The following issues were found
libavfilter/vf_deshake.c
3 issues
Line: 356
Column: 23
CWE codes:
362
}
if (deshake->filename)
deshake->fp = fopen(deshake->filename, "w");
if (deshake->fp)
fwrite("Ori x, Avg x, Fin x, Ori y, Avg y, Fin y, Ori angle, Avg angle, Fin angle, Ori zoom, Avg zoom, Fin zoom\n", 1, 104, deshake->fp);
// Quadword align left edge of box for MMX code, adjust width if necessary
// to keep right margin
Reported by FlawFinder.
Line: 416
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Transform t = {{0},0}, orig = {{0},0};
float matrix_y[9], matrix_uv[9];
float alpha = 2.0 / deshake->refcount;
char tmp[256];
int ret = 0;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(link->format);
const int chroma_width = AV_CEIL_RSHIFT(link->w, desc->log2_chroma_w);
const int chroma_height = AV_CEIL_RSHIFT(link->h, desc->log2_chroma_h);
int aligned;
Reported by FlawFinder.
Line: 486
Column: 24
CWE codes:
126
// Write statistics to file
if (deshake->fp) {
snprintf(tmp, 256, "%f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f\n", orig.vec.x, deshake->avg.vec.x, t.vec.x, orig.vec.y, deshake->avg.vec.y, t.vec.y, orig.angle, deshake->avg.angle, t.angle, orig.zoom, deshake->avg.zoom, t.zoom);
fwrite(tmp, 1, strlen(tmp), deshake->fp);
}
// Turn relative current frame motion into absolute by adding it to the
// last absolute motion
t.vec.x += deshake->last.vec.x;
Reported by FlawFinder.
libavformat/rtspenc.c
3 issues
Line: 52
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
char *sdp;
AVFormatContext sdp_ctx, *ctx_array[1];
char url[MAX_URL_SIZE];
if (s->start_time_realtime == 0 || s->start_time_realtime == AV_NOPTS_VALUE)
s->start_time_realtime = av_gettime();
/* Announce the stream */
Reported by FlawFinder.
Line: 114
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
RTSPState *rt = s->priv_data;
RTSPMessageHeader reply1, *reply = &reply1;
char cmd[MAX_URL_SIZE];
snprintf(cmd, sizeof(cmd),
"Range: npt=0.000-\r\n");
ff_rtsp_send_cmd(s, "RECORD", rt->control_uri, cmd, reply, NULL);
if (reply->status_code != RTSP_STATUS_OK)
Reported by FlawFinder.
Line: 85
Column: 53
CWE codes:
126
av_log(s, AV_LOG_VERBOSE, "SDP:\n%s\n", sdp);
ff_rtsp_send_cmd_with_content(s, "ANNOUNCE", rt->control_uri,
"Content-Type: application/sdp\r\n",
reply, NULL, sdp, strlen(sdp));
av_free(sdp);
if (reply->status_code != RTSP_STATUS_OK)
return ff_rtsp_averror(reply->status_code, AVERROR_INVALIDDATA);
/* Set up the RTSPStreams for each AVStream */
Reported by FlawFinder.
libavformat/sapdec.c
3 issues
Line: 65
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sap_read_header(AVFormatContext *s)
{
struct SAPState *sap = s->priv_data;
char host[1024], path[1024], url[1024];
uint8_t recvbuf[RTP_MAX_PACKET_LENGTH];
const AVInputFormat *infmt;
int port;
int ret, i;
Reported by FlawFinder.
Line: 133
Column: 20
CWE codes:
126
}
#define MIME "application/sdp"
if (strcmp(&recvbuf[pos], MIME) == 0) {
pos += strlen(MIME) + 1;
} else if (strncmp(&recvbuf[pos], "v=0\r\n", 5) == 0) {
// Direct SDP without a mime type
} else {
av_log(s, AV_LOG_WARNING, "Unsupported mime type %s\n",
&recvbuf[pos]);
Reported by FlawFinder.
