The following issues were found
libavcodec/aacps_common.c
4 issues
Line: 231
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int b;
if (source >= 0 && source != ps->num_env) {
if (ps->enable_iid) {
memcpy(ps->iid_par+ps->num_env, ps->iid_par+source, sizeof(ps->iid_par[0]));
}
if (ps->enable_icc) {
memcpy(ps->icc_par+ps->num_env, ps->icc_par+source, sizeof(ps->icc_par[0]));
}
if (ps->enable_ipdopd) {
Reported by FlawFinder.
Line: 234
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ps->iid_par+ps->num_env, ps->iid_par+source, sizeof(ps->iid_par[0]));
}
if (ps->enable_icc) {
memcpy(ps->icc_par+ps->num_env, ps->icc_par+source, sizeof(ps->icc_par[0]));
}
if (ps->enable_ipdopd) {
memcpy(ps->ipd_par+ps->num_env, ps->ipd_par+source, sizeof(ps->ipd_par[0]));
memcpy(ps->opd_par+ps->num_env, ps->opd_par+source, sizeof(ps->opd_par[0]));
}
Reported by FlawFinder.
Line: 237
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ps->icc_par+ps->num_env, ps->icc_par+source, sizeof(ps->icc_par[0]));
}
if (ps->enable_ipdopd) {
memcpy(ps->ipd_par+ps->num_env, ps->ipd_par+source, sizeof(ps->ipd_par[0]));
memcpy(ps->opd_par+ps->num_env, ps->opd_par+source, sizeof(ps->opd_par[0]));
}
}
if (ps->enable_iid){
for (b = 0; b < ps->nr_iid_par; b++) {
Reported by FlawFinder.
Line: 238
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ps->enable_ipdopd) {
memcpy(ps->ipd_par+ps->num_env, ps->ipd_par+source, sizeof(ps->ipd_par[0]));
memcpy(ps->opd_par+ps->num_env, ps->opd_par+source, sizeof(ps->opd_par[0]));
}
}
if (ps->enable_iid){
for (b = 0; b < ps->nr_iid_par; b++) {
if (FFABS(ps->iid_par[ps->num_env][b]) > 7 + 8 * ps->iid_quant) {
Reported by FlawFinder.
libavformat/amr.c
4 issues
Line: 119
Column: 9
CWE codes:
120
20
static int amr_read_packet(AVFormatContext *s, AVPacket *pkt)
{
AVCodecParameters *par = s->streams[0]->codecpar;
int read, size = 0, toc, mode;
int64_t pos = avio_tell(s->pb);
AMRContext *amr = s->priv_data;
if (avio_feof(s->pb)) {
return AVERROR_EOF;
Reported by FlawFinder.
Line: 152
Column: 9
CWE codes:
120
20
pkt->duration = par->codec_id == AV_CODEC_ID_AMR_NB ? 160 : 320;
read = avio_read(s->pb, pkt->data + 1, size - 1);
if (read != size - 1) {
if (read < 0)
return read;
return AVERROR(EIO);
}
Reported by FlawFinder.
libavcodec/nvenc.c
4 issues
Line: 542
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NvencContext *ctx = avctx->priv_data;
NvencDynLoadFunctions *dl_fn = &ctx->nvenc_dload_funcs;
NV_ENCODE_API_FUNCTION_LIST *p_nvenc = &dl_fn->nvenc_funcs;
char name[128] = { 0};
int major, minor, ret;
CUdevice cu_device;
int loglevel = AV_LOG_VERBOSE;
if (ctx->device == LIST_DEVICES)
Reported by FlawFinder.
Line: 1554
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NVENCSTATUS nv_status;
uint32_t outSize = 0;
char tmpHeader[256];
NV_ENC_SEQUENCE_PARAM_PAYLOAD payload = { 0 };
payload.version = NV_ENC_SEQUENCE_PARAM_PAYLOAD_VER;
payload.spsppsBuffer = tmpHeader;
payload.inBufferSize = sizeof(tmpHeader);
Reported by FlawFinder.
Line: 1574
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(avctx->extradata, tmpHeader, outSize);
return 0;
}
av_cold int ff_nvenc_encode_close(AVCodecContext *avctx)
Reported by FlawFinder.
Line: 2010
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error;
}
memcpy(pkt->data, lock_params.bitstreamBufferPtr, lock_params.bitstreamSizeInBytes);
nv_status = p_nvenc->nvEncUnlockBitstream(ctx->nvencoder, tmpoutsurf->output_surface);
if (nv_status != NV_ENC_SUCCESS) {
res = nvenc_print_error(avctx, nv_status, "Failed unlocking bitstream buffer, expect the gates of mordor to open");
goto error;
Reported by FlawFinder.
doc/examples/vaapi_encode.c
4 issues
Line: 116
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return -1;
}
width = atoi(argv[1]);
height = atoi(argv[2]);
size = width * height;
if (!(fin = fopen(argv[3], "r"))) {
fprintf(stderr, "Fail to open input file : %s\n", strerror(errno));
Reported by FlawFinder.
