The following issues were found
libavcodec/mips/amrwbdec_mips.c
3 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 65
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float data[AMRWB_SFR_SIZE_16k + HB_FIR_SIZE]; // past and current samples
memcpy(data, mem, HB_FIR_SIZE * sizeof(float));
memcpy(data + HB_FIR_SIZE, in, AMRWB_SFR_SIZE_16k * sizeof(float));
for (i = 0; i < AMRWB_SFR_SIZE_16k; i++) {
float output;
float * p_data = (data+i);
Reported by FlawFinder.
Line: 186
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
);
out[i] = output;
}
memcpy(mem, data + AMRWB_SFR_SIZE_16k, HB_FIR_SIZE * sizeof(float));
}
#endif /* !HAVE_MIPS32R6 && !HAVE_MIPS64R6 */
#endif /* HAVE_INLINE_ASM */
Reported by FlawFinder.
libavcodec/atrac.c
3 issues
Line: 125
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the overlapping part into the delay buffer */
memcpy(prev, &in[num_samples], num_samples * sizeof(float));
}
void ff_atrac_iqmf(float *inlo, float *inhi, unsigned int nIn, float *pOut,
float *delayBuf, float *temp)
{
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
float *p1, *p3;
memcpy(temp, delayBuf, 46*sizeof(float));
p3 = temp + 46;
/* loop1 */
for(i=0; i<nIn; i+=2){
Reported by FlawFinder.
Line: 165
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Update the delay buffer. */
memcpy(delayBuf, temp + nIn*2, 46*sizeof(float));
}
Reported by FlawFinder.
libavformat/mxg.c
3 issues
Line: 176
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size);
if (ret < 0)
return ret;
memcpy(pkt->data, mxg->soi_ptr, size);
pkt->pts = pkt->dts = mxg->dts;
pkt->stream_index = 0;
if (mxg->soi_ptr - mxg->buffer > mxg->cache_size) {
Reported by FlawFinder.
Line: 215
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = av_new_packet(pkt, size - 14);
if (ret < 0)
return ret;
memcpy(pkt->data, startmarker_ptr + 16, size - 14);
/* time (GMT) of first sample in usec since 1970, little-endian */
pkt->pts = pkt->dts = AV_RL64(startmarker_ptr + 8);
pkt->stream_index = 1;
Reported by FlawFinder.
Line: 223
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (startmarker_ptr - mxg->buffer > mxg->cache_size) {
if (mxg->cache_size > 0) {
memcpy(mxg->buffer, mxg->buffer_ptr, mxg->cache_size);
}
mxg->buffer_ptr = mxg->buffer;
}
return pkt->size;
Reported by FlawFinder.
libavformat/pcmdec.c
3 issues
Line: 134
#define PCMDEF(name, long_name, ext, uppercase) \
PCMDEF_EXT(name, long_name, ext, uppercase, )
PCMDEF(f64be, "PCM 64-bit floating-point big-endian", NULL, F64BE)
PCMDEF(f64le, "PCM 64-bit floating-point little-endian", NULL, F64LE)
PCMDEF(f32be, "PCM 32-bit floating-point big-endian", NULL, F32BE)
PCMDEF(f32le, "PCM 32-bit floating-point little-endian", NULL, F32LE)
PCMDEF(s32be, "PCM signed 32-bit big-endian", NULL, S32BE)
PCMDEF(s32le, "PCM signed 32-bit little-endian", NULL, S32LE)
Reported by Cppcheck.
Line: 65
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!channels)
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
Reported by FlawFinder.
Line: 66
Column: 26
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
if (rate <= 0) {
Reported by FlawFinder.
libavfilter/af_anlms.c
3 issues
Line: 104
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
delay[*offset] = sample;
memcpy(tmp, coeffs + order - *offset, order * sizeof(float));
output = s->fdsp->scalarproduct_float(delay, tmp, s->kernel_size);
if (--(*offset) < 0)
*offset = order - 1;
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
norm = s->eps + sum;
b = mu * e / norm;
memcpy(tmp, delay + offset, order * sizeof(float));
s->fdsp->vector_fmul_scalar(coeffs, coeffs, a, s->kernel_size);
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
Reported by FlawFinder.
Line: 140
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
memcpy(coeffs + order, coeffs, order * sizeof(float));
switch (s->output_mode) {
case IN_MODE: output = input; break;
case DESIRED_MODE: output = desired; break;
case OUT_MODE: /*output = output;*/ break;
Reported by FlawFinder.
libavformat/img2dec.c
3 issues
Line: 113
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int find_image_range(AVIOContext *pb, int *pfirst_index, int *plast_index,
const char *path, int start_index, int start_index_range)
{
char buf[1024];
int range, last_index, range1, first_index;
/* find the first image */
for (first_index = start_index; first_index < start_index + start_index_range; first_index++) {
if (av_get_frame_filename(buf, sizeof(buf), path, first_index) < 0) {
Reported by FlawFinder.
Line: 408
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
{
VideoDemuxData *s = s1->priv_data;
char filename_bytes[1024];
char *filename = filename_bytes;
int i, res;
int size[3] = { 0 }, ret[3] = { 0 };
AVIOContext *f[3] = { NULL };
AVCodecParameters *par = s1->streams[0]->codecpar;
Reported by FlawFinder.
