) {
for (i = 0; i < 8; i++) {
memset(dest_cb + i * uvlinesize, 1 << (bit_depth - 1), 8);
memset(dest_cr + i * uvlinesize, 1 << (bit_depth - 1), 8);
Reported by FlawFinder.
Line: 146
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *src_cb = sl->intra_pcm_ptr + 256;
const uint8_t *src_cr = sl->intra_pcm_ptr + 256 + block_h * 8;
for (i = 0; i < block_h; i++) {
memcpy(dest_cb + i * uvlinesize, src_cb + i * 8, 8);
memcpy(dest_cr + i * uvlinesize, src_cr + i * 8, 8);
}
}
}
}
Reported by FlawFinder.
Line: 147
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *src_cr = sl->intra_pcm_ptr + 256 + block_h * 8;
for (i = 0; i < block_h; i++) {
memcpy(dest_cb + i * uvlinesize, src_cb + i * 8, 8);
memcpy(dest_cr + i * uvlinesize, src_cr + i * 8, 8);
}
}
}
}
} else {
Reported by FlawFinder.
Line: 321
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
for (p = 0; p < plane_count; p++)
for (i = 0; i < 16; i++)
memcpy(dest[p] + i * linesize,
sl->intra_pcm_ptr + p * 256 + i * 16, 16);
}
} else {
if (IS_INTRA(mb_type)) {
if (sl->deblocking_filter)
Reported by FlawFinder.
libavformat/smjpegenc.c
4 issues
Line: 52
Column: 23
CWE codes:
126
ff_standardize_creation_time(s);
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
avio_wl32(pb, SMJPEG_TXT);
avio_wb32(pb, strlen(t->key) + strlen(t->value) + 3);
avio_write(pb, t->key, strlen(t->key));
avio_write(pb, " = ", 3);
avio_write(pb, t->value, strlen(t->value));
}
Reported by FlawFinder.
Line: 52
Column: 40
CWE codes:
126
ff_standardize_creation_time(s);
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
avio_wl32(pb, SMJPEG_TXT);
avio_wb32(pb, strlen(t->key) + strlen(t->value) + 3);
avio_write(pb, t->key, strlen(t->key));
avio_write(pb, " = ", 3);
avio_write(pb, t->value, strlen(t->value));
}
Reported by FlawFinder.
Line: 53
Column: 32
CWE codes:
126
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
avio_wl32(pb, SMJPEG_TXT);
avio_wb32(pb, strlen(t->key) + strlen(t->value) + 3);
avio_write(pb, t->key, strlen(t->key));
avio_write(pb, " = ", 3);
avio_write(pb, t->value, strlen(t->value));
}
for (n = 0; n < s->nb_streams; n++) {
Reported by FlawFinder.
Line: 55
Column: 34
CWE codes:
126
avio_wb32(pb, strlen(t->key) + strlen(t->value) + 3);
avio_write(pb, t->key, strlen(t->key));
avio_write(pb, " = ", 3);
avio_write(pb, t->value, strlen(t->value));
}
for (n = 0; n < s->nb_streams; n++) {
AVStream *st = s->streams[n];
AVCodecParameters *par = st->codecpar;
Reported by FlawFinder.
libavcodec/vb.c
4 issues
Line: 120
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 0x00: //skip
for (y = 0; y < 4; y++)
if (check_line(prev + y*width, pstart, pend))
memcpy(cur + y*width, prev + y*width, 4);
else
memset(cur + y*width, 0, 4);
break;
case 0x40:
t = bytestream2_get_byte(&g);
Reported by FlawFinder.
Line: 139
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t = x + y*width;
for (y = 0; y < 4; y++)
if (check_line(prev + t + y*width, pstart, pend))
memcpy(cur + y*width, prev + t + y*width, 4);
else
memset(cur + y*width, 0, 4);
}
break;
case 0x80: // fill
Reported by FlawFinder.
Line: 235
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vb_decode_palette(c, size);
}
memcpy(frame->data[1], c->pal, AVPALETTE_SIZE);
frame->palette_has_changed = flags & VB_HAS_PALETTE;
outptr = frame->data[0];
srcptr = c->frame;
Reported by FlawFinder.
Line: 242
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
srcptr = c->frame;
for (i = 0; i < avctx->height; i++) {
memcpy(outptr, srcptr, avctx->width);
srcptr += avctx->width;
outptr += frame->linesize[0];
}
FFSWAP(uint8_t*, c->frame, c->prev_frame);
Reported by FlawFinder.
libavcodec/wmadec.c
4 issues
Line: 408
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->fdsp->vector_fmul_add(out + n, in + n, s->windows[bsize],
out + n, block_len);
memcpy(out + n + block_len, in + n + block_len, n * sizeof(float));
}
out += s->block_len;
in += s->block_len;
Reported by FlawFinder.
Line: 425
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n = (s->block_len - block_len) / 2;
bsize = s->frame_len_bits - s->next_block_len_bits;
memcpy(out, in, n * sizeof(float));
s->fdsp->vector_fmul_reverse(out + n, in + n, s->windows[bsize],
block_len);
memset(out + n + block_len, 0, n * sizeof(float));
Reported by FlawFinder.
Line: 799
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (ch = 0; ch < s->avctx->channels; ch++) {
/* copy current block to output */
memcpy(samples[ch] + samples_offset, s->frame_out[ch],
s->frame_len * sizeof(*s->frame_out[ch]));
/* prepare for next block */
memmove(&s->frame_out[ch][0], &s->frame_out[ch][s->frame_len],
s->frame_len * sizeof(*s->frame_out[ch]));
Reported by FlawFinder.
