The following issues were found
libavfilter/vf_fieldorder.c
4 issues
Line: 122
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* penultimate line from that field. */
for (line = 0; line < h; line++) {
if (1 + line < frame->height) {
memcpy(dst, src + src_line_step, line_size);
} else {
memcpy(dst, src - 2 * src_line_step, line_size);
}
dst += dst_line_step;
src += src_line_step;
Reported by FlawFinder.
Line: 124
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (1 + line < frame->height) {
memcpy(dst, src + src_line_step, line_size);
} else {
memcpy(dst, src - 2 * src_line_step, line_size);
}
dst += dst_line_step;
src += src_line_step;
}
} else {
Reported by FlawFinder.
Line: 139
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src += (h - 1) * src_line_step;
for (line = h - 1; line >= 0 ; line--) {
if (line > 0) {
memcpy(dst, src - src_line_step, line_size);
} else {
memcpy(dst, src + 2 * src_line_step, line_size);
}
dst -= dst_line_step;
src -= src_line_step;
Reported by FlawFinder.
Line: 141
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (line > 0) {
memcpy(dst, src - src_line_step, line_size);
} else {
memcpy(dst, src + 2 * src_line_step, line_size);
}
dst -= dst_line_step;
src -= src_line_step;
}
}
Reported by FlawFinder.
libavcodec/librav1e.c
4 issues
Line: 126
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ctx->pass_data = tmp;
memcpy(ctx->pass_data + ctx->pass_pos, buf->data, buf->len);
ctx->pass_pos += buf->len;
} else {
size_t b64_size = AV_BASE64_SIZE(ctx->pass_pos);
memcpy(ctx->pass_data, buf->data, buf->len);
Reported by FlawFinder.
Line: 131
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
size_t b64_size = AV_BASE64_SIZE(ctx->pass_pos);
memcpy(ctx->pass_data, buf->data, buf->len);
avctx->stats_out = av_malloc(b64_size);
if (!avctx->stats_out) {
rav1e_data_unref(buf);
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 543
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(pkt->data, rpkt->data, rpkt->len);
if (rpkt->frame_type == RA_FRAME_TYPE_KEY)
pkt->flags |= AV_PKT_FLAG_KEY;
pkt->pts = pkt->dts = *((int64_t *) rpkt->opaque);
Reported by FlawFinder.
Line: 231
Column: 27
CWE codes:
126
goto end;
}
ctx->pass_size = (strlen(avctx->stats_in) * 3) / 4;
ctx->pass_data = av_malloc(ctx->pass_size);
if (!ctx->pass_data) {
av_log(avctx, AV_LOG_ERROR, "Could not allocate stats buffer.\n");
ret = AVERROR(ENOMEM);
goto end;
Reported by FlawFinder.
libavcodec/libopusenc.c
4 issues
Line: 200
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"No channel layout specified. Opus encoder will use Vorbis "
"channel layout for %d channels.\n", avctx->channels);
} else if (avctx->channel_layout != ff_vorbis_channel_layouts[avctx->channels - 1]) {
char name[32];
av_get_channel_layout_string(name, sizeof(name), avctx->channels,
avctx->channel_layout);
av_log(avctx, AV_LOG_ERROR,
"Invalid channel layout %s for specified mapping family %d.\n",
name, mapping_family);
Reported by FlawFinder.
Line: 354
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mapping_family = avctx->channels > 2 ? 1 : 0;
coupled_stream_count = opus_coupled_streams[avctx->channels - 1];
opus->stream_count = avctx->channels - coupled_stream_count;
memcpy(libopus_channel_mapping,
opus_vorbis_channel_map[avctx->channels - 1],
avctx->channels * sizeof(*libopus_channel_mapping));
enc = opus_multistream_encoder_create(
avctx->sample_rate, avctx->channels, opus->stream_count,
Reported by FlawFinder.
Line: 449
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t src_pos = bytes_per_sample * (nb_channels * sample + channel);
const size_t dst_pos = bytes_per_sample * (nb_channels * sample + channel_map[channel]);
memcpy(&dst[dst_pos], &src[src_pos], bytes_per_sample);
}
}
}
static int libopus_encode(AVCodecContext *avctx, AVPacket *avpkt,
Reported by FlawFinder.
