The following issues were found
libavformat/rtmppkt.c
17 issues
Line: 596
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const uint8_t *data_end)
{
unsigned int size, nb = -1;
char buf[1024];
AMFDataType type;
int parse_key = 1;
if (data >= data_end)
return;
Reported by FlawFinder.
Line: 617
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = bytestream_get_be32(&data);
}
size = FFMIN(size, sizeof(buf) - 1);
memcpy(buf, data, size);
buf[size] = 0;
av_log(ctx, AV_LOG_DEBUG, " string '%s'\n", buf);
return;
case AMF_DATA_TYPE_NULL:
av_log(ctx, AV_LOG_DEBUG, " NULL\n");
Reported by FlawFinder.
Line: 640
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data++;
break;
}
memcpy(buf, data, size);
buf[size] = 0;
if (size >= data_end - data)
return;
data += size;
av_log(ctx, AV_LOG_DEBUG, " %s: ", buf);
Reported by FlawFinder.
Line: 46
Column: 30
CWE codes:
126
void ff_amf_write_string(uint8_t **dst, const char *str)
{
bytestream_put_byte(dst, AMF_DATA_TYPE_STRING);
bytestream_put_be16(dst, strlen(str));
bytestream_put_buffer(dst, str, strlen(str));
}
void ff_amf_write_string2(uint8_t **dst, const char *str1, const char *str2)
{
Reported by FlawFinder.
Line: 47
Column: 37
CWE codes:
126
{
bytestream_put_byte(dst, AMF_DATA_TYPE_STRING);
bytestream_put_be16(dst, strlen(str));
bytestream_put_buffer(dst, str, strlen(str));
}
void ff_amf_write_string2(uint8_t **dst, const char *str1, const char *str2)
{
int len1 = 0, len2 = 0;
Reported by FlawFinder.
Line: 54
Column: 16
CWE codes:
126
{
int len1 = 0, len2 = 0;
if (str1)
len1 = strlen(str1);
if (str2)
len2 = strlen(str2);
bytestream_put_byte(dst, AMF_DATA_TYPE_STRING);
bytestream_put_be16(dst, len1 + len2);
bytestream_put_buffer(dst, str1, len1);
Reported by FlawFinder.
Line: 56
Column: 16
CWE codes:
126
if (str1)
len1 = strlen(str1);
if (str2)
len2 = strlen(str2);
bytestream_put_byte(dst, AMF_DATA_TYPE_STRING);
bytestream_put_be16(dst, len1 + len2);
bytestream_put_buffer(dst, str1, len1);
bytestream_put_buffer(dst, str2, len2);
}
Reported by FlawFinder.
Line: 75
Column: 30
CWE codes:
126
void ff_amf_write_field_name(uint8_t **dst, const char *str)
{
bytestream_put_be16(dst, strlen(str));
bytestream_put_buffer(dst, str, strlen(str));
}
void ff_amf_write_object_end(uint8_t **dst)
{
Reported by FlawFinder.
Line: 76
Column: 37
CWE codes:
126
void ff_amf_write_field_name(uint8_t **dst, const char *str)
{
bytestream_put_be16(dst, strlen(str));
bytestream_put_buffer(dst, str, strlen(str));
}
void ff_amf_write_object_end(uint8_t **dst)
{
/* first two bytes are field name length = 0,
Reported by FlawFinder.
Line: 89
Column: 14
CWE codes:
120
20
int ff_amf_read_number(GetByteContext *bc, double *val)
{
uint64_t read;
if (bytestream2_get_byte(bc) != AMF_DATA_TYPE_NUMBER)
return AVERROR_INVALIDDATA;
read = bytestream2_get_be64(bc);
*val = av_int2double(read);
return 0;
Reported by FlawFinder.
libavformat/sdp.c
17 issues
Line: 126
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int port;
const char *p;
char proto[32];
av_url_split(proto, sizeof(proto), NULL, 0, dest_addr, size, &port, NULL, 0, url);
*ttl = 0;
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
p = strchr(url, '?');
if (p) {
char buff[64];
if (av_find_info_tag(buff, sizeof(buff), "ttl", p)) {
*ttl = strtol(buff, NULL, 10);
} else {
*ttl = 5;
Reported by FlawFinder.
Line: 183
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_free(tmpbuf);
return NULL;
}
memcpy(psets, pset_string, strlen(pset_string));
p = psets + strlen(pset_string);
r = ff_avc_find_startcode(extradata, extradata + extradata_size);
while (r < extradata + extradata_size) {
const uint8_t *r1;
uint8_t nal_type;
Reported by FlawFinder.
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r = r1;
}
if (sps && sps_end - sps >= 4 && p - psets <= MAX_PSET_SIZE - strlen(profile_string) - 7) {
memcpy(p, profile_string, strlen(profile_string));
p += strlen(p);
ff_data_to_hex(p, sps + 1, 3, 0);
p[6] = '\0';
}
av_free(tmpbuf);
Reported by FlawFinder.
Line: 233
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int extradata_size = par->extradata_size;
uint8_t *tmpbuf = NULL;
int ps_pos[3] = { 0 };
static const char * const ps_names[3] = { "vps", "sps", "pps" };
int num_arrays, num_nalus;
int pos, i, j;
// Convert to hvcc format. Since we need to group multiple NALUs of
// the same type, and we might need to convert from one format to the
Reported by FlawFinder.
