The following issues were found
libavformat/rtpenc_h264_hevc.c
3 issues
Line: 94
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
AV_WB16(s->buf_ptr, size);
s->buf_ptr += 2;
memcpy(s->buf_ptr, buf, size);
s->buf_ptr += size;
s->buffered_nals++;
} else {
flush_buffered(s1, 0);
ff_rtp_send_data(s1, buf, size, last);
Reported by FlawFinder.
Line: 168
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
while (size + header_size > s->max_payload_size) {
memcpy(&s->buf[header_size], buf, s->max_payload_size - header_size);
ff_rtp_send_data(s1, s->buf, s->max_payload_size, 0);
buf += s->max_payload_size - header_size;
size -= s->max_payload_size - header_size;
s->buf[flag_byte] &= ~(1 << 7);
}
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->buf[flag_byte] &= ~(1 << 7);
}
s->buf[flag_byte] |= 1 << 6;
memcpy(&s->buf[header_size], buf, size);
ff_rtp_send_data(s1, s->buf, size + header_size, last);
}
}
void ff_rtp_send_h264_hevc(AVFormatContext *s1, const uint8_t *buf1, int size)
Reported by FlawFinder.
libavcodec/cbs_mpeg2.c
3 issues
Line: 329
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// memcpy can be used to improve performance.
// This is the normal case.
flush_put_bits(pbc);
memcpy(put_bits_ptr(pbc), pos, rest);
skip_put_bytes(pbc, rest);
} else {
// If not, we have to copy manually:
for (; rest > 3; rest -= 4, pos += 4)
put_bits32(pbc, AV_RB32(pos));
Reported by FlawFinder.
Line: 381
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data[dp++] = 0;
data[dp++] = 1;
memcpy(data + dp, unit->data, unit->data_size);
dp += unit->data_size;
}
av_assert0(dp == size);
Reported by FlawFinder.
Line: 65
Column: 19
CWE codes:
120
20
#define READ
#define READWRITE read
#define RWContext GetBitContext
#define xuia(width, string, var, range_min, range_max, subs, ...) do { \
uint32_t value; \
CHECK(ff_cbs_read_unsigned(ctx, rw, width, string, \
Reported by FlawFinder.
libavfilter/vf_deshake.c
3 issues
Line: 356
Column: 23
CWE codes:
362
}
if (deshake->filename)
deshake->fp = fopen(deshake->filename, "w");
if (deshake->fp)
fwrite("Ori x, Avg x, Fin x, Ori y, Avg y, Fin y, Ori angle, Avg angle, Fin angle, Ori zoom, Avg zoom, Fin zoom\n", 1, 104, deshake->fp);
// Quadword align left edge of box for MMX code, adjust width if necessary
// to keep right margin
Reported by FlawFinder.
Line: 416
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Transform t = {{0},0}, orig = {{0},0};
float matrix_y[9], matrix_uv[9];
float alpha = 2.0 / deshake->refcount;
char tmp[256];
int ret = 0;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(link->format);
const int chroma_width = AV_CEIL_RSHIFT(link->w, desc->log2_chroma_w);
const int chroma_height = AV_CEIL_RSHIFT(link->h, desc->log2_chroma_h);
int aligned;
Reported by FlawFinder.
Line: 486
Column: 24
CWE codes:
126
// Write statistics to file
if (deshake->fp) {
snprintf(tmp, 256, "%f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f, %f\n", orig.vec.x, deshake->avg.vec.x, t.vec.x, orig.vec.y, deshake->avg.vec.y, t.vec.y, orig.angle, deshake->avg.angle, t.angle, orig.zoom, deshake->avg.zoom, t.zoom);
fwrite(tmp, 1, strlen(tmp), deshake->fp);
}
// Turn relative current frame motion into absolute by adding it to the
// last absolute motion
t.vec.x += deshake->last.vec.x;
Reported by FlawFinder.
libavformat/rtpdec_mpa_robust.c
3 issues
Line: 99
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pkt->stream_index = st->index;
memcpy(pkt->data, buf, adu_size);
data->split_pos += header_size + adu_size;
if (data->split_pos == data->split_buf_size) {
av_freep(&data->split_buf);
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pkt->stream_index = st->index;
memcpy(pkt->data, buf, adu_size);
buf += adu_size;
len -= adu_size;
if (len) {
data->split_buf_size = len;
Reported by FlawFinder.
Line: 142
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_packet_unref(pkt);
return AVERROR(ENOMEM);
}
memcpy(data->split_buf, buf, data->split_buf_size);
return 1;
}
return 0;
} else if (!continuation) { /* && adu_size > len */
/* First fragment */
Reported by FlawFinder.
libavcodec/sga.c
3 issues
Line: 150
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst = frame->data[0] + y * 8 * frame->linesize[0] + x * 8;
if (!flip_x && !flip_y) {
memcpy(tile, tt, 64);
} else if (flip_x && flip_y) {
for (int i = 0; i < 8; i++) {
for (int j = 0; j < 8; j++)
tile[i * 8 + j] = tt[(7 - i) * 8 + 7 - j];
}
Reported by FlawFinder.
Line: 407
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sizeof(s->uncompressed) - offset < size)
return AVERROR_INVALIDDATA;
memcpy(s->uncompressed + offset, gb->buffer, size);
bytestream2_skip(gb, size);
} else {
GetByteContext gb2;
if (bytestream2_get_bytes_left(gb) < size)
Reported by FlawFinder.