Line: 475
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avctx->channels, frame->nb_samples, bytes_per_sample);
} else if (frame->nb_samples < opus->opts.packet_size) {
audio = opus->samples;
memcpy(audio, frame->data[0], frame->nb_samples * sample_size);
} else
audio = frame->data[0];
} else {
if (!opus->afq.remaining_samples || (!opus->afq.frame_alloc && !opus->afq.frame_count))
return 0;
Reported by FlawFinder.
libavcodec/vp3.c
4 issues
Line: 1695
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* from other INTRA blocks. There are 2 golden frame coding types;
* blocks encoding in these modes can only predict from other blocks
* that were encoded with these 1 of these 2 modes. */
static const unsigned char compatible_frame[9] = {
1, /* MODE_INTER_NO_MV */
0, /* MODE_INTRA */
1, /* MODE_INTER_PLUS_MV */
1, /* MODE_INTER_LAST_MV */
1, /* MODE_INTER_PRIOR_MV */
Reported by FlawFinder.
Line: 2058
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < 9; i++)
memcpy(temp + i*stride, loop + (i + 1) * loop_stride + 1, 9);
return 1;
}
#endif
Reported by FlawFinder.
Line: 3041
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
plj = (plane + 2) % 3;
}
s->qr_count[inter][plane] = s->qr_count[qtj][plj];
memcpy(s->qr_size[inter][plane], s->qr_size[qtj][plj],
sizeof(s->qr_size[0][0]));
memcpy(s->qr_base[inter][plane], s->qr_base[qtj][plj],
sizeof(s->qr_base[0][0]));
} else {
int qri = 0;
Reported by FlawFinder.
Line: 3043
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->qr_count[inter][plane] = s->qr_count[qtj][plj];
memcpy(s->qr_size[inter][plane], s->qr_size[qtj][plj],
sizeof(s->qr_size[0][0]));
memcpy(s->qr_base[inter][plane], s->qr_base[qtj][plj],
sizeof(s->qr_base[0][0]));
} else {
int qri = 0;
int qi = 0;
Reported by FlawFinder.
libavcodec/tiffenc.c
4 issues
Line: 190
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case TIFF_RAW:
if (check_size(s, n))
return AVERROR(EINVAL);
memcpy(dst, src, n);
return n;
case TIFF_PACKBITS:
return ff_rle_encode(dst, s->buf_size - (*s->buf - s->buf_start),
src, 1, n, 2, 0xff, -1, 0);
case TIFF_LZW:
Reported by FlawFinder.
Line: 395
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < s->rps; j++) {
if (is_yuv) {
pack_yuv(s, p, s->yuv_line, j);
memcpy(zbuf + zn, s->yuv_line, bytes_per_row);
j += s->subsampling[1] - 1;
} else
memcpy(zbuf + j * bytes_per_row,
p->data[0] + j * p->linesize[0], bytes_per_row);
zn += bytes_per_row;
Reported by FlawFinder.
Line: 398
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(zbuf + zn, s->yuv_line, bytes_per_row);
j += s->subsampling[1] - 1;
} else
memcpy(zbuf + j * bytes_per_row,
p->data[0] + j * p->linesize[0], bytes_per_row);
zn += bytes_per_row;
}
ret = encode_strip(s, zbuf, ptr, zn, s->compr);
av_free(zbuf);
Reported by FlawFinder.
Line: 484
Column: 19
CWE codes:
126
if (!(avctx->flags & AV_CODEC_FLAG_BITEXACT))
ADD_ENTRY(s, TIFF_SOFTWARE_NAME, TIFF_STRING,
strlen(LIBAVCODEC_IDENT) + 1, LIBAVCODEC_IDENT);
if (avctx->pix_fmt == AV_PIX_FMT_PAL8) {
uint16_t pal[256 * 3];
for (i = 0; i < 256; i++) {
uint32_t rgb = *(uint32_t *) (p->data[1] + i * 4);
Reported by FlawFinder.
libavformat/tls_schannel.c
4 issues
Line: 203
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
memcpy(inbuf[0].pvBuffer, c->enc_buf, c->enc_buf_offset);
/* output buffers */
init_sec_buffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
init_sec_buffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
init_sec_buffer(&outbuf[2], SECBUFFER_EMPTY, NULL, 0);
Reported by FlawFinder.
Line: 463
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy decrypted data to buffer */
size = inbuf[1].cbBuffer;
if (size) {
memcpy(c->dec_buf + c->dec_buf_offset, inbuf[1].pvBuffer, size);
c->dec_buf_offset += size;
}
}
if (inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
if (c->enc_buf_offset > inbuf[3].cbBuffer) {
Reported by FlawFinder.
Line: 514
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cleanup:
size = FFMIN(len, c->dec_buf_offset);
if (size) {
memcpy(buf, c->dec_buf, size);
memmove(c->dec_buf, c->dec_buf + size, c->dec_buf_offset - size);
c->dec_buf_offset -= size;
return size;
}
Reported by FlawFinder.
