The following issues were found
libavfilter/formats.c
3 issues
Line: 617
CWE codes:
476
void ff_channel_layouts_changeref(AVFilterChannelLayouts **oldref,
AVFilterChannelLayouts **newref)
{
FORMATS_CHANGEREF(oldref, newref);
}
void ff_formats_changeref(AVFilterFormats **oldref, AVFilterFormats **newref)
{
FORMATS_CHANGEREF(oldref, newref);
Reported by Cppcheck.
Line: 622
CWE codes:
476
void ff_formats_changeref(AVFilterFormats **oldref, AVFilterFormats **newref)
{
FORMATS_CHANGEREF(oldref, newref);
}
#define SET_COMMON_FORMATS(ctx, fmts, ref_fn, unref_fn) \
int count = 0, i; \
\
Reported by Cppcheck.
Line: 395
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MAKE_FORMAT_LIST(AVFilterChannelLayouts,
channel_layouts, nb_channel_layouts);
if (count)
memcpy(formats->channel_layouts, fmts,
sizeof(*formats->channel_layouts) * count);
return formats;
}
Reported by FlawFinder.
libavcodec/rl2.c
3 issues
Line: 75
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/** copy start of the background frame */
for (i = 0; i <= base_y; i++) {
if (s->back_frame)
memcpy(out, back_frame, s->avctx->width);
out += stride;
back_frame += s->avctx->width;
}
back_frame += base_x - s->avctx->width;
line_end = out - stride_adj;
Reported by FlawFinder.
Line: 118
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/** copy the rest from the background frame */
if (s->back_frame) {
while (out < out_end) {
memcpy(out, back_frame, line_end - out);
back_frame += line_end - out;
out = line_end + stride_adj;
line_end += stride;
}
}
Reported by FlawFinder.
Line: 197
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->video_base);
/** make the palette available on the way out */
memcpy(frame->data[1], s->palette, AVPALETTE_SIZE);
*got_frame = 1;
/** report that the buffer was completely consumed */
return buf_size;
Reported by FlawFinder.
libavfilter/vf_avgblur_vulkan.c
3 issues
Line: 288
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
0, NULL, 0, NULL, FF_ARRAY_ELEMS(bar), bar);
in->layout[i] = bar[0].newLayout;
in->access[i] = bar[0].dstAccessMask;
tmp->layout[i] = bar[1].newLayout;
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
Reported by FlawFinder.
Line: 291
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
in->access[i] = bar[0].dstAccessMask;
tmp->layout[i] = bar[1].newLayout;
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
out->access[i] = bar[2].dstAccessMask;
}
Reported by FlawFinder.
Line: 294
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
tmp->access[i] = bar[1].dstAccessMask;
out->layout[i] = bar[2].newLayout;
out->access[i] = bar[2].dstAccessMask;
}
ff_vk_bind_pipeline_exec(avctx, s->exec, s->pl_hor);
vkCmdDispatch(cmd_buf, FFALIGN(s->vkctx.output_width, CGS)/CGS,
Reported by FlawFinder.
libavcodec/ra144.c
3 issues
Line: 1534
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
source += BUFFERSIZE - offset;
memcpy(target, source, FFMIN(BLOCKSIZE, offset)*sizeof(*target));
if (offset < BLOCKSIZE)
memcpy(target + offset, source, (BLOCKSIZE - offset)*sizeof(*target));
}
/**
Reported by FlawFinder.
Line: 1536
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(target, source, FFMIN(BLOCKSIZE, offset)*sizeof(*target));
if (offset < BLOCKSIZE)
memcpy(target + offset, source, (BLOCKSIZE - offset)*sizeof(*target));
}
/**
* Evaluate the reflection coefficients from the filter coefficients.
*
Reported by FlawFinder.
Line: 1718
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
add_wav(block, gain, cba_idx, m, cba_idx? ractx->buffer_a: NULL,
ff_cb1_vects[cb1_idx], ff_cb2_vects[cb2_idx]);
memcpy(ractx->curr_sblock, ractx->curr_sblock + BLOCKSIZE,
LPC_ORDER*sizeof(*ractx->curr_sblock));
if (ff_celp_lp_synthesis_filter(ractx->curr_sblock + LPC_ORDER, lpc_coefs,
block, BLOCKSIZE, LPC_ORDER, 1, 0, 0xfff))
memset(ractx->curr_sblock, 0, (LPC_ORDER+BLOCKSIZE)*sizeof(*ractx->curr_sblock));
Reported by FlawFinder.
libavformat/pjsdec.c
3 issues
Line: 55
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
{
int64_t start, end;
if (sscanf(*line, "%"SCNd64",%"SCNd64, &start, &end) == 2) {
*line += strcspn(*line, "\"");
*line += !!**line;
if (end < start || end - (uint64_t)start > INT_MAX)
return AV_NOPTS_VALUE;
*duration = end - start;
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
st->codecpar->codec_id = AV_CODEC_ID_PJS;
while (!avio_feof(s->pb)) {
char line[4096];
char *p = line;
const int64_t pos = avio_tell(s->pb);
int len = ff_get_line(s->pb, line, sizeof(line));
int64_t pts_start;
int duration;
Reported by FlawFinder.