Line: 117
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
width = atoi(argv[1]);
height = atoi(argv[2]);
size = width * height;
if (!(fin = fopen(argv[3], "r"))) {
fprintf(stderr, "Fail to open input file : %s\n", strerror(errno));
return -1;
Reported by FlawFinder.
Line: 120
Column: 17
CWE codes:
362
height = atoi(argv[2]);
size = width * height;
if (!(fin = fopen(argv[3], "r"))) {
fprintf(stderr, "Fail to open input file : %s\n", strerror(errno));
return -1;
}
if (!(fout = fopen(argv[4], "w+b"))) {
fprintf(stderr, "Fail to open output file : %s\n", strerror(errno));
Reported by FlawFinder.
Line: 124
Column: 18
CWE codes:
362
fprintf(stderr, "Fail to open input file : %s\n", strerror(errno));
return -1;
}
if (!(fout = fopen(argv[4], "w+b"))) {
fprintf(stderr, "Fail to open output file : %s\n", strerror(errno));
err = -1;
goto close;
}
Reported by FlawFinder.
libavformat/srtdec.c
4 issues
Line: 80
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
ei->x1 = ei->x2 = ei->y1 = ei->y2 = ei->duration = -1;
ei->pts = AV_NOPTS_VALUE;
ei->pos = -1;
if (sscanf(line, "%d:%d:%d%*1[,.]%d --> %d:%d:%d%*1[,.]%d"
"%*[ ]X1:%"PRId32" X2:%"PRId32" Y1:%"PRId32" Y2:%"PRId32,
&hh1, &mm1, &ss1, &ms1,
&hh2, &mm2, &ss2, &ms2,
&ei->x1, &ei->x2, &ei->y1, &ei->y2) >= 8) {
const int64_t start = (hh1*3600LL + mm1*60LL + ss1) * 1000LL + ms1;
Reported by FlawFinder.
Line: 179
Column: 17
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (strtol(line, &pline, 10) < 0 || line == pline)
av_bprintf(&buf, "%s\n", line);
else
strcpy(line_cache, line);
} else {
if (has_event_info) {
/* We have the information of previous event, append it to the
* queue. We insert the cached line if and only if the payload
* is empty and the cached line is not a standalone number. */
Reported by FlawFinder.
Line: 36
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int srt_probe(const AVProbeData *p)
{
int v;
char buf[64], *pbuf;
FFTextReader tr;
ff_text_init_buf(&tr, p->buf, p->buf_size);
while (ff_text_peek_r8(&tr) == '\r' || ff_text_peek_r8(&tr) == '\n')
Reported by FlawFinder.
Line: 132
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVBPrint buf;
AVStream *st = avformat_new_stream(s, NULL);
int res = 0;
char line[4096], line_cache[4096];
int has_event_info = 0;
struct event_info ei;
FFTextReader tr;
ff_text_init_avio(s, &tr, s->pb);
Reported by FlawFinder.
libavfilter/vf_vectorscope.c
4 issues
Line: 965
Column: 79
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
}
static void draw_ihtext(AVFrame *out, int x, int y, float o1, float o2, const char *txt, const uint8_t color[4])
{
const uint8_t *font;
int font_height;
int i, plane;
Reported by FlawFinder.
Line: 990
Column: 81
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static void draw_ihtext16(AVFrame *out, int x, int y, float o1, float o2, const char *txt, const uint16_t color[4])
{
const uint8_t *font;
int font_height;
int i, plane;
Reported by FlawFinder.
Line: 1016
Column: 78
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static void draw_htext(AVFrame *out, int x, int y, float o1, float o2, const char *txt, const uint8_t color[4])
{
const uint8_t *font;
int font_height;
int i, plane;
Reported by FlawFinder.
Line: 1042
Column: 80
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static void draw_htext16(AVFrame *out, int x, int y, float o1, float o2, const char *txt, const uint16_t color[4])
{
const uint8_t *font;
int font_height;
int i, plane;
Reported by FlawFinder.
libavcodec/exrenc.c
4 issues
Line: 55
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXR_UNKNOWN,
};
static const char abgr_chlist[4] = { 'A', 'B', 'G', 'R' };
static const char bgr_chlist[4] = { 'B', 'G', 'R', 'A' };
static const uint8_t gbra_order[4] = { 3, 1, 0, 2 };
static const uint8_t gbr_order[4] = { 1, 0, 2, 0 };
typedef struct EXRScanlineData {
Reported by FlawFinder.
Line: 56
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static const char abgr_chlist[4] = { 'A', 'B', 'G', 'R' };
static const char bgr_chlist[4] = { 'B', 'G', 'R', 'A' };
static const uint8_t gbra_order[4] = { 3, 1, 0, 2 };
static const uint8_t gbr_order[4] = { 1, 0, 2, 0 };
typedef struct EXRScanlineData {
uint8_t *compressed_data;
Reported by FlawFinder.