Line: 151
Column: 47
CWE codes:
126
}
av_log(s, AV_LOG_VERBOSE, "SDP:\n%s\n", sap->sdp);
ffio_init_context(&sap->sdp_pb, sap->sdp, strlen(sap->sdp), 0, NULL, NULL,
NULL, NULL);
infmt = av_find_input_format("sdp");
if (!infmt)
goto fail;
Reported by FlawFinder.
libavcodec/kmvc.c
3 issues
Line: 314
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* make the palette available on the way out */
memcpy(frame->data[1], ctx->pal, 1024);
blocksize = bytestream2_get_byte(&ctx->g);
if (blocksize != 8 && blocksize != 127) {
av_log(avctx, AV_LOG_ERROR, "Block size = %i\n", blocksize);
Reported by FlawFinder.
Line: 326
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (header & KMVC_METHOD) {
case 0:
case 1: // used in palette changed event
memcpy(ctx->cur, ctx->prev, 320 * 200);
break;
case 3:
kmvc_decode_intra_8x8(ctx, avctx->width, avctx->height);
break;
case 4:
Reported by FlawFinder.
Line: 342
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out = frame->data[0];
src = ctx->cur;
for (i = 0; i < avctx->height; i++) {
memcpy(out, src, avctx->width);
src += 320;
out += frame->linesize[0];
}
/* flip buffers */
Reported by FlawFinder.
libavcodec/cri.c
3 issues
Line: 189
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bytestream2_init(gb, avpkt->data, avpkt->size);
while (bytestream2_get_bytes_left(gb) > 8) {
char codec_name[1024];
uint32_t key, length;
float framerate;
int width, height;
key = bytestream2_get_le32(gb);
Reported by FlawFinder.
Line: 388
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint16_t *dst = (uint16_t *)(p->data[0] + (y * 2) * p->linesize[0] + tile * hw * 2);
const uint16_t *src = (const uint16_t *)(s->jpgframe->data[0] + y * s->jpgframe->linesize[0]);
memcpy(dst, src, hw * 2);
src += hw;
dst += p->linesize[0] / 2;
memcpy(dst, src, hw * 2);
}
Reported by FlawFinder.
Line: 391
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, src, hw * 2);
src += hw;
dst += p->linesize[0] / 2;
memcpy(dst, src, hw * 2);
}
av_frame_unref(s->jpgframe);
offset += s->tile_size[tile];
}
Reported by FlawFinder.
libavcodec/jacosubdec.c
3 issues
Line: 45
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int insert_datetime(AVBPrint *dst, const char *in, const char *arg)
{
char buf[16] = {0};
time_t now = time(0);
struct tm ltime;
localtime_r(&now, <ime);
if (strftime(buf, sizeof(buf), arg, <ime))
Reported by FlawFinder.
Line: 99
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i, valign = 0, halign = 0;
char c = av_toupper(*src);
char directives[128] = {0};
/* extract the optional directives */
if ((c >= 'A' && c <= 'Z') || c == '[') {
char *p = directives;
char *pend = directives + sizeof(directives) - 1;
Reported by FlawFinder.
Line: 150
Column: 34
CWE codes:
126
for (i = 0; i < FF_ARRAY_ELEMS(ass_codes_map); i++) {
const char *from = ass_codes_map[i].from;
const char *arg = ass_codes_map[i].arg;
size_t codemap_len = strlen(from);
if (!strncmp(src, from, codemap_len)) {
src += codemap_len;
src += ass_codes_map[i].func(dst, src, arg);
break;
Reported by FlawFinder.
libavcodec/j2kenc.c
3 issues
Line: 150
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* debug */
#if 0
#undef ifprintf
#undef printf
static void nspaces(FILE *fd, int n)
{
while(n--) putc(' ', fd);
}
Reported by FlawFinder.
Line: 389
Column: 20
CWE codes:
126
static int put_com(Jpeg2000EncoderContext *s, int compno)
{
int size = 4 + strlen(LIBAVCODEC_IDENT);
if (s->avctx->flags & AV_CODEC_FLAG_BITEXACT)
return 0;
if (s->buf_end - s->buf < size + 2)
Reported by FlawFinder.
