The following issues were found
libavformat/rtpenc_h264_hevc.c
3 issues
Line: 94
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
AV_WB16(s->buf_ptr, size);
s->buf_ptr += 2;
memcpy(s->buf_ptr, buf, size);
s->buf_ptr += size;
s->buffered_nals++;
} else {
flush_buffered(s1, 0);
ff_rtp_send_data(s1, buf, size, last);
Reported by FlawFinder.
Line: 168
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
while (size + header_size > s->max_payload_size) {
memcpy(&s->buf[header_size], buf, s->max_payload_size - header_size);
ff_rtp_send_data(s1, s->buf, s->max_payload_size, 0);
buf += s->max_payload_size - header_size;
size -= s->max_payload_size - header_size;
s->buf[flag_byte] &= ~(1 << 7);
}
Reported by FlawFinder.
Line: 175
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->buf[flag_byte] &= ~(1 << 7);
}
s->buf[flag_byte] |= 1 << 6;
memcpy(&s->buf[header_size], buf, size);
ff_rtp_send_data(s1, s->buf, size + header_size, last);
}
}
void ff_rtp_send_h264_hevc(AVFormatContext *s1, const uint8_t *buf1, int size)
Reported by FlawFinder.
libavcodec/ffv1enc.c
3 issues
Line: 288
CWE codes:
786
for (i = 0; i < ring_size; i++)
sample[i] = s->sample_buffer + (w + 6) * ((h + i - y) % ring_size) + 3;
sample[0][-1]= sample[1][0 ];
sample[1][ w]= sample[1][w-1];
if (s->bits_per_raw_sample <= 8) {
for (x = 0; x < w; x++)
sample[0][x] = src[x * pixel_stride + stride * y];
if((ret = encode_line(s, w, sample, plane_index, 8)) < 0)
Reported by Cppcheck.
Line: 1138
Column: 22
CWE codes:
126
for (j = 0; j < 256; j++) {
snprintf(p, end - p, "%" PRIu64 " %" PRIu64 " ",
f->rc_stat[j][0], f->rc_stat[j][1]);
p += strlen(p);
}
snprintf(p, end - p, "\n");
for (i = 0; i < f->quant_table_count; i++) {
for (j = 0; j < f->context_count[i]; j++)
Reported by FlawFinder.
Line: 1147
Column: 30
CWE codes:
126
for (m = 0; m < 32; m++) {
snprintf(p, end - p, "%" PRIu64 " %" PRIu64 " ",
f->rc_stat2[i][j][m][0], f->rc_stat2[i][j][m][1]);
p += strlen(p);
}
}
snprintf(p, end - p, "%d\n", f->gob_count);
}
return 0;
Reported by FlawFinder.
libavformat/pcmdec.c
3 issues
Line: 134
#define PCMDEF(name, long_name, ext, uppercase) \
PCMDEF_EXT(name, long_name, ext, uppercase, )
PCMDEF(f64be, "PCM 64-bit floating-point big-endian", NULL, F64BE)
PCMDEF(f64le, "PCM 64-bit floating-point little-endian", NULL, F64LE)
PCMDEF(f32be, "PCM 32-bit floating-point big-endian", NULL, F32BE)
PCMDEF(f32le, "PCM 32-bit floating-point little-endian", NULL, F32LE)
PCMDEF(s32be, "PCM signed 32-bit big-endian", NULL, S32BE)
PCMDEF(s32le, "PCM signed 32-bit little-endian", NULL, S32LE)
Reported by Cppcheck.
Line: 65
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!channels)
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
Reported by FlawFinder.
Line: 66
Column: 26
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
if (rate <= 0) {
Reported by FlawFinder.
libavformat/mxg.c
3 issues
Line: 176
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size);
if (ret < 0)
return ret;
memcpy(pkt->data, mxg->soi_ptr, size);
pkt->pts = pkt->dts = mxg->dts;
pkt->stream_index = 0;
if (mxg->soi_ptr - mxg->buffer > mxg->cache_size) {
Reported by FlawFinder.
Line: 215
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size - 14);
if (ret < 0)
return ret;
memcpy(pkt->data, startmarker_ptr + 16, size - 14);
/* time (GMT) of first sample in usec since 1970, little-endian */
pkt->pts = pkt->dts = AV_RL64(startmarker_ptr + 8);
pkt->stream_index = 1;
Reported by FlawFinder.
Line: 223
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (startmarker_ptr - mxg->buffer > mxg->cache_size) {
if (mxg->cache_size > 0) {
memcpy(mxg->buffer, mxg->buffer_ptr, mxg->cache_size);
}
mxg->buffer_ptr = mxg->buffer;
}
return pkt->size;
Reported by FlawFinder.
libavcodec/extract_extradata_bsf.c
3 issues
Line: 254
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!*data)
return AVERROR(ENOMEM);
memcpy(*data, pkt->data, extradata_size);
*size = extradata_size;
if (s->remove) {
pkt->data += extradata_size;
pkt->size -= extradata_size;
Reported by FlawFinder.
Line: 283
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!*data)
return AVERROR(ENOMEM);
memcpy(*data, pkt->data, *size);
if (s->remove) {
pkt->data += *size;
pkt->size -= *size;
}
Reported by FlawFinder.
Line: 311
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!*data)
return AVERROR(ENOMEM);
memcpy(*data, pkt->data, *size);
if (s->remove) {
pkt->data += *size;
pkt->size -= *size;
}
Reported by FlawFinder.
libavfilter/drawutils.c
3 issues
Line: 215
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wp = AV_CEIL_RSHIFT(w, draw->hsub[plane]) * draw->pixelstep[plane];
hp = AV_CEIL_RSHIFT(h, draw->vsub[plane]);
for (y = 0; y < hp; y++) {
memcpy(q, p, wp);
p += src_linesize[plane];
q += dst_linesize[plane];
}
}
}
Reported by FlawFinder.