Line: 341
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s, AV_LOG_ERROR, "Cannot allocate memory for the config info.\n");
return NULL;
}
memcpy(config, "; config=", 9);
ff_data_to_hex(config + 9, par->extradata, par->extradata_size, 0);
config[9 + par->extradata_size * 2] = 0;
return config;
}
Reported by FlawFinder.
Line: 403
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
config[9] = 2;
config[10] = header_len[0];
config[11] = 0; // size of comment header; nonexistent
memcpy(config + 12, header_start[0], header_len[0]);
memcpy(config + 12 + header_len[0], header_start[2], header_len[2]);
av_base64_encode(encoded_config, AV_BASE64_SIZE(config_len),
config, config_len);
av_free(config);
Reported by FlawFinder.
Line: 404
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
config[10] = header_len[0];
config[11] = 0; // size of comment header; nonexistent
memcpy(config + 12, header_start[0], header_len[0]);
memcpy(config + 12 + header_len[0], header_start[2], header_len[2]);
av_base64_encode(encoded_config, AV_BASE64_SIZE(config_len),
config, config_len);
av_free(config);
Reported by FlawFinder.
Line: 763
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVDictionaryEntry *title = av_dict_get(ac[0]->metadata, "title", NULL, 0);
struct sdp_session_level s = { 0 };
int i, j, port, ttl, is_multicast, index = 0;
char dst[32], dst_type[5];
memset(buf, 0, size);
s.user = "-";
s.src_addr = "127.0.0.1"; /* FIXME: Properly set this */
s.src_type = "IP4";
Reported by FlawFinder.
Line: 183
Column: 32
CWE codes:
126
av_free(tmpbuf);
return NULL;
}
memcpy(psets, pset_string, strlen(pset_string));
p = psets + strlen(pset_string);
r = ff_avc_find_startcode(extradata, extradata + extradata_size);
while (r < extradata + extradata_size) {
const uint8_t *r1;
uint8_t nal_type;
Reported by FlawFinder.
libavcodec/vp9.c
17 issues
Line: 1095
CWE codes:
758
ptrdiff_t yoff, ptrdiff_t uvoff, enum BlockLevel bl)
{
const VP9Context *s = td->s;
int c = ((s->above_partition_ctx[col] >> (3 - bl)) & 1) |
(((td->left_partition_ctx[row & 0x7] >> (3 - bl)) & 1) << 1);
const uint8_t *p = s->s.h.keyframe || s->s.h.intraonly ? ff_vp9_default_kf_partition_probs[bl][c] :
s->prob.p.partition[bl][c];
enum BlockPartition bp;
ptrdiff_t hbs = 4 >> bl;
Reported by Cppcheck.
Line: 1096
CWE codes:
758
{
const VP9Context *s = td->s;
int c = ((s->above_partition_ctx[col] >> (3 - bl)) & 1) |
(((td->left_partition_ctx[row & 0x7] >> (3 - bl)) & 1) << 1);
const uint8_t *p = s->s.h.keyframe || s->s.h.intraonly ? ff_vp9_default_kf_partition_probs[bl][c] :
s->prob.p.partition[bl][c];
enum BlockPartition bp;
ptrdiff_t hbs = 4 >> bl;
AVFrame *f = s->s.frames[CUR_FRAME].tf.f;
Reported by Cppcheck.
Line: 861
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (s->s.h.keyframe || s->s.h.errorres || (s->s.h.intraonly && s->s.h.resetctx == 3)) {
s->prob_ctx[0].p = s->prob_ctx[1].p = s->prob_ctx[2].p =
s->prob_ctx[3].p = ff_vp9_default_probs;
memcpy(s->prob_ctx[0].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[1].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[2].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
Reported by FlawFinder.
Line: 863
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->prob_ctx[3].p = ff_vp9_default_probs;
memcpy(s->prob_ctx[0].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[1].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[2].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[3].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
Reported by FlawFinder.
Line: 865
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[1].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[2].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[3].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
} else if (s->s.h.intraonly && s->s.h.resetctx == 2) {
s->prob_ctx[c].p = ff_vp9_default_probs;
Reported by FlawFinder.
Line: 867
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[2].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
memcpy(s->prob_ctx[3].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
} else if (s->s.h.intraonly && s->s.h.resetctx == 2) {
s->prob_ctx[c].p = ff_vp9_default_probs;
memcpy(s->prob_ctx[c].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
Reported by FlawFinder.
Line: 871
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(ff_vp9_default_coef_probs));
} else if (s->s.h.intraonly && s->s.h.resetctx == 2) {
s->prob_ctx[c].p = ff_vp9_default_probs;
memcpy(s->prob_ctx[c].coef, ff_vp9_default_coef_probs,
sizeof(ff_vp9_default_coef_probs));
}
// next 16 bits is size of the rest of the header (arith-coded)
s->s.h.compressed_header_size = size2 = get_bits(&s->gb, 16);
Reported by FlawFinder.