Line: 947
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
s->last_superframe_len = len;
memcpy(s->last_superframe, buf + pos, len);
} else {
/* single frame decode */
if (wma_decode_frame(s, samples, samples_offset) < 0)
goto fail;
samples_offset += s->frame_len;
Reported by FlawFinder.
fftools/cmdutils.h
4 issues
Line: 646
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define GET_CH_LAYOUT_NAME(ch_layout)\
char name[16];\
snprintf(name, sizeof(name), "0x%"PRIx64, ch_layout);
#define GET_CH_LAYOUT_DESC(ch_layout)\
char name[128];\
av_get_channel_layout_string(name, sizeof(name), 0, ch_layout);
Reported by FlawFinder.
Line: 641
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name = av_get_sample_fmt_name(sample_fmt)
#define GET_SAMPLE_RATE_NAME(rate)\
char name[16];\
snprintf(name, sizeof(name), "%d", rate);
#define GET_CH_LAYOUT_NAME(ch_layout)\
char name[16];\
snprintf(name, sizeof(name), "0x%"PRIx64, ch_layout);
Reported by FlawFinder.
Line: 645
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
snprintf(name, sizeof(name), "%d", rate);
#define GET_CH_LAYOUT_NAME(ch_layout)\
char name[16];\
snprintf(name, sizeof(name), "0x%"PRIx64, ch_layout);
#define GET_CH_LAYOUT_DESC(ch_layout)\
char name[128];\
av_get_channel_layout_string(name, sizeof(name), 0, ch_layout);
Reported by FlawFinder.
Line: 649
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
snprintf(name, sizeof(name), "0x%"PRIx64, ch_layout);
#define GET_CH_LAYOUT_DESC(ch_layout)\
char name[128];\
av_get_channel_layout_string(name, sizeof(name), 0, ch_layout);
double get_rotation(AVStream *st);
#endif /* FFTOOLS_CMDUTILS_H */
Reported by FlawFinder.
compat/w32dlfcn.h
4 issues
Line: 52
Column: 9
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
if (pathlen == 0 || pathlen + wcslen(name_w) + 2 > MAX_PATH)
goto exit;
path[pathlen] = '\\';
wcscpy(path + pathlen + 1, name_w);
module = LoadLibraryExW(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (module == NULL) {
// Next try System32 directory
pathlen = GetSystemDirectoryW(path, MAX_PATH);
if (pathlen == 0 || pathlen + wcslen(name_w) + 2 > MAX_PATH)
Reported by FlawFinder.
Line: 60
Column: 13
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
if (pathlen == 0 || pathlen + wcslen(name_w) + 2 > MAX_PATH)
goto exit;
path[pathlen] = '\\';
wcscpy(path + pathlen + 1, name_w);
module = LoadLibraryExW(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
}
exit:
av_free(path);
av_free(name_w);
Reported by FlawFinder.
Line: 49
Column: 39
CWE codes:
126
// Try local directory first
pathlen = GetModuleFileNameW(NULL, path, MAX_PATH);
pathlen = wcsrchr(path, '\\') - path;
if (pathlen == 0 || pathlen + wcslen(name_w) + 2 > MAX_PATH)
goto exit;
path[pathlen] = '\\';
wcscpy(path + pathlen + 1, name_w);
module = LoadLibraryExW(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
if (module == NULL) {
Reported by FlawFinder.
Line: 57
Column: 43
CWE codes:
126
if (module == NULL) {
// Next try System32 directory
pathlen = GetSystemDirectoryW(path, MAX_PATH);
if (pathlen == 0 || pathlen + wcslen(name_w) + 2 > MAX_PATH)
goto exit;
path[pathlen] = '\\';
wcscpy(path + pathlen + 1, name_w);
module = LoadLibraryExW(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
}
Reported by FlawFinder.
libavcodec/g729postfilter.c
4 issues
Line: 304
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* End of best delay searching code */
if (!gain_num) {
memcpy(residual_filt, residual + RES_PREV_DATA_SIZE, subframe_size * sizeof(int16_t));
/* Long-term prediction gain is less than 3dB. Long-term postfilter is disabled. */
return 0;
}
if (best_delay_frac) {
Reported by FlawFinder.
Line: 543
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lp_gd[i + 1] = (lp_filter_coeffs[i + 1] * formant_pp_factor_den_pow[i] + 0x4000) >> 15;
/* residual signal calculation (one-half of short-term postfilter) */
memcpy(speech - 10, res_filter_data, 10 * sizeof(int16_t));
residual_filter(residual + RES_PREV_DATA_SIZE, lp_gn + 11, speech, subframe_size);
/* Save data to use it in the next subframe. */
memcpy(res_filter_data, speech + subframe_size - 10, 10 * sizeof(int16_t));
/* long-term filter. If long-term prediction gain is larger than 3dB (returned value is
Reported by FlawFinder.
Line: 546
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(speech - 10, res_filter_data, 10 * sizeof(int16_t));
residual_filter(residual + RES_PREV_DATA_SIZE, lp_gn + 11, speech, subframe_size);
/* Save data to use it in the next subframe. */
memcpy(res_filter_data, speech + subframe_size - 10, 10 * sizeof(int16_t));
/* long-term filter. If long-term prediction gain is larger than 3dB (returned value is
nonzero) then declare current subframe as periodic. */
i = long_term_filter(adsp, pitch_delay_int,
residual, residual_filt_buf + 10,
Reported by FlawFinder.
Line: 565
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_celp_lp_synthesis_filter(pos_filter_data + 10, lp_gd + 1,
residual_filt_buf + 10,
subframe_size, 10, 0, 0, 0x800);
memcpy(pos_filter_data, pos_filter_data + subframe_size, 10 * sizeof(int16_t));
*ht_prev_data = apply_tilt_comp(speech, pos_filter_data + 10, tilt_comp_coeff,
subframe_size, *ht_prev_data);
}
Reported by FlawFinder.