Line: 245
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy first line from color */
for (x = 0; x < wp; x++) {
memcpy(p, color_tmp.comp[plane].u8, draw->pixelstep[plane]);
p += draw->pixelstep[plane];
}
wp *= draw->pixelstep[plane];
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
Reported by FlawFinder.
Line: 252
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy next lines from first line */
p = p0 + dst_linesize[plane];
for (y = 1; y < hp; y++) {
memcpy(p, p0, wp);
p += dst_linesize[plane];
}
}
}
Reported by FlawFinder.
libavformat/pjsdec.c
3 issues
Line: 55
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
{
int64_t start, end;
if (sscanf(*line, "%"SCNd64",%"SCNd64, &start, &end) == 2) {
*line += strcspn(*line, "\"");
*line += !!**line;
if (end < start || end - (uint64_t)start > INT_MAX)
return AV_NOPTS_VALUE;
*duration = end - start;
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
st->codecpar->codec_id = AV_CODEC_ID_PJS;
while (!avio_feof(s->pb)) {
char line[4096];
char *p = line;
const int64_t pos = avio_tell(s->pb);
int len = ff_get_line(s->pb, line, sizeof(line));
int64_t pts_start;
int duration;
Reported by FlawFinder.
Line: 95
Column: 57
CWE codes:
126
AVPacket *sub;
p[strcspn(p, "\"")] = 0;
sub = ff_subtitles_queue_insert(&pjs->q, p, strlen(p), 0);
if (!sub)
return AVERROR(ENOMEM);
sub->pos = pos;
sub->pts = pts_start;
sub->duration = duration;
Reported by FlawFinder.
libavfilter/af_lv2.c
3 issues
Line: 142
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = av_calloc(table->n_uris + 1, sizeof(char*));
if (!tmp)
return table->n_uris;
memcpy(tmp, table->uris, table->n_uris * sizeof(char**));
av_free(table->uris);
table->uris = tmp;
table->uris[table->n_uris] = av_malloc(len + 1);
if (!table->uris[table->n_uris])
Reported by FlawFinder.
Line: 150
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!table->uris[table->n_uris])
return table->n_uris;
memcpy(table->uris[table->n_uris], uri, len + 1);
table->n_uris++;
return table->n_uris;
}
Reported by FlawFinder.
Line: 129
Column: 24
CWE codes:
126
static LV2_URID uri_table_map(LV2_URID_Map_Handle handle, const char *uri)
{
URITable *table = (URITable*)handle;
const size_t len = strlen(uri);
size_t i;
char **tmp;
for (i = 0; i < table->n_uris; i++) {
if (!strcmp(table->uris[i], uri)) {
Reported by FlawFinder.
libavcodec/mss12.c
3 issues
Line: 174
CWE codes:
476
idx = 0;
for (i = 0; i < pctx->cache_size; i++) {
for (j = 0; j < num_ngb; j++)
if (pctx->cache[i] == ngb[j])
break;
if (j == num_ngb) {
if (idx == val)
break;
idx++;
Reported by Cppcheck.
Line: 333
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c->last_rgb_pic)
for (j = y; j < y + height; j++) {
memcpy(c->rgb_pic + j * c->rgb_stride + x * 3,
c->last_rgb_pic + j * c->rgb_stride + x * 3,
width * 3);
memcpy(c->pal_pic + j * c->pal_stride + x,
c->last_pal_pic + j * c->pal_stride + x,
width);
Reported by FlawFinder.
Line: 336
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(c->rgb_pic + j * c->rgb_stride + x * 3,
c->last_rgb_pic + j * c->rgb_stride + x * 3,
width * 3);
memcpy(c->pal_pic + j * c->pal_stride + x,
c->last_pal_pic + j * c->pal_stride + x,
width);
}
}
Reported by FlawFinder.
libavcodec/avrndec.c
3 issues
Line: 76
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(a->interlace) {
buf += (true_height - avctx->height)*avctx->width;
for(y = 0; y < avctx->height-1; y+=2) {
memcpy(p->data[0] + (y+ a->tff)*p->linesize[0], buf , 2*avctx->width);
memcpy(p->data[0] + (y+!a->tff)*p->linesize[0], buf + avctx->width*true_height+4, 2*avctx->width);
buf += 2*avctx->width;
}
} else {
buf += (true_height - avctx->height)*avctx->width*2;
Reported by FlawFinder.
Line: 77
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += (true_height - avctx->height)*avctx->width;
for(y = 0; y < avctx->height-1; y+=2) {
memcpy(p->data[0] + (y+ a->tff)*p->linesize[0], buf , 2*avctx->width);
memcpy(p->data[0] + (y+!a->tff)*p->linesize[0], buf + avctx->width*true_height+4, 2*avctx->width);
buf += 2*avctx->width;
}
} else {
buf += (true_height - avctx->height)*avctx->width*2;
for(y = 0; y < avctx->height; y++) {
Reported by FlawFinder.
Line: 83
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
buf += (true_height - avctx->height)*avctx->width*2;
for(y = 0; y < avctx->height; y++) {
memcpy(p->data[0] + y*p->linesize[0], buf, 2*avctx->width);
buf += 2*avctx->width;
}
}
*got_frame = 1;
Reported by FlawFinder.