Line: 951
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
p[n] = r[n];
}
memcpy(&p[3], ff_vp9_model_pareto8[p[2]], 8);
}
} else {
for (j = 0; j < 2; j++)
for (k = 0; k < 2; k++)
for (l = 0; l < 6; l++)
Reported by FlawFinder.
Line: 962
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *r = ref[j][k][l][m];
if (m > 3 && l == 0) // dc only has 3 pt
break;
memcpy(p, r, 3);
memcpy(&p[3], ff_vp9_model_pareto8[p[2]], 8);
}
}
if (s->s.h.txfmmode == i)
break;
Reported by FlawFinder.
Line: 963
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (m > 3 && l == 0) // dc only has 3 pt
break;
memcpy(p, r, 3);
memcpy(&p[3], ff_vp9_model_pareto8[p[2]], 8);
}
}
if (s->s.h.txfmmode == i)
break;
}
Reported by FlawFinder.
tests/checkasm/h264dsp.c
17 issues
Line: 359
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
call_ref(dst0 + off, 32, alphas[j], betas[j], tc0[j]); \
call_new(dst1 + off, 32, alphas[j], betas[j], tc0[j]); \
if (memcmp(dst0, dst1, 32 * 16 * SIZEOF_PIXEL)) { \
fprintf(stderr, #name #idc ": j:%d, alpha:%d beta:%d " \
"tc0:{%d,%d,%d,%d}\n", j, alphas[j], betas[j], \
tc0[j][0], tc0[j][1], tc0[j][2], tc0[j][3]); \
fail(); \
} \
bench_new(dst1, 32, alphas[j], betas[j], tc0[j]); \
Reported by FlawFinder.
Line: 419
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
call_ref(dst0 + off, 32, alphas[j], betas[j]); \
call_new(dst1 + off, 32, alphas[j], betas[j]); \
if (memcmp(dst0, dst1, 32 * 16 * SIZEOF_PIXEL)) { \
fprintf(stderr, #name #idc ": j:%d, alpha:%d beta:%d\n", \
j, alphas[j], betas[j]); \
fail(); \
} \
bench_new(dst1, 32, alphas[j], betas[j]); \
} \
Reported by FlawFinder.
Line: 211
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst1 = dst1_base + align;
if (dc) {
memset(subcoef0, 0, sz * sz * SIZEOF_COEF);
memcpy(subcoef0, coef, SIZEOF_COEF);
} else {
memcpy(subcoef0, coef, sz * sz * SIZEOF_COEF);
}
memcpy(dst0, dst, sz * PIXEL_STRIDE);
memcpy(dst1, dst, sz * PIXEL_STRIDE);
Reported by FlawFinder.
Line: 213
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(subcoef0, 0, sz * sz * SIZEOF_COEF);
memcpy(subcoef0, coef, SIZEOF_COEF);
} else {
memcpy(subcoef0, coef, sz * sz * SIZEOF_COEF);
}
memcpy(dst0, dst, sz * PIXEL_STRIDE);
memcpy(dst1, dst, sz * PIXEL_STRIDE);
memcpy(subcoef1, subcoef0, sz * sz * SIZEOF_COEF);
call_ref(dst0, subcoef0, PIXEL_STRIDE);
Reported by FlawFinder.
Line: 215
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(subcoef0, coef, sz * sz * SIZEOF_COEF);
}
memcpy(dst0, dst, sz * PIXEL_STRIDE);
memcpy(dst1, dst, sz * PIXEL_STRIDE);
memcpy(subcoef1, subcoef0, sz * sz * SIZEOF_COEF);
call_ref(dst0, subcoef0, PIXEL_STRIDE);
call_new(dst1, subcoef1, PIXEL_STRIDE);
if (memcmp(dst0, dst1, sz * PIXEL_STRIDE) ||
Reported by FlawFinder.
Line: 216
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(subcoef0, coef, sz * sz * SIZEOF_COEF);
}
memcpy(dst0, dst, sz * PIXEL_STRIDE);
memcpy(dst1, dst, sz * PIXEL_STRIDE);
memcpy(subcoef1, subcoef0, sz * sz * SIZEOF_COEF);
call_ref(dst0, subcoef0, PIXEL_STRIDE);
call_new(dst1, subcoef1, PIXEL_STRIDE);
if (memcmp(dst0, dst1, sz * PIXEL_STRIDE) ||
memcmp(subcoef0, subcoef1, sz * sz * SIZEOF_COEF))
Reported by FlawFinder.
Line: 217
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(dst0, dst, sz * PIXEL_STRIDE);
memcpy(dst1, dst, sz * PIXEL_STRIDE);
memcpy(subcoef1, subcoef0, sz * sz * SIZEOF_COEF);
call_ref(dst0, subcoef0, PIXEL_STRIDE);
call_new(dst1, subcoef1, PIXEL_STRIDE);
if (memcmp(dst0, dst1, sz * PIXEL_STRIDE) ||
memcmp(subcoef0, subcoef1, sz * sz * SIZEOF_COEF))
fail();
Reported by FlawFinder.
Line: 286
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dct8x8(coef, bit_depth);
for (y = 0; y < sz; y++)
memcpy(&dst_full[offset + y * 16 * SIZEOF_PIXEL],
&dst[PIXEL_STRIDE * y], sz * SIZEOF_PIXEL);
if (nnz > 1)
nnz = sz * sz;
memcpy(&coef_full[i * SIZEOF_COEF/sizeof(coef[0])],
Reported by FlawFinder.