Line: 95
Column: 57
CWE codes:
126
AVPacket *sub;
p[strcspn(p, "\"")] = 0;
sub = ff_subtitles_queue_insert(&pjs->q, p, strlen(p), 0);
if (!sub)
return AVERROR(ENOMEM);
sub->pos = pos;
sub->pts = pts_start;
sub->duration = duration;
Reported by FlawFinder.
libavcodec/g723_1.c
3 issues
Line: 1151
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int16_t vector[SUBFRAME_LEN];
int i, j;
memcpy(vector, buf, SUBFRAME_LEN * sizeof(*vector));
for (i = pitch_lag; i < SUBFRAME_LEN; i += pitch_lag) {
for (j = 0; j < SUBFRAME_LEN - i; j++)
buf[i + j] += vector[j];
}
}
Reported by FlawFinder.
Line: 1265
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
8192, 8192, 1 << 13, 14, LPC_ORDER);
ff_acelp_weighted_vector_sum(lpc + 2 * LPC_ORDER, cur_lsp, prev_lsp,
12288, 4096, 1 << 13, 14, LPC_ORDER);
memcpy(lpc + 3 * LPC_ORDER, cur_lsp, LPC_ORDER * sizeof(*lpc));
for (i = 0; i < SUBFRAMES; i++) {
lsp2lpc(lpc_ptr);
lpc_ptr += LPC_ORDER;
}
Reported by FlawFinder.
Line: 1332
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
if (!stable)
memcpy(cur_lsp, prev_lsp, LPC_ORDER * sizeof(*cur_lsp));
}
Reported by FlawFinder.
libavcodec/c93.c
3 issues
Line: 95
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (overflow > 0) {
width -= overflow;
for (i = 0; i < height; i++) {
memcpy(&to[i*stride+width], &from[(from_y+i)*stride], overflow);
}
}
for (i = 0; i < height; i++) {
memcpy(&to[i*stride], &from[(from_y+i)*stride+from_x], width);
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < height; i++) {
memcpy(&to[i*stride], &from[(from_y+i)*stride+from_x], width);
}
return 0;
}
Reported by FlawFinder.
Line: 250
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newpic->palette_has_changed = 1;
} else {
if (oldpic->data[1])
memcpy(newpic->data[1], oldpic->data[1], 256 * 4);
}
if ((ret = av_frame_ref(data, newpic)) < 0)
return ret;
*got_frame = 1;
Reported by FlawFinder.
libavfilter/drawutils.c
3 issues
Line: 215
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wp = AV_CEIL_RSHIFT(w, draw->hsub[plane]) * draw->pixelstep[plane];
hp = AV_CEIL_RSHIFT(h, draw->vsub[plane]);
for (y = 0; y < hp; y++) {
memcpy(q, p, wp);
p += src_linesize[plane];
q += dst_linesize[plane];
}
}
}
Reported by FlawFinder.
Line: 245
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy first line from color */
for (x = 0; x < wp; x++) {
memcpy(p, color_tmp.comp[plane].u8, draw->pixelstep[plane]);
p += draw->pixelstep[plane];
}
wp *= draw->pixelstep[plane];
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
Reported by FlawFinder.
Line: 252
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
for (y = 1; y < hp; y++) {
memcpy(p, p0, wp);
p += dst_linesize[plane];
}
}
}
Reported by FlawFinder.
libavformat/pcmdec.c
3 issues
Line: 134
#define PCMDEF(name, long_name, ext, uppercase) \
PCMDEF_EXT(name, long_name, ext, uppercase, )
PCMDEF(f64be, "PCM 64-bit floating-point big-endian", NULL, F64BE)
PCMDEF(f64le, "PCM 64-bit floating-point little-endian", NULL, F64LE)
PCMDEF(f32be, "PCM 32-bit floating-point big-endian", NULL, F32BE)
PCMDEF(f32le, "PCM 32-bit floating-point little-endian", NULL, F32LE)
PCMDEF(s32be, "PCM signed 32-bit big-endian", NULL, S32BE)
PCMDEF(s32le, "PCM signed 32-bit little-endian", NULL, S32LE)
Reported by Cppcheck.
Line: 65
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!channels)
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
Reported by FlawFinder.
Line: 66
Column: 26
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
if (rate <= 0) {
Reported by FlawFinder.
libavcodec/pgssubdec.c
3 issues
Line: 267
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf_size > object->rle_remaining_len)
return AVERROR_INVALIDDATA;
memcpy(object->rle + object->rle_data_len, buf, buf_size);
object->rle_data_len += buf_size;
object->rle_remaining_len -= buf_size;
return 0;
}
Reported by FlawFinder.
Line: 309
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(object->rle, buf, buf_size);
object->rle_data_len = buf_size;
object->rle_remaining_len = rle_bitmap_len - buf_size;
return 0;
}
Reported by FlawFinder.
Line: 598
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!ctx->forced_subs_only || ctx->presentation.objects[i].composition_flag & 0x40)
memcpy(sub->rects[i]->data[1], palette->clut, sub->rects[i]->nb_colors * sizeof(uint32_t));
}
return 1;
}
static int decode(AVCodecContext *avctx, void *data, int *got_sub_ptr,
Reported by FlawFinder.