Line: 241
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int p = 0; p < s->planes; p++) {
int ch = s->ch_order[p];
memcpy(scanline->uncompressed_data + frame->width * 4 * p,
frame->data[ch] + y * frame->linesize[ch], frame->width * 4);
}
break;
case EXR_HALF:
for (int p = 0; p < s->planes; p++) {
Reported by FlawFinder.
Line: 304
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int p = 0; p < s->planes; p++) {
int ch = s->ch_order[p];
memcpy(scanline->uncompressed_data + scanline_size * l + p * frame->width * 4,
frame->data[ch] + (y * s->scanline_height + l) * frame->linesize[ch],
frame->width * 4);
}
}
break;
Reported by FlawFinder.
libavfilter/vf_tonemap_opencl.c
4 issues
Line: 73
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cl_mem util_mem;
} TonemapOpenCLContext;
static const char *const linearize_funcs[AVCOL_TRC_NB] = {
[AVCOL_TRC_SMPTE2084] = "eotf_st2084",
[AVCOL_TRC_ARIB_STD_B67] = "inverse_oetf_hlg",
};
static const char *const delinearize_funcs[AVCOL_TRC_NB] = {
Reported by FlawFinder.
Line: 78
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[AVCOL_TRC_ARIB_STD_B67] = "inverse_oetf_hlg",
};
static const char *const delinearize_funcs[AVCOL_TRC_NB] = {
[AVCOL_TRC_BT709] = "inverse_eotf_bt1886",
[AVCOL_TRC_BT2020_10] = "inverse_eotf_bt1886",
};
static const struct PrimaryCoefficients primaries_table[AVCOL_PRI_NB] = {
Reported by FlawFinder.
Line: 93
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[AVCOL_PRI_BT2020] = { 0.3127, 0.3290 },
};
static const char *const tonemap_func[TONEMAP_MAX] = {
[TONEMAP_NONE] = "direct",
[TONEMAP_LINEAR] = "linear",
[TONEMAP_GAMMA] = "gamma",
[TONEMAP_CLIP] = "clip",
[TONEMAP_REINHARD] = "reinhard",
Reported by FlawFinder.
Line: 127
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cl_int cle;
int err;
AVBPrint header;
const char *opencl_sources[OPENCL_SOURCE_NB];
av_bprint_init(&header, 1024, AV_BPRINT_SIZE_AUTOMATIC);
switch(ctx->tonemap) {
case TONEMAP_GAMMA:
Reported by FlawFinder.
libavcodec/msvideo1.c
4 issues
Line: 74
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->mode_8bit = 1;
avctx->pix_fmt = AV_PIX_FMT_PAL8;
if (avctx->extradata_size >= AVPALETTE_SIZE)
memcpy(s->pal, avctx->extradata, AVPALETTE_SIZE);
} else {
s->mode_8bit = 0;
avctx->pix_fmt = AV_PIX_FMT_RGB555;
}
Reported by FlawFinder.
Line: 102
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char byte_a, byte_b;
unsigned short flags;
int skip_blocks;
unsigned char colors[8];
unsigned char *pixels = s->frame->data[0];
int stride = s->frame->linesize[0];
stream_ptr = 0;
skip_blocks = 0;
Reported by FlawFinder.
Line: 156
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flags = (byte_b << 8) | byte_a;
CHECK_STREAM_PTR(8);
memcpy(colors, &s->buf[stream_ptr], 8);
stream_ptr += 8;
for (pixel_y = 0; pixel_y < 4; pixel_y++) {
for (pixel_x = 0; pixel_x < 4; pixel_x++, flags >>= 1)
pixels[pixel_ptr++] =
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* make the palette available on the way out */
if (s->avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE);
}
static void msvideo1_decode_16bit(Msvideo1Context *s)
{
int block_ptr, pixel_ptr;
Reported by FlawFinder.
libavcodec/truemotion1.c
4 issues
Line: 155
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (delta_table_index > 3)
return;
memcpy(s->ydt, ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->cdt, cdts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_ydt, fat_ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_cdt, fat_cdts[delta_table_index], 8 * sizeof(int16_t));
/* Y skinny deltas need to be halved for some reason; maybe the
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
memcpy(s->ydt, ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->cdt, cdts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_ydt, fat_ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_cdt, fat_cdts[delta_table_index], 8 * sizeof(int16_t));
/* Y skinny deltas need to be halved for some reason; maybe the
* skinny Y deltas should be modified */
Reported by FlawFinder.
Line: 157
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(s->ydt, ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->cdt, cdts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_ydt, fat_ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_cdt, fat_cdts[delta_table_index], 8 * sizeof(int16_t));
/* Y skinny deltas need to be halved for some reason; maybe the
* skinny Y deltas should be modified */
for (i = 0; i < 8; i++)
Reported by FlawFinder.
Line: 158
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(s->ydt, ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->cdt, cdts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_ydt, fat_ydts[delta_table_index], 8 * sizeof(int16_t));
memcpy(s->fat_cdt, fat_cdts[delta_table_index], 8 * sizeof(int16_t));
/* Y skinny deltas need to be halved for some reason; maybe the
* skinny Y deltas should be modified */
for (i = 0; i < 8; i++)
{
Reported by FlawFinder.