The following issues were found
libavfilter/af_anlms.c
3 issues
Line: 104
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
delay[*offset] = sample;
memcpy(tmp, coeffs + order - *offset, order * sizeof(float));
output = s->fdsp->scalarproduct_float(delay, tmp, s->kernel_size);
if (--(*offset) < 0)
*offset = order - 1;
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
norm = s->eps + sum;
b = mu * e / norm;
memcpy(tmp, delay + offset, order * sizeof(float));
s->fdsp->vector_fmul_scalar(coeffs, coeffs, a, s->kernel_size);
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
Reported by FlawFinder.
Line: 140
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->fdsp->vector_fmac_scalar(coeffs, tmp, b, s->kernel_size);
memcpy(coeffs + order, coeffs, order * sizeof(float));
switch (s->output_mode) {
case IN_MODE: output = input; break;
case DESIRED_MODE: output = desired; break;
case OUT_MODE: /*output = output;*/ break;
Reported by FlawFinder.
libavcodec/dolby_e.c
3 issues
Line: 664
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c->exp_strategy[i]) {
unbias_exponents(s, c, g);
} else {
memcpy(c->exponents + g->exp_ofs,
c->exponents + p->exp_ofs,
g->nb_exponent * sizeof(c->exponents[0]));
}
}
Reported by FlawFinder.
Line: 799
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->exponents + g->exp_ofs, c->bap + g->exp_ofs,
fg_spc[i], fg_ofs[i], msk_mod[i], snr_ofs);
} else {
memcpy(c->bap + g->exp_ofs,
c->bap + p->exp_ofs,
g->nb_exponent * sizeof(c->bap[0]));
}
}
Reported by FlawFinder.
Line: 828
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; j < g->nb_exponent; j++)
c->idx[g->exp_ofs + j] = get_bits(&s->gb, 2);
} else if (i && g->nb_exponent == p->nb_exponent) {
memcpy(c->idx + g->exp_ofs,
c->idx + p->exp_ofs,
g->nb_exponent * sizeof(c->idx[0]));
} else {
memset(c->idx + g->exp_ofs, 0, g->nb_exponent * sizeof(c->idx[0]));
}
Reported by FlawFinder.
libavcodec/dfa.c
3 issues
Line: 335
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
decode_tdlt, decode_dsw1, decode_blck, decode_dds1,
};
static const char chunk_name[8][5] = {
"COPY", "TSW1", "BDLT", "WDLT", "TDLT", "DSW1", "BLCK", "DDS1"
};
static int dfa_decode_frame(AVCodecContext *avctx,
void *data, int *got_frame,
Reported by FlawFinder.
Line: 396
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((j&3)*(avctx->height/4) + (i/4))*avctx->width];
}
} else {
memcpy(dst, buf, avctx->width);
buf += avctx->width;
}
dst += frame->linesize[0];
}
memcpy(frame->data[1], s->pal, sizeof(s->pal));
Reported by FlawFinder.
Line: 401
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
dst += frame->linesize[0];
}
memcpy(frame->data[1], s->pal, sizeof(s->pal));
*got_frame = 1;
return avpkt->size;
}
Reported by FlawFinder.
libavcodec/decode.c
3 issues
Line: 1108
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!choices)
return AV_PIX_FMT_NONE;
memcpy(choices, fmt, (n + 1) * sizeof(*choices));
for (;;) {
// Remove the previous hwaccel, if there was one.
hwaccel_uninit(avctx);
Reported by FlawFinder.
Line: 1521
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!frame_sd)
return AVERROR(ENOMEM);
memcpy(frame_sd->data, packet_sd, size);
}
}
add_metadata_from_side_data(pkt, frame);
if (pkt->flags & AV_PKT_FLAG_DISCARD) {
Reported by FlawFinder.
Line: 1856
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const void *pal = av_packet_get_side_data(src, AV_PKT_DATA_PALETTE, &size);
if (pal && size == AVPALETTE_SIZE) {
memcpy(dst, pal, AVPALETTE_SIZE);
return 1;
} else if (pal) {
av_log(logctx, AV_LOG_ERROR,
"Palette size %"SIZE_SPECIFIER" is wrong\n", size);
}
Reported by FlawFinder.
libavformat/mmsh.c
3 issues
Line: 216
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mmsh_open_internal(URLContext *h, const char *uri, int flags, int timestamp, int64_t pos)
{
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
Reported by FlawFinder.