Line: 401
Column: 54
CWE codes:
126
bytestream_put_be16(&s->buf, size);
bytestream_put_be16(&s->buf, 1); // General use (ISO/IEC 8859-15 (Latin) values)
bytestream_put_buffer(&s->buf, LIBAVCODEC_IDENT, strlen(LIBAVCODEC_IDENT));
return 0;
}
static uint8_t *put_sot(Jpeg2000EncoderContext *s, int tileno)
Reported by FlawFinder.
libavcodec/ivi.c
3 issues
Line: 110
CWE codes:
476
mc(band->buf + offs, band->b_ref_buf + ref_offs2,
band->pitch, mc_type2);
else
mc_avg(band->buf + offs, band->ref_buf + ref_offs,
band->b_ref_buf + ref_offs2, band->pitch,
mc_type, mc_type2);
}
return 0;
Reported by Cppcheck.
Line: 193
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void ivi_huff_desc_copy(IVIHuffDesc *dst, const IVIHuffDesc *src)
{
dst->num_rows = src->num_rows;
memcpy(dst->xbits, src->xbits, src->num_rows);
}
/*
* Compare two huffman codebook descriptors.
*
Reported by FlawFinder.
Line: 863
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = band->ref_buf + tile->ypos * pitch + tile->xpos;
dst = band->buf + tile->ypos * pitch + tile->xpos;
for (y = 0; y < tile->height; y++) {
memcpy(dst, src, tile->width*sizeof(band->buf[0]));
src += pitch;
dst += pitch;
}
}
Reported by FlawFinder.
libavcodec/cngdec.c
3 issues
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FFSWAP(float*, next, cur);
}
if (cur != lpc)
memcpy(lpc, cur, sizeof(*lpc) * order);
}
static void cng_decode_flush(AVCodecContext *avctx)
{
CNGContext *p = avctx->priv_data;
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->refl_coef[i] = 0.6 *p->refl_coef[i] + 0.4 * p->target_refl_coef[i];
} else {
p->energy = p->target_energy;
memcpy(p->refl_coef, p->target_refl_coef, p->order * sizeof(*p->refl_coef));
p->inited = 1;
}
make_lpc_coefs(p->lpc_coef, p->refl_coef, p->order);
for (i = 0; i < p->order; i++)
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf_out = (int16_t *)frame->data[0];
for (i = 0; i < avctx->frame_size; i++)
buf_out[i] = av_clip_int16(p->filter_out[i + p->order]);
memcpy(p->filter_out, p->filter_out + avctx->frame_size,
p->order * sizeof(*p->filter_out));
*got_frame_ptr = 1;
return buf_size;
Reported by FlawFinder.
libavformat/rtpenc_h264_hevc.c
3 issues
Line: 94
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
AV_WB16(s->buf_ptr, size);
s->buf_ptr += 2;
memcpy(s->buf_ptr, buf, size);
s->buf_ptr += size;
s->buffered_nals++;
} else {
flush_buffered(s1, 0);
ff_rtp_send_data(s1, buf, size, last);
Reported by FlawFinder.
Line: 168
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
while (size + header_size > s->max_payload_size) {
memcpy(&s->buf[header_size], buf, s->max_payload_size - header_size);
ff_rtp_send_data(s1, s->buf, s->max_payload_size, 0);
buf += s->max_payload_size - header_size;
size -= s->max_payload_size - header_size;
s->buf[flag_byte] &= ~(1 << 7);
}
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->buf[flag_byte] &= ~(1 << 7);
}
s->buf[flag_byte] |= 1 << 6;
memcpy(&s->buf[header_size], buf, size);
ff_rtp_send_data(s1, s->buf, size + header_size, last);
}
}
void ff_rtp_send_h264_hevc(AVFormatContext *s1, const uint8_t *buf1, int size)
Reported by FlawFinder.