Line: 451
Column: 22
CWE codes:
126
if (!s->split_planes)
break;
filename[strlen(filename) - 1] = 'U' + i;
}
if (par->codec_id == AV_CODEC_ID_NONE) {
AVProbeData pd = { 0 };
const AVInputFormat *ifmt;
Reported by FlawFinder.
libavcodec/libzvbi-teletextdec.c
3 issues
Line: 513
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TeletextPage *new_pages;
vbi_page page;
int res;
char pgno_str[12];
int chop_top;
int is_subtitle_page = ctx->subtitle_map[ev->ev.ttx_page.pgno & 0x7ff];
snprintf(pgno_str, sizeof pgno_str, "%03x", ev->ev.ttx_page.pgno);
av_log(ctx, AV_LOG_DEBUG, "decoded page %s.%02x\n",
Reported by FlawFinder.
Line: 126
Column: 35
CWE codes:
126
av_free(avctx->subtitle_header);
avctx->subtitle_header = new_header;
avctx->subtitle_header_size = strlen(new_header);
return 0;
}
static int chop_spaces_utf8(const unsigned char* t, int len)
{
Reported by FlawFinder.
Line: 155
Column: 42
CWE codes:
126
AVBPrint buf;
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
ff_ass_bprint_text_event(&buf, text, strlen(text), "", 0);
if (!av_bprint_is_complete(&buf)) {
av_bprint_finalize(&buf, NULL);
return NULL;
}
dialog = ff_ass_get_dialog(ctx->readorder++, 0, NULL, NULL, buf.str);
Reported by FlawFinder.
libavcodec/dpxenc.c
3 issues
Line: 209
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* File information header */
write32(buf, MKBETAG('S','D','P','X'));
write32(buf + 4, HEADER_SIZE);
memcpy (buf + 8, "V1.0", 4);
write32(buf + 20, 1); /* new image */
write32(buf + 24, HEADER_SIZE);
if (!(avctx->flags & AV_CODEC_FLAG_BITEXACT))
memcpy (buf + 160, LIBAVCODEC_IDENT, FFMIN(sizeof(LIBAVCODEC_IDENT), 100));
write32(buf + 660, 0xFFFFFFFF); /* unencrypted */
Reported by FlawFinder.
Line: 213
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
write32(buf + 20, 1); /* new image */
write32(buf + 24, HEADER_SIZE);
if (!(avctx->flags & AV_CODEC_FLAG_BITEXACT))
memcpy (buf + 160, LIBAVCODEC_IDENT, FFMIN(sizeof(LIBAVCODEC_IDENT), 100));
write32(buf + 660, 0xFFFFFFFF); /* unencrypted */
/* Image information header */
write16(buf + 768, 0); /* orientation; left to right, top to bottom */
write16(buf + 770, 1); /* number of elements */
Reported by FlawFinder.
Line: 242
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst = pkt->data + HEADER_SIZE;
size = (len + need_align) * avctx->height;
for (j=0; j<avctx->height; j++) {
memcpy(dst, src, len);
memset(dst + len, 0, need_align);
dst += len + need_align;
src += frame->linesize[0];
}
} else {
Reported by FlawFinder.
libavcodec/dpx.c
3 issues
Line: 162
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVFrame *const p = data;
uint8_t *ptr[AV_NUM_DATA_POINTERS];
uint32_t header_version, version = 0;
char creator[101] = { 0 };
char input_device[33] = { 0 };
unsigned int offset;
int magic_num, endian;
int x, y, stride, i, j, ret;
Reported by FlawFinder.
Line: 163
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint8_t *ptr[AV_NUM_DATA_POINTERS];
uint32_t header_version, version = 0;
char creator[101] = { 0 };
char input_device[33] = { 0 };
unsigned int offset;
int magic_num, endian;
int x, y, stride, i, j, ret;
int w, h, bits_per_color, descriptor, elements, packing;
Reported by FlawFinder.
Line: 285
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (offset >= 1920 + 4) {
uint32_t tc;
uint32_t *tc_sd;
char tcbuf[AV_TIMECODE_STR_SIZE];
buf = avpkt->data + 1920;
// read32 to native endian, av_bswap32 to opposite of native for
// compatibility with av_timecode_make_smpte_tc_string2 etc
tc = av_bswap32(read32(&buf, endian));
Reported by FlawFinder.
libavcodec/dolby_e.c
3 issues
Line: 664
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c->exp_strategy[i]) {
unbias_exponents(s, c, g);
} else {
memcpy(c->exponents + g->exp_ofs,
c->exponents + p->exp_ofs,
g->nb_exponent * sizeof(c->exponents[0]));
}
}
Reported by FlawFinder.
Line: 799
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->exponents + g->exp_ofs, c->bap + g->exp_ofs,
fg_spc[i], fg_ofs[i], msk_mod[i], snr_ofs);
} else {
memcpy(c->bap + g->exp_ofs,
c->bap + p->exp_ofs,
g->nb_exponent * sizeof(c->bap[0]));
}
}
Reported by FlawFinder.
Line: 828
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; j < g->nb_exponent; j++)
c->idx[g->exp_ofs + j] = get_bits(&s->gb, 2);
} else if (i && g->nb_exponent == p->nb_exponent) {
memcpy(c->idx + g->exp_ofs,
c->idx + p->exp_ofs,
g->nb_exponent * sizeof(c->idx[0]));
} else {
memset(c->idx + g->exp_ofs, 0, g->nb_exponent * sizeof(c->idx[0]));
}
Reported by FlawFinder.