Line: 291
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nnz > 1)
nnz = sz * sz;
memcpy(&coef_full[i * SIZEOF_COEF/sizeof(coef[0])],
coef, nnz * SIZEOF_COEF);
if (intra && nnz == 1)
nnz = 0;
Reported by FlawFinder.
Line: 302
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (check_func(idct, "%s_%dbpp", name, bit_depth)) {
memcpy(coef0, coef_full, 16 * 16 * SIZEOF_COEF);
memcpy(coef1, coef_full, 16 * 16 * SIZEOF_COEF);
memcpy(dst0, dst_full, 16 * 16 * SIZEOF_PIXEL);
memcpy(dst1, dst_full, 16 * 16 * SIZEOF_PIXEL);
call_ref(dst0, block_offset, coef0, 16 * SIZEOF_PIXEL, nnzc);
call_new(dst1, block_offset, coef1, 16 * SIZEOF_PIXEL, nnzc);
Reported by FlawFinder.
tests/checkasm/vp8dsp.c
17 issues
Line: 138
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(subcoef0, 0, 4 * 4 * sizeof(int16_t));
subcoef0[0] = coef[0];
} else {
memcpy(subcoef0, coef, 4 * 4 * sizeof(int16_t));
}
memcpy(dst0, dst, 4 * 4);
memcpy(dst1, dst, 4 * 4);
memcpy(subcoef1, subcoef0, 4 * 4 * sizeof(int16_t));
// Note, this uses a pixel stride of 4, even though the real decoder uses a stride as a
Reported by FlawFinder.
Line: 140
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(subcoef0, coef, 4 * 4 * sizeof(int16_t));
}
memcpy(dst0, dst, 4 * 4);
memcpy(dst1, dst, 4 * 4);
memcpy(subcoef1, subcoef0, 4 * 4 * sizeof(int16_t));
// Note, this uses a pixel stride of 4, even though the real decoder uses a stride as a
// multiple of 16. If optimizations want to take advantage of that, this test needs to be
// updated to make it more like the h264dsp tests.
Reported by FlawFinder.
Line: 141
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(subcoef0, coef, 4 * 4 * sizeof(int16_t));
}
memcpy(dst0, dst, 4 * 4);
memcpy(dst1, dst, 4 * 4);
memcpy(subcoef1, subcoef0, 4 * 4 * sizeof(int16_t));
// Note, this uses a pixel stride of 4, even though the real decoder uses a stride as a
// multiple of 16. If optimizations want to take advantage of that, this test needs to be
// updated to make it more like the h264dsp tests.
call_ref(dst0, subcoef0, 4);
Reported by FlawFinder.
Line: 142
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(dst0, dst, 4 * 4);
memcpy(dst1, dst, 4 * 4);
memcpy(subcoef1, subcoef0, 4 * 4 * sizeof(int16_t));
// Note, this uses a pixel stride of 4, even though the real decoder uses a stride as a
// multiple of 16. If optimizations want to take advantage of that, this test needs to be
// updated to make it more like the h264dsp tests.
call_ref(dst0, subcoef0, 4);
call_new(dst1, subcoef1, 4);
Reported by FlawFinder.
Line: 185
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&coef[i][1], 0, 15 * sizeof(int16_t));
}
memcpy(dst0, dst, 4 * 4 * 4);
memcpy(dst1, dst, 4 * 4 * 4);
memcpy(subcoef0, coef, 4 * 4 * 4 * sizeof(int16_t));
memcpy(subcoef1, coef, 4 * 4 * 4 * sizeof(int16_t));
call_ref(dst0, subcoef0, stride);
call_new(dst1, subcoef1, stride);
Reported by FlawFinder.
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(dst0, dst, 4 * 4 * 4);
memcpy(dst1, dst, 4 * 4 * 4);
memcpy(subcoef0, coef, 4 * 4 * 4 * sizeof(int16_t));
memcpy(subcoef1, coef, 4 * 4 * 4 * sizeof(int16_t));
call_ref(dst0, subcoef0, stride);
call_new(dst1, subcoef1, stride);
if (memcmp(dst0, dst1, 4 * 4 * 4) ||
Reported by FlawFinder.
Line: 187
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst0, dst, 4 * 4 * 4);
memcpy(dst1, dst, 4 * 4 * 4);
memcpy(subcoef0, coef, 4 * 4 * 4 * sizeof(int16_t));
memcpy(subcoef1, coef, 4 * 4 * 4 * sizeof(int16_t));
call_ref(dst0, subcoef0, stride);
call_new(dst1, subcoef1, stride);
if (memcmp(dst0, dst1, 4 * 4 * 4) ||
memcmp(subcoef0, subcoef1, 4 * 4 * 4 * sizeof(int16_t)))
Reported by FlawFinder.