Line: 561
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
init_sec_buffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
init_sec_buffer_desc(&outbuf_desc, outbuf, 4);
memcpy(outbuf[1].pvBuffer, buf, len);
sspi_ret = EncryptMessage(&c->ctxt_handle, 0, &outbuf_desc, 0);
if (sspi_ret == SEC_E_OK) {
len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
ret = ffurl_write(s->tcp, data, len);
Reported by FlawFinder.
libavformat/rtpenc_h264_hevc.c
3 issues
Line: 94
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
AV_WB16(s->buf_ptr, size);
s->buf_ptr += 2;
memcpy(s->buf_ptr, buf, size);
s->buf_ptr += size;
s->buffered_nals++;
} else {
flush_buffered(s1, 0);
ff_rtp_send_data(s1, buf, size, last);
Reported by FlawFinder.
Line: 168
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
while (size + header_size > s->max_payload_size) {
memcpy(&s->buf[header_size], buf, s->max_payload_size - header_size);
ff_rtp_send_data(s1, s->buf, s->max_payload_size, 0);
buf += s->max_payload_size - header_size;
size -= s->max_payload_size - header_size;
s->buf[flag_byte] &= ~(1 << 7);
}
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->buf[flag_byte] &= ~(1 << 7);
}
s->buf[flag_byte] |= 1 << 6;
memcpy(&s->buf[header_size], buf, size);
ff_rtp_send_data(s1, s->buf, size + header_size, last);
}
}
void ff_rtp_send_h264_hevc(AVFormatContext *s1, const uint8_t *buf1, int size)
Reported by FlawFinder.
libavfilter/vf_deshake.c
3 issues
Line: 356
Column: 23
CWE codes:
362
}
if (deshake->filename)
deshake->fp = fopen(deshake->filename, "w");
if (deshake->fp)
fwrite("Ori x, Avg x, Fin x, Ori y, Avg y, Fin y, Ori angle, Avg angle, Fin angle, Ori zoom, Avg zoom, Fin zoom\n", 1, 104, deshake->fp);
// Quadword align left edge of box for MMX code, adjust width if necessary
// to keep right margin
Reported by FlawFinder.
Line: 416
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Transform t = {{0},0}, orig = {{0},0};
float matrix_y[9], matrix_uv[9];
float alpha = 2.0 / deshake->refcount;
char tmp[256];
int ret = 0;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(link->format);
const int chroma_width = AV_CEIL_RSHIFT(link->w, desc->log2_chroma_w);
const int chroma_height = AV_CEIL_RSHIFT(link->h, desc->log2_chroma_h);
int aligned;
Reported by FlawFinder.
Line: 486
Column: 24
CWE codes:
126
// Write statistics to file
if (deshake->fp) {
snprintf(tmp, 256, "%f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f\n", orig.vec.x, deshake->avg.vec.x, t.vec.x, orig.vec.y, deshake->avg.vec.y, t.vec.y, orig.angle, deshake->avg.angle, t.angle, orig.zoom, deshake->avg.zoom, t.zoom);
fwrite(tmp, 1, strlen(tmp), deshake->fp);
}
// Turn relative current frame motion into absolute by adding it to the
// last absolute motion
t.vec.x += deshake->last.vec.x;
Reported by FlawFinder.
libavcodec/012v.c
3 issues
Line: 133
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
y = x + (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
memcpy(y, y_temp, sizeof(*y) * (width - x));
memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
}
line_end += stride;
Reported by FlawFinder.
Line: 134
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
memcpy(y, y_temp, sizeof(*y) * (width - x));
memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
}
line_end += stride;
src = line_end - stride;
Reported by FlawFinder.
Line: 135
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
memcpy(y, y_temp, sizeof(*y) * (width - x));
memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
}
line_end += stride;
src = line_end - stride;
}
Reported by FlawFinder.
libavfilter/vf_avgblur_vulkan.c
3 issues
Line: 288
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
0, NULL, 0, NULL, FF_ARRAY_ELEMS(bar), bar);
in->layout[i] = bar[0].newLayout;
in->access[i] = bar[0].dstAccessMask;
tmp->layout[i] = bar[1].newLayout;
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
Reported by FlawFinder.
Line: 291
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
in->access[i] = bar[0].dstAccessMask;
tmp->layout[i] = bar[1].newLayout;
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
out->access[i] = bar[2].dstAccessMask;
}
Reported by FlawFinder.
Line: 294
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
out->access[i] = bar[2].dstAccessMask;
}
ff_vk_bind_pipeline_exec(avctx, s->exec, s->pl_hor);
vkCmdDispatch(cmd_buf, FFALIGN(s->vkctx.output_width, CGS)/CGS,
Reported by FlawFinder.