Line: 218
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, port, err;
char httpname[256], path[256], host[128];
char *stream_selection = NULL;
char headers[1024];
MMSHContext *mmsh = h->priv_data;
MMSContext *mms;
mmsh->request_seq = h->is_streamed = 1;
mms = &mmsh->mms;
Reported by FlawFinder.
Line: 277
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!stream_selection)
return AVERROR(ENOMEM);
for (i = 0; i < mms->stream_num; i++) {
char tmp[20];
err = snprintf(tmp, sizeof(tmp), "ffff:%d:0 ", mms->streams[i].id);
if (err < 0)
goto fail;
av_strlcat(stream_selection, tmp, mms->stream_num * 19 + 1);
}
Reported by FlawFinder.
libavformat/mkvtimestamp_v2.c
3 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write_packet(AVFormatContext *s, AVPacket *pkt)
{
char buf[256];
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
Reported by FlawFinder.
Line: 28
Column: 31
CWE codes:
126
static int write_header(AVFormatContext *s)
{
static const char *header = "# timecode format v2\n";
avio_write(s->pb, header, strlen(header));
avpriv_set_pts_info(s->streams[0], 64, 1, 1000);
return 0;
}
static int write_packet(AVFormatContext *s, AVPacket *pkt)
Reported by FlawFinder.
Line: 39
Column: 28
CWE codes:
126
if (pkt->stream_index)
av_log(s, AV_LOG_WARNING, "More than one stream unsupported\n");
snprintf(buf, sizeof(buf), "%" PRId64 "\n", pkt->dts);
avio_write(s->pb, buf, strlen(buf));
return 0;
}
const AVOutputFormat ff_mkvtimestamp_v2_muxer = {
.name = "mkvtimestamp_v2",
Reported by FlawFinder.
libavcodec/dca_xll.c
3 issues
Line: 750
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int32_t *band1 = c->bands[1].msb_sample_buffer[ch];
// Copy decimator history
memcpy(band0 - DCA_XLL_DECI_HISTORY_MAX,
c->deci_history[ch], sizeof(c->deci_history[0]));
// Filter
s->dcadsp->assemble_freq_bands(ptr, band0, band1,
ff_dca_xll_band_coeff,
Reported by FlawFinder.
Line: 1077
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->pbr_buffer && !(s->pbr_buffer = av_malloc(DCA_XLL_PBR_BUFFER_MAX + AV_INPUT_BUFFER_PADDING_SIZE)))
return AVERROR(ENOMEM);
memcpy(s->pbr_buffer, data, size);
s->pbr_length = size;
s->pbr_delay = delay;
return 0;
}
Reported by FlawFinder.
Line: 1130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
memcpy(s->pbr_buffer + s->pbr_length, data, size);
s->pbr_length += size;
// Respect decoding delay after synchronization error
if (s->pbr_delay > 0 && --s->pbr_delay)
return AVERROR(EAGAIN);
Reported by FlawFinder.
libavformat/mccdec.c
3 issues
Line: 35
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mcc_probe(const AVProbeData *p)
{
char buf[28];
FFTextReader tr;
ff_text_init_buf(&tr, p->buf, p->buf_size);
while (ff_text_peek_r8(&tr) == '\r' || ff_text_peek_r8(&tr) == '\n')
Reported by FlawFinder.
Line: 98
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVRational rate;
int64_t ts, pos;
uint8_t out[4096];
char line[4096];
FFTextReader tr;
int ret = 0;
ff_text_init_avio(s, &tr, s->pb);
Reported by FlawFinder.
Line: 160
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j = 0;
break;
}
memcpy(out + j, aliases[idx].value, aliases[idx].len);
j += aliases[idx].len;
}
} else {
uint8_t vv;
Reported by FlawFinder.
libavdevice/gdigrab.c
3 issues
Line: 606
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfh.bfReserved2 = 0;
bfh.bfOffBits = gdigrab->header_size;
memcpy(pkt->data, &bfh, sizeof(bfh));
memcpy(pkt->data + sizeof(bfh), &gdigrab->bmi.bmiHeader, sizeof(gdigrab->bmi.bmiHeader));
if (gdigrab->bmi.bmiHeader.biBitCount <= 8)
GetDIBColorTable(dest_hdc, 0, 1 << gdigrab->bmi.bmiHeader.biBitCount,
Reported