Line: 188
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst0, dst, 4 * 4 * 4);
memcpy(dst1, dst, 4 * 4 * 4);
memcpy(subcoef0, coef, 4 * 4 * 4 * sizeof(int16_t));
memcpy(subcoef1, coef, 4 * 4 * 4 * sizeof(int16_t));
call_ref(dst0, subcoef0, stride);
call_new(dst1, subcoef1, stride);
if (memcmp(dst0, dst1, 4 * 4 * 4) ||
memcmp(subcoef0, subcoef1, 4 * 4 * 4 * sizeof(int16_t)))
fail();
Reported by FlawFinder.
Line: 235
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(dc0, 0, 16 * sizeof(int16_t));
dc0[0] = dc[0];
} else {
memcpy(dc0, dc, 16 * sizeof(int16_t));
}
memcpy(dc1, dc0, 16 * sizeof(int16_t));
memcpy(block0, block, 4 * 4 * 16 * sizeof(int16_t));
memcpy(block1, block, 4 * 4 * 16 * sizeof(int16_t));
call_ref(block0, dc0);
Reported by FlawFinder.
Line: 237
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(dc0, dc, 16 * sizeof(int16_t));
}
memcpy(dc1, dc0, 16 * sizeof(int16_t));
memcpy(block0, block, 4 * 4 * 16 * sizeof(int16_t));
memcpy(block1, block, 4 * 4 * 16 * sizeof(int16_t));
call_ref(block0, dc0);
call_new(block1, dc1);
if (memcmp(block0, block1, 4 * 4 * 16 * sizeof(int16_t)) ||
Reported by FlawFinder.
fftools/ffplay.c
16 issues
Line: 840
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static int realloc_texture(SDL_Texture **texture, Uint32 new_format, int new_width, int new_height, SDL_BlendMode blendmode, int init_texture)
{
Uint32 format;
int access, w, h;
if (!*texture || SDL_QueryTexture(*texture, &format, &access, &w, &h) < 0 || new_width != w || new_height != h || new_format != format) {
void *pixels;
int pitch;
if (*texture)
SDL_DestroyTexture(*texture);
Reported by FlawFinder.
Line: 841
Column: 59
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
Uint32 format;
int access, w, h;
if (!*texture || SDL_QueryTexture(*texture, &format, &access, &w, &h) < 0 || new_width != w || new_height != h || new_format != format) {
void *pixels;
int pitch;
if (*texture)
SDL_DestroyTexture(*texture);
if (!(*texture = SDL_CreateTexture(renderer, new_format, SDL_TEXTUREACCESS_STREAMING, new_width, new_height)))
Reported by FlawFinder.
Line: 1983
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
is->audio_filter_src.channels,
1, is->audio_filter_src.freq);
if (is->audio_filter_src.channel_layout)
snprintf(asrc_args + ret, sizeof(asrc_args) - ret,
":channel_layout=0x%"PRIx64, is->audio_filter_src.channel_layout);
ret = avfilter_graph_create_filter(&filt_asrc,
avfilter_get_by_name("abuffer"), "ffplay_abuffer",
asrc_args, NULL, is->agraph);
Reported by FlawFinder.
Line: 1853
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int configure_video_filters(AVFilterGraph *graph, VideoState *is, const char *vfilters, AVFrame *frame)
{
enum AVPixelFormat pix_fmts[FF_ARRAY_ELEMS(sdl_texture_format_map)];
char sws_flags_str[512] = "";
char buffersrc_args[256];
int ret;
AVFilterContext *filt_src = NULL, *filt_out = NULL, *last_filter = NULL;
AVCodecParameters *codecpar = is->video_st->codecpar;
AVRational fr = av_guess_frame_rate(is->ic, is->video_st, NULL);
Reported by FlawFinder.
Line: 1854
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
enum AVPixelFormat pix_fmts[FF_ARRAY_ELEMS(sdl_texture_format_map)];
char sws_flags_str[512] = "";
char buffersrc_args[256];
int ret;
AVFilterContext *filt_src = NULL, *filt_out = NULL, *last_filter = NULL;
AVCodecParameters *codecpar = is->video_st->codecpar;
AVRational fr = av_guess_frame_rate(is->ic, is->video_st, NULL);
AVDictionaryEntry *e = NULL;
Reported by FlawFinder.
Line: 1938
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} else if (fabs(theta - 270) < 1.0) {
INSERT_FILT("transpose", "cclock");
} else if (fabs(theta) > 1.0) {
char rotate_buf[64];
snprintf(rotate_buf, sizeof(rotate_buf), "%f*PI/180", theta);
INSERT_FILT("rotate", rotate_buf);
}
}
Reported by FlawFinder.
Line: 1961
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t channel_layouts[2] = { 0, -1 };
int channels[2] = { 0, -1 };
AVFilterContext *filt_asrc = NULL, *filt_asink = NULL;
char aresample_swr_opts[512] = "";
AVDictionaryEntry *e = NULL;
char asrc_args[256];
int ret;
avfilter_graph_free(&is->agraph);
Reported by FlawFinder.