Line: 499
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR_INVALIDDATA;
}
memcpy(frame->data[1], s->pal, AVPALETTE_SIZE);
frame->palette_has_changed = 1;
frame->pict_type = AV_PICTURE_TYPE_I;
frame->key_frame = 1;
*got_frame = 1;
Reported by FlawFinder.
libavfilter/formats.c
3 issues
Line: 617
CWE codes:
476
void ff_channel_layouts_changeref(AVFilterChannelLayouts **oldref,
AVFilterChannelLayouts **newref)
{
FORMATS_CHANGEREF(oldref, newref);
}
void ff_formats_changeref(AVFilterFormats **oldref, AVFilterFormats **newref)
{
FORMATS_CHANGEREF(oldref, newref);
Reported by Cppcheck.
Line: 622
CWE codes:
476
void ff_formats_changeref(AVFilterFormats **oldref, AVFilterFormats **newref)
{
FORMATS_CHANGEREF(oldref, newref);
}
#define SET_COMMON_FORMATS(ctx, fmts, ref_fn, unref_fn) \
int count = 0, i; \
\
Reported by Cppcheck.
Line: 395
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MAKE_FORMAT_LIST(AVFilterChannelLayouts,
channel_layouts, nb_channel_layouts);
if (count)
memcpy(formats->channel_layouts, fmts,
sizeof(*formats->channel_layouts) * count);
return formats;
}
Reported by FlawFinder.
libavformat/pjsdec.c
3 issues
Line: 55
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
{
int64_t start, end;
if (sscanf(*line, "%"SCNd64",%"SCNd64, &start, &end) == 2) {
*line += strcspn(*line, "\"");
*line += !!**line;
if (end < start || end - (uint64_t)start > INT_MAX)
return AV_NOPTS_VALUE;
*duration = end - start;
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
st->codecpar->codec_id = AV_CODEC_ID_PJS;
while (!avio_feof(s->pb)) {
char line[4096];
char *p = line;
const int64_t pos = avio_tell(s->pb);
int len = ff_get_line(s->pb, line, sizeof(line));
int64_t pts_start;
int duration;
Reported by FlawFinder.
Line: 95
Column: 57
CWE codes:
126
AVPacket *sub;
p[strcspn(p, "\"")] = 0;
sub = ff_subtitles_queue_insert(&pjs->q, p, strlen(p), 0);
if (!sub)
return AVERROR(ENOMEM);
sub->pos = pos;
sub->pts = pts_start;
sub->duration = duration;
Reported by FlawFinder.
libavcodec/h2645_parse.c
3 issues
Line: 98
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nal->rbsp_buffer = &rbsp->rbsp_buffer[rbsp->rbsp_buffer_size];
dst = nal->rbsp_buffer;
memcpy(dst, src, i);
si = di = i;
while (si + 2 < length) {
// remove escapes (very rare 1:2^22)
if (src[si + 2] > 3) {
dst[di++] = src[si++];
Reported by FlawFinder.
Line: 149
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return si;
}
static const char *const hevc_nal_type_name[64] = {
"TRAIL_N", // HEVC_NAL_TRAIL_N
"TRAIL_R", // HEVC_NAL_TRAIL_R
"TSA_N", // HEVC_NAL_TSA_N
"TSA_R", // HEVC_NAL_TSA_R
"STSA_N", // HEVC_NAL_STSA_N
Reported by FlawFinder.
Line: 222
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return hevc_nal_type_name[nal_type];
}
static const char *const h264_nal_type_name[32] = {
"Unspecified 0", //H264_NAL_UNSPECIFIED
"Coded slice of a non-IDR picture", // H264_NAL_SLICE
"Coded slice data partition A", // H264_NAL_DPA
"Coded slice data partition B", // H264_NAL_DPB
"Coded slice data partition C", // H264_NAL_DPC
Reported by FlawFinder.
libavcodec/cbrt_tablegen.h
3 issues
Line: 43
av_cold void AAC_RENAME(ff_cbrt_tableinit)(void)
{
static double cbrt_tab_dbl[1 << 13];
if (!AAC_RENAME(ff_cbrt_tab)[(1<<13) - 1]) {
int i, j, k;
double cbrt_val;
for (i = 1; i < 1<<13; i++)
cbrt_tab_dbl[i] = 1;
Reported by Cppcheck.
Line: 43
av_cold void AAC_RENAME(ff_cbrt_tableinit)(void)
{
static double cbrt_tab_dbl[1 << 13];
if (!AAC_RENAME(ff_cbrt_tab)[(1<<13) - 1]) {
int i, j, k;
double cbrt_val;
for (i = 1; i < 1<<13; i++)
cbrt_tab_dbl[i] = 1;
Reported by Cppcheck.
Line: 43
av_cold void AAC_RENAME(ff_cbrt_tableinit)(void)
{
static double cbrt_tab_dbl[1 << 13];
if (!AAC_RENAME(ff_cbrt_tab)[(1<<13) - 1]) {
int i, j, k;
double cbrt_val;
for (i = 1; i < 1<<13; i++)
cbrt_tab_dbl[i] = 1;
Reported by Cppcheck.
libavfilter/drawutils.c
3 issues
Line: 215
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wp = AV_CEIL_RSHIFT(w, draw->hsub[plane]) * draw->pixelstep[plane];
hp = AV_CEIL_RSHIFT(h, draw->vsub[plane]);
for (y = 0; y < hp; y++) {
memcpy(q, p, wp);
p += src_linesize[plane];
q += dst_linesize[plane];
}
}
}
Reported by FlawFinder.
Line: 245
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy first line from color */
for (x = 0; x < wp; x++) {
memcpy(p, color_tmp.comp[plane].u8, draw->pixelstep[plane]);
p += draw->pixelstep[plane];
}
wp *= draw->pixelstep[plane];
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
Reported by FlawFinder.
Line: 252
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
for (y = 1; y < hp; y++) {
memcpy(p, p0, wp);
p += dst_linesize[plane];
}
}
}
Reported by FlawFinder.