The following issues were found
libavcodec/mpeg4videoenc.c
3 issues
Line: 411
CWE codes:
476
for (i = 0; i < 6; i++)
skip_put_bits(&s->pb,
mpeg4_get_block_length(s, block[i], i,
intra_dc[i], scan_table[i]));
} else {
/* encode each block */
for (i = 0; i < 6; i++)
mpeg4_encode_block(s, block[i], i,
intra_dc[i], scan_table[i], dc_pb, ac_pb);
Reported by Cppcheck.
Line: 106
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const int zigzag_last_index[6])
{
int i, n;
memcpy(s->block_last_index, zigzag_last_index, sizeof(int) * 6);
for (n = 0; n < 6; n++) {
int16_t *ac_val = &s->ac_val[0][0][0] + s->block_index[n] * 16;
st[n] = s->intra_scantable.permutated;
Reported by FlawFinder.
Line: 140
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, n;
int8_t *const qscale_table = s->current_picture.qscale_table;
memcpy(zigzag_last_index, s->block_last_index, sizeof(int) * 6);
for (n = 0; n < 6; n++) {
int16_t *ac_val, *ac_val1;
score -= get_block_rate(s, block[n], s->block_last_index[n],
Reported by FlawFinder.
libavfilter/af_lv2.c
3 issues
Line: 142
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = av_calloc(table->n_uris + 1, sizeof(char*));
if (!tmp)
return table->n_uris;
memcpy(tmp, table->uris, table->n_uris * sizeof(char**));
av_free(table->uris);
table->uris = tmp;
table->uris[table->n_uris] = av_malloc(len + 1);
if (!table->uris[table->n_uris])
Reported by FlawFinder.
Line: 150
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!table->uris[table->n_uris])
return table->n_uris;
memcpy(table->uris[table->n_uris], uri, len + 1);
table->n_uris++;
return table->n_uris;
}
Reported by FlawFinder.
Line: 129
Column: 24
CWE codes:
126
static LV2_URID uri_table_map(LV2_URID_Map_Handle handle, const char *uri)
{
URITable *table = (URITable*)handle;
const size_t len = strlen(uri);
size_t i;
char **tmp;
for (i = 0; i < table->n_uris; i++) {
if (!strcmp(table->uris[i], uri)) {
Reported by FlawFinder.
libavformat/mxg.c
3 issues
Line: 176
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size);
if (ret < 0)
return ret;
memcpy(pkt->data, mxg->soi_ptr, size);
pkt->pts = pkt->dts = mxg->dts;
pkt->stream_index = 0;
if (mxg->soi_ptr - mxg->buffer > mxg->cache_size) {
Reported by FlawFinder.
Line: 215
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size - 14);
if (ret < 0)
return ret;
memcpy(pkt->data, startmarker_ptr + 16, size - 14);
/* time (GMT) of first sample in usec since 1970, little-endian */
pkt->pts = pkt->dts = AV_RL64(startmarker_ptr + 8);
pkt->stream_index = 1;
Reported by FlawFinder.
Line: 223
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (startmarker_ptr - mxg->buffer > mxg->cache_size) {
if (mxg->cache_size > 0) {
memcpy(mxg->buffer, mxg->buffer_ptr, mxg->cache_size);
}
mxg->buffer_ptr = mxg->buffer;
}
return pkt->size;
Reported by FlawFinder.
libavformat/mmsh.c
3 issues
Line: 216
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mmsh_open_internal(URLContext *h, const char *uri, int flags, int timestamp, int64_t pos)
{
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
Reported by FlawFinder.
Line: 218
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
mmsh->request_seq = h->is_streamed = 1;
mms = &mmsh->mms;
Reported by FlawFinder.
Line: 277
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!stream_selection)
return AVERROR(ENOMEM);
for (i = 0; i < mms->stream_num; i++) {
char tmp[20];
err = snprintf(tmp, sizeof(tmp), "ffff:%d:0 ", mms->streams[i].id);
if (err < 0)
goto fail;
av_strlcat(stream_selection, tmp, mms->stream_num * 19 + 1);
}
Reported by FlawFinder.
libavformat/mkvtimestamp_v2.c
3 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write_packet(AVFormatContext *s, AVPacket *pkt)
{
char buf[256];
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
Reported by FlawFinder.
Line: 28
Column: 31
CWE codes:
126
static int write_header(AVFormatContext *s)
{
static const char *header = "# timecode format v2\n";
avio_write(s->pb, header, strlen(header));
avpriv_set_pts_info(s->streams[0], 64, 1, 1000);
return 0;
}
static int write_packet(AVFormatContext *s, AVPacket *pkt)
Reported by FlawFinder.