Line: 1963
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVFilterContext *filt_asrc = NULL, *filt_asink = NULL;
char aresample_swr_opts[512] = "";
AVDictionaryEntry *e = NULL;
char asrc_args[256];
int ret;
avfilter_graph_free(&is->agraph);
if (!(is->agraph = avfilter_graph_alloc()))
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 2067
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
is->auddec.pkt_serial != last_serial;
if (reconfigure) {
char buf1[1024], buf2[1024];
av_get_channel_layout_string(buf1, sizeof(buf1), -1, is->audio_filter_src.channel_layout);
av_get_channel_layout_string(buf2, sizeof(buf2), -1, dec_channel_layout);
av_log(NULL, AV_LOG_DEBUG,
"Audio frame changed from rate:%d ch:%d fmt:%s layout:%s serial:%d to rate:%d ch:%d fmt:%s layout:%s serial:%d\n",
is->audio_filter_src.freq, is->audio_filter_src.channels, av_get_sample_fmt_name(is->audio_filter_src.fmt), buf1, last_serial,
Reported by FlawFinder.
Line: 2281
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = SAMPLE_ARRAY_SIZE - is->sample_array_index;
if (len > size)
len = size;
memcpy(is->sample_array + is->sample_array_index, samples, len * sizeof(short));
samples += len;
is->sample_array_index += len;
if (is->sample_array_index >= SAMPLE_ARRAY_SIZE)
is->sample_array_index = 0;
size -= len;
Reported by FlawFinder.
libavformat/mxfdec.c
16 issues
Line: 415
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mxf_read_sync(pb, mxf_klv_key, 4))
return AVERROR_INVALIDDATA;
klv->offset = avio_tell(pb) - 4;
memcpy(klv->key, mxf_klv_key, 4);
avio_read(pb, klv->key + 4, 12);
length = klv_decode_ber_length(pb);
if (length < 0)
return length;
klv->length = length;
Reported by FlawFinder.
Line: 733
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nb_essence_containers = avio_rb32(pb);
if (partition->type == Header) {
char str[36];
snprintf(str, sizeof(str), "%08x.%08x.%08x.%08x", AV_RB32(&op[0]), AV_RB32(&op[4]), AV_RB32(&op[8]), AV_RB32(&op[12]));
av_dict_set(&s->metadata, "operational_pattern_ul", str, 0);
}
if (partition->this_partition &&
Reported by FlawFinder.
Line: 1176
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void mxf_read_pixel_layout(AVIOContext *pb, MXFDescriptor *descriptor)
{
int code, value, ofs = 0;
char layout[16] = {0}; /* not for printing, may end up not terminated on purpose */
do {
code = avio_r8(pb);
value = avio_r8(pb);
av_log(NULL, AV_LOG_TRACE, "pixel layout: code %#x\n", code);
Reported by FlawFinder.
Line: 1907
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(mxf->fc, AV_LOG_WARNING, "IndexSID %i starts at EditUnit %"PRId64" - seeking may not work as expected\n",
sorted_segments[i]->index_sid, sorted_segments[i]->index_start_position);
memcpy(t->segments, &sorted_segments[i], t->nb_segments * sizeof(MXFIndexTableSegment*));
t->index_sid = sorted_segments[i]->index_sid;
t->body_sid = sorted_segments[i]->body_sid;
if ((ret = mxf_compute_ptses_fake_index(mxf, t)) < 0)
goto finish_decoding_index;
Reported by FlawFinder.
Line: 2027
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mxf_add_timecode_metadata(AVDictionary **pm, const char *key, AVTimecode *tc)
{
char buf[AV_TIMECODE_STR_SIZE];
av_dict_set(pm, key, av_timecode_make_string(tc, buf, 0), 0);
return 0;
}
Reported by FlawFinder.
Line: 2258
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
st->codecpar->codec_id = AV_CODEC_ID_NONE;
st->id = track->track_id;
memcpy(&tmp_package.package_ul, component->source_package_ul, 16);
memcpy(&tmp_package.package_uid, component->source_package_uid, 16);
mxf_add_umid_metadata(&st->metadata, "file_package_umid", &tmp_package);
if (track->name && track->name[0])
av_dict_set(&st->metadata, "track_name", track->name, 0);
Reported by FlawFinder.
Line: 2259
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
st->id = track->track_id;
memcpy(&tmp_package.package_ul, component->source_package_ul, 16);
memcpy(&tmp_package.package_uid, component->source_package_uid, 16);
mxf_add_umid_metadata(&st->metadata, "file_package_umid", &tmp_package);
if (track->name && track->name[0])
av_dict_set(&st->metadata, "track_name", track->name, 0);
codec_ul = mxf_get_codec_ul(ff_mxf_data_definition_uls, &track->sequence->data_definition_ul);
Reported by FlawFinder.
Line: 2705
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (descriptor->extradata) {
if (!ff_alloc_extradata(st->codecpar, descriptor->extradata_size)) {
memcpy(st->codecpar->extradata, descriptor->extradata, descriptor->extradata_size);
}
} else if (st->codecpar->codec_id == AV_CODEC_ID_H264) {
int coded_width = mxf_get_codec_ul(mxf_intra_only_picture_coded_width,
&descriptor->essence_codec_ul)->id;
if (coded_width)
Reported by FlawFinder.
Line: 2954
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < mxf->local_tags_count; i++) {
int local_tag = AV_RB16(mxf->local_tags+i*18);
if (local_tag == tag) {
memcpy(uid, mxf->local_tags+i*18+2, 16);
av_log(mxf->fc, AV_LOG_TRACE, "local tag %#04x\n", local_tag);
PRINT_KEY(mxf->fc, "uid", uid);
}
}
}
Reported by FlawFinder.
Line: 300
Column: 26
CWE codes:
120
20
typedef struct MXFMetadataReadTableEntry {
const UID key;
MXFMetadataReadFunc *read;
int ctx_size;
enum MXFMetadataSetType type;
} MXFMetadataReadTableEntry;
/* partial keys to match */
Reported by FlawFinder.
libavformat/utils.c
16 issues
Line: 5113
CWE codes:
908
av_freep(&key);
}
return match && ret;
} else if (*spec == 'u' && *(spec + 1) == '\0') {
AVCodecParameters *par = st->codecpar;
int val;
switch (par->codec_type) {
case AVMEDIA_TYPE_AUDIO:
Reported by Cppcheck.
Line: 307
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int av_filename_number_test(const char *filename)
{
char buf[1024];
return filename &&
(av_get_frame_filename(buf, sizeof(buf), filename, 1) >= 0);
}
static int set_codec_from_probe_data(AVFormatContext *s, AVStream *st,
Reported by FlawFinder.
Line: 670
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto no_packet;
}
pd->buf = new_buf;
memcpy(pd->buf + pd->buf_size, pkt->data, pkt->size);
pd->buf_size += pkt->size;
memset(pd->buf + pd->buf_size, 0, AVPROBE_PADDING_SIZE);
} else {
no_packet:
st->internal->probe_packets = 0;
Reported by FlawFinder.
Line: 1638
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(dst_data, src_sd->data, src_sd->size);
}
st->internal->inject_global_side_data = 0;
}
}
Reported by FlawFinder.
Line: 3542
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_data = av_stream_new_side_data(st, sd_src->type, sd_src->size);
if (!dst_data)
return AVERROR(ENOMEM);
memcpy(dst_data, sd_src->data, sd_src->size);
}
return 0;
}
int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options)
Reported by FlawFinder.
Line: 4054
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
goto find_stream_info_err;
}
if (!has_codec_parameters(st, &errmsg)) {
char buf[256];
avcodec_string(buf, sizeof(buf), st->internal->avctx, 0);
av_log(ic, AV_LOG_WARNING,
"Could not find codec parameters for stream %d (%s): %s\n"
"Consider increasing the value for the 'analyzeduration' (%"PRId64") and 'probesize' (%"PRId64") options\n",
i, buf, errmsg, ic->max_analyze_duration, ic->probesize);
Reported by FlawFinder.
Line: 4594
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int av_get_frame_filename2(char *buf, int buf_size, const char *path, int number, int flags)
{
const char *p;
char *q, buf1[20], c;
int nd, len, percentd_found;
q = buf;
p = path;
percentd_found = 0;
Reported by FlawFinder.
Line: 4628
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = strlen(buf1);
if ((q - buf + len) > buf_size - 1)
goto fail;
memcpy(q, buf1, len);
q += len;
break;
default:
goto fail;
}
Reported by FlawFinder.
Line: 4705
Column: 29
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
av_strlcpy(hostname, p + 1,
FFMIN(hostname_size, brk - p));
if (brk[1] == ':' && port_ptr)
*port_ptr = atoi(brk + 2);
} else if ((col = strchr(p, ':')) && col < ls) {
av_strlcpy(hostname, p,
FFMIN(col + 1 - p, hostname_size));
if (port_ptr)
*port_ptr = atoi(col + 1);
Reported by FlawFinder.
Line: 4710
Column: 29
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
av_strlcpy(hostname, p,
FFMIN(col + 1 - p, hostname_size));
if (port_ptr)
*port_ptr = atoi(col + 1);
} else
av_strlcpy(hostname, p,
FFMIN(ls + 1 - p, hostname_size));
}
}
Reported by FlawFinder.
libavcodec/truemotion2.c
16 issues
Line: 841
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* vertical edge extension */
if (j == 0) {
memcpy(Y - 4 - 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
Reported by FlawFinder.
Line: 842
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* vertical edge extension */
if (j == 0) {
memcpy(Y - 4 - 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
Reported by FlawFinder.
Line: 843
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (j == 0) {
memcpy(Y - 4 - 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
Reported by FlawFinder.
Line: 844
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(Y - 4 - 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 4 * ctx->y_stride, Y - 4, ctx->y_stride);
Reported by FlawFinder.
Line: 846
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(Y - 4 - 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 4 * ctx->y_stride, Y - 4, ctx->y_stride);
}
Reported by FlawFinder.
Line: 847
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(Y - 4 - 4 * ctx->y_stride, Y - 4, ctx->y_stride);
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 4 * ctx->y_stride, Y - 4, ctx->y_stride);
}
Y += ctx->y_stride;
Reported by FlawFinder.
Line: 848
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (j == h - 1) {
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 4 * ctx->y_stride, Y - 4, ctx->y_stride);
}
Y += ctx->y_stride;
if (j & 1) {
Reported by FlawFinder.
Line: 849
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(Y - 4 + 1 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 2 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 3 * ctx->y_stride, Y - 4, ctx->y_stride);
memcpy(Y - 4 + 4 * ctx->y_stride, Y - 4, ctx->y_stride);
}
Y += ctx->y_stride;
if (j & 1) {
/* horizontal edge extension */
Reported by FlawFinder.
Line: 862
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* vertical edge extension */
if (j == 1) {
memcpy(U - 2 - 1 * ctx->uv_stride, U - 2, ctx->uv_stride);
memcpy(V - 2 - 1 * ctx->uv_stride, V - 2, ctx->uv_stride);
memcpy(U - 2 - 2 * ctx->uv_stride, U - 2, ctx->uv_stride);
memcpy(V - 2 - 2 * ctx->uv_stride, V - 2, ctx->uv_stride);
} else if (j == h - 1) {
memcpy(U - 2 + 1 * ctx->uv_stride, U - 2, ctx->uv_stride);
Reported by FlawFinder.
Line: 863
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* vertical edge extension */
if (j == 1) {
memcpy(U - 2 - 1 * ctx->uv_stride, U - 2, ctx->uv_stride);
memcpy(V - 2 - 1 * ctx->uv_stride, V - 2, ctx->uv_stride);
memcpy(U - 2 - 2 * ctx->uv_stride, U - 2, ctx->uv_stride);
memcpy(V - 2 - 2 * ctx->uv_stride, V - 2, ctx->uv_stride);
} else if (j == h - 1) {
memcpy(U - 2 + 1 * ctx->uv_stride, U - 2, ctx->uv_stride);
memcpy(V - 2 + 1 * ctx->uv_stride, V - 2, ctx->uv_stride);
Reported by FlawFinder.
fftools/ffmpeg_filter.c
16 issues
Line: 427
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVFilterContext *last_filter = out->filter_ctx;
int pad_idx = out->pad_idx;
int ret;
char name[255];
snprintf(name, sizeof(name), "out_%d_%d", ost->file_index, ost->index);
ret = avfilter_graph_create_filter(&ofilter->filter,
avfilter_get_by_name("buffersink"),
name, NULL, NULL, fg->graph);
Reported by FlawFinder.
Line: 438
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
if ((ofilter->width || ofilter->height) && ofilter->ost->autoscale) {
char args[255];
AVFilterContext *filter;
AVDictionaryEntry *e = NULL;
snprintf(args, sizeof(args), "%d:%d",
ofilter->width, ofilter->height);
Reported by FlawFinder.
Line: 480
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (ost->frame_rate.num && 0) {
AVFilterContext *fps;
char args[255];
snprintf(args, sizeof(args), "fps=%d/%d", ost->frame_rate.num,
ost->frame_rate.den);
snprintf(name, sizeof(name), "fps_out_%d_%d",
ost->file_index, ost->index);
Reported by FlawFinder.
Line: 520
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVFilterContext *last_filter = out->filter_ctx;
int pad_idx = out->pad_idx;
AVBPrint args;
char name[255];
int ret;
snprintf(name, sizeof(name), "out_%d_%d", ost->file_index, ost->index);
ret = avfilter_graph_create_filter(&ofilter->filter,
avfilter_get_by_name("abuffersink"),
Reported by FlawFinder.
Line: 709
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVRational fr = ist->framerate;
AVRational sar;
AVBPrint args;
char name[255];
int ret, pad_idx = 0;
int64_t tsoffset = 0;
AVBufferSrcParameters *par = av_buffersrc_parameters_alloc();
if (!par)
Reported by FlawFinder.
Line: 772
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} else if (fabs(theta - 270) < 1.0) {
ret = insert_filter(&last_filter, &pad_idx, "transpose", "cclock");
} else if (fabs(theta) > 1.0) {
char rotate_buf[64];
snprintf(rotate_buf, sizeof(rotate_buf), "%f*PI/180", theta);
ret = insert_filter(&last_filter, &pad_idx, "rotate", rotate_buf);
}
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 827
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
InputStream *ist = ifilter->ist;
InputFile *f = input_files[ist->file_index];
AVBPrint args;
char name[255];
int ret, pad_idx = 0;
int64_t tsoffset = 0;
if (ist->dec_ctx->codec_type != AVMEDIA_TYPE_AUDIO) {
av_log(NULL, AV_LOG_ERROR, "Cannot connect audio filter to non audio input\n");
Reported by FlawFinder.
Line: 877
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} while (0)
if (audio_sync_method > 0) {
char args[256] = {0};
av_strlcatf(args, sizeof(args), "async=%d", audio_sync_method);
if (audio_drift_threshold != 0.1)
av_strlcatf(args, sizeof(args), ":min_hard_comp=%f", audio_drift_threshold);
if (!fg->reconfiguration)
Reported by FlawFinder.
Line: 901
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// }
if (audio_volume != 256) {
char args[256];
av_log(NULL, AV_LOG_WARNING, "-vol has been deprecated. Use the volume "
"audio filter instead.\n");
snprintf(args, sizeof(args), "%f", audio_volume / 256.);
Reported by FlawFinder.
Line: 968
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (simple) {
OutputStream *ost = fg->outputs[0]->ost;
char args[512];
AVDictionaryEntry *e = NULL;
fg->graph->nb_threads = filter_nbthreads;
args[0] = 0;
Reported by FlawFinder.