The following issues were found
doc/examples/decode_video.c
3 issues
Line: 44
Column: 9
CWE codes:
362
FILE *f;
int i;
f = fopen(filename,"wb");
fprintf(f, "P5\n%d %d\n%d\n", xsize, ysize, 255);
for (i = 0; i < ysize; i++)
fwrite(buf + i * wrap, 1, xsize, f);
fclose(f);
}
Reported by FlawFinder.
Line: 54
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void decode(AVCodecContext *dec_ctx, AVFrame *frame, AVPacket *pkt,
const char *filename)
{
char buf[1024];
int ret;
ret = avcodec_send_packet(dec_ctx, pkt);
if (ret < 0) {
fprintf(stderr, "Error sending a packet for decoding\n");
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
362
exit(1);
}
f = fopen(filename, "rb");
if (!f) {
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
Reported by FlawFinder.
libavcodec/mips/amrwbdec_mips.c
3 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 65
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 186
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
);
out[i] = output;
}
memcpy(mem, data + AMRWB_SFR_SIZE_16k, HB_FIR_SIZE * sizeof(float));
}
#endif /* !HAVE_MIPS32R6 && !HAVE_MIPS64R6 */
#endif /* HAVE_INLINE_ASM */
Reported by FlawFinder.
libavfilter/af_lv2.c
3 issues
Line: 142
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = av_calloc(table->n_uris + 1, sizeof(char*));
if (!tmp)
return table->n_uris;
memcpy(tmp, table->uris, table->n_uris * sizeof(char**));
av_free(table->uris);
table->uris = tmp;
table->uris[table->n_uris] = av_malloc(len + 1);
if (!table->uris[table->n_uris])
Reported by FlawFinder.
Line: 150
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!table->uris[table->n_uris])
return table->n_uris;
memcpy(table->uris[table->n_uris], uri, len + 1);
table->n_uris++;
return table->n_uris;
}
Reported by FlawFinder.
Line: 129
Column: 24
CWE codes:
126
static LV2_URID uri_table_map(LV2_URID_Map_Handle handle, const char *uri)
{
URITable *table = (URITable*)handle;
const size_t len = strlen(uri);
size_t i;
char **tmp;
for (i = 0; i < table->n_uris; i++) {
if (!strcmp(table->uris[i], uri)) {
Reported by FlawFinder.
libavcodec/atrac.c
3 issues
Line: 125
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the overlapping part into the delay buffer */
memcpy(prev, &in[num_samples], num_samples * sizeof(float));
}
void ff_atrac_iqmf(float *inlo, float *inhi, unsigned int nIn, float *pOut,
float *delayBuf, float *temp)
{
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
float *p1, *p3;
memcpy(temp, delayBuf, 46*sizeof(float));
p3 = temp + 46;
/* loop1 */
for(i=0; i<nIn; i+=2){
Reported by FlawFinder.
Line: 165
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Update the delay buffer. */
memcpy(delayBuf, temp + nIn*2, 46*sizeof(float));
}
Reported by FlawFinder.
libavformat/pcmdec.c
3 issues
Line: 134
#define PCMDEF(name, long_name, ext, uppercase) \
PCMDEF_EXT(name, long_name, ext, uppercase, )
PCMDEF(f64be, "PCM 64-bit floating-point big-endian", NULL, F64BE)
PCMDEF(f64le, "PCM 64-bit floating-point little-endian", NULL, F64LE)
PCMDEF(f32be, "PCM 32-bit floating-point big-endian", NULL, F32BE)
PCMDEF(f32le, "PCM 32-bit floating-point little-endian", NULL, F32LE)
PCMDEF(s32be, "PCM signed 32-bit big-endian", NULL, S32BE)
PCMDEF(s32le, "PCM signed 32-bit little-endian", NULL, S32LE)
Reported by Cppcheck.
Line: 65
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!channels)
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
Reported by FlawFinder.