Line: 39
Column: 28
CWE codes:
126
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
}
const AVOutputFormat ff_mkvtimestamp_v2_muxer = {
.name = "mkvtimestamp_v2",
Reported by FlawFinder.
libavcodec/mips/vp8dsp_mmi.c
3 issues
Line: 1485
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < h; i++, dst += dststride, src += srcstride)
memcpy(dst, src, 16);
#endif
}
void ff_put_vp8_pixels8_mmi(uint8_t *dst, ptrdiff_t dststride, uint8_t *src,
ptrdiff_t srcstride, int h, int x, int y)
Reported by FlawFinder.
Line: 1525
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < h; i++, dst += dststride, src += srcstride)
memcpy(dst, src, 8);
#endif
}
void ff_put_vp8_pixels4_mmi(uint8_t *dst, ptrdiff_t dststride, uint8_t *src,
ptrdiff_t srcstride, int h, int x, int y)
Reported by FlawFinder.
Line: 1565
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < h; i++, dst += dststride, src += srcstride)
memcpy(dst, src, 4);
#endif
}
void ff_put_vp8_epel16_h4_mmi(uint8_t *dst, ptrdiff_t dststride, uint8_t *src,
ptrdiff_t srcstride, int h, int mx, int my)
Reported by FlawFinder.
libavcodec/atrac1.c
3 issues
Line: 155
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (num_blocks == 1)
memcpy(q->bands[band_num] + 32, &su->spectrum[0][ref_pos + 16], 240 * sizeof(float));
ref_pos += band_samples;
}
/* Swap buffers so the mdct overlap works */
Reported by FlawFinder.
Line: 267
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_atrac_iqmf(q->bands[0], q->bands[1], 128, temp, su->fst_qmf_delay, iqmf_temp);
/* delay the signal of the high band by 39 samples */
memcpy( su->last_qmf_delay, &su->last_qmf_delay[256], sizeof(float) * 39);
memcpy(&su->last_qmf_delay[39], q->bands[2], sizeof(float) * 256);
/* combine (low + middle) and high bands */
ff_atrac_iqmf(temp, su->last_qmf_delay, 256, pOut, su->snd_qmf_delay, iqmf_temp);
}
Reported by FlawFinder.
Line: 268
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* delay the signal of the high band by 39 samples */
memcpy( su->last_qmf_delay, &su->last_qmf_delay[256], sizeof(float) * 39);
memcpy(&su->last_qmf_delay[39], q->bands[2], sizeof(float) * 256);
/* combine (low + middle) and high bands */
ff_atrac_iqmf(temp, su->last_qmf_delay, 256, pOut, su->snd_qmf_delay, iqmf_temp);
}
Reported by FlawFinder.
doc/examples/decode_video.c
3 issues
Line: 44
Column: 9
CWE codes:
362
FILE *f;
int i;
f = fopen(filename,"wb");
fprintf(f, "P5\n%d %d\n%d\n", xsize, ysize, 255);
for (i = 0; i < ysize; i++)
fwrite(buf + i * wrap, 1, xsize, f);
fclose(f);
}
Reported by FlawFinder.
Line: 54
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void decode(AVCodecContext *dec_ctx, AVFrame *frame, AVPacket *pkt,
const char *filename)
{
char buf[1024];
int ret;
ret = avcodec_send_packet(dec_ctx, pkt);
if (ret < 0) {
fprintf(stderr, "Error sending a packet for decoding\n");
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
362
exit(1);
}
f = fopen(filename, "rb");
if (!f) {
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
Reported by FlawFinder.
libavcodec/mips/amrwbdec_mips.c
3 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 65
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 186
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
);
out[i] = output;
}
memcpy(mem, data + AMRWB_SFR_SIZE_16k, HB_FIR_SIZE * sizeof(float));
}
#endif /* !HAVE_MIPS32R6 && !HAVE_MIPS64R6 */
#endif /* HAVE_INLINE_ASM */
Reported by FlawFinder.
libavcodec/atrac.c
3 issues
Line: 125
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the overlapping part into the delay buffer */
memcpy(prev, &in[num_samples], num_samples * sizeof(float));
}
void ff_atrac_iqmf(float *inlo, float *inhi, unsigned int nIn, float *pOut,
float *delayBuf, float *temp)
{
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
float *p1, *p3;
memcpy(temp, delayBuf, 46*sizeof(float));
p3 = temp + 46;
/* loop1 */
for(i=0; i<nIn; i+=2){
Reported by FlawFinder.
Line: 165
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Update the delay buffer. */
memcpy(delayBuf, temp + nIn*2, 46*sizeof(float));
}
Reported by FlawFinder.