Line: 66
Column: 26
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
if (rate <= 0) {
Reported by FlawFinder.
libavfilter/af_anlms.c
3 issues
Line: 104
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
delay[*offset] = sample;
memcpy(tmp, coeffs + order - *offset, order * sizeof(float));
output = s->fdsp->scalarproduct_float(delay, tmp, s->kernel_size);
if (--(*offset) < 0)
*offset = order - 1;
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
norm = s->eps + sum;
b = mu * e / norm;
memcpy(tmp, delay + offset, order * sizeof(float));
s->fdsp->vector_fmul_scalar(coeffs, coeffs, a, s->kernel_size);
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
Reported by FlawFinder.
Line: 140
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
memcpy(coeffs + order, coeffs, order * sizeof(float));
switch (s->output_mode) {
case IN_MODE: output = input; break;
case DESIRED_MODE: output = desired; break;
case OUT_MODE: /*output = output;*/ break;
Reported by FlawFinder.
libavformat/mccdec.c
3 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mcc_probe(const AVProbeData *p)
{
char buf[28];
FFTextReader tr;
ff_text_init_buf(&tr, p->buf, p->buf_size);
while (ff_text_peek_r8(&tr) == '\r' || ff_text_peek_r8(&tr) == '\n')
Reported by FlawFinder.
Line: 98
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVRational rate;
int64_t ts, pos;
uint8_t out[4096];
char line[4096];
FFTextReader tr;
int ret = 0;
ff_text_init_avio(s, &tr, s->pb);
Reported by FlawFinder.
Line: 160
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j = 0;
break;
}
memcpy(out + j, aliases[idx].value, aliases[idx].len);
j += aliases[idx].len;
}
} else {
uint8_t vv;
Reported by FlawFinder.
libavformat/mkvtimestamp_v2.c
3 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write_packet(AVFormatContext *s, AVPacket *pkt)
{
char buf[256];
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
Reported by FlawFinder.
Line: 28
Column: 31
CWE codes:
126
static int write_header(AVFormatContext *s)
{
static const char *header = "# timecode format v2\n";
avio_write(s->pb, header, strlen(header));
avpriv_set_pts_info(s->streams[0], 64, 1, 1000);
return 0;
}
static int write_packet(AVFormatContext *s, AVPacket *pkt)
Reported by FlawFinder.
Line: 39
Column: 28
CWE codes:
126
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
}
const AVOutputFormat ff_mkvtimestamp_v2_muxer = {
.name = "mkvtimestamp_v2",
Reported by FlawFinder.
libavformat/mmsh.c
3 issues
Line: 216
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mmsh_open_internal(URLContext *h, const char *uri, int flags, int timestamp, int64_t pos)
{
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
Reported by FlawFinder.
Line: 218
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
mmsh->request_seq = h->is_streamed = 1;
mms = &mmsh->mms;
Reported by FlawFinder.
Line: 277
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!stream_selection)
return AVERROR(ENOMEM);
for (i = 0; i < mms->stream_num; i++) {
char tmp[20];
err = snprintf(tmp, sizeof(tmp), "ffff:%d:0 ", mms->streams[i].id);
if (err < 0)
goto fail;
av_strlcat(stream_selection, tmp, mms->stream_num * 19 + 1);
}
Reported by FlawFinder.
libavcodec/libzvbi-teletextdec.c
3 issues
Line: 513
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TeletextPage *new_pages;
vbi_page page;
int res;
char pgno_str[12];
int chop_top;
int is_subtitle_page = ctx->subtitle_map[ev->ev.ttx_page.pgno & 0x7ff];
snprintf(pgno_str, sizeof pgno_str, "%03x", ev->ev.ttx_page.pgno);
av_log(ctx, AV_LOG_DEBUG, "decoded page %s.%02x\n",
Reported by FlawFinder.
Line: 126
Column: 35
CWE codes:
126
av_free(avctx->subtitle_header);
avctx->subtitle_header = new_header;
avctx->subtitle_header_size = strlen(new_header);
return 0;
}
static int chop_spaces_utf8(const unsigned char* t, int len)
{
Reported by FlawFinder.
Line: 155
Column: 42
CWE codes:
126
AVBPrint buf;
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
ff_ass_bprint_text_event(&buf, text, strlen(text), "", 0);
if (!av_bprint_is_complete(&buf)) {
av_bprint_finalize(&buf, NULL);
return NULL;
}
dialog = ff_ass_get_dialog(ctx->readorder++, 0, NULL, NULL, buf.str);
Reported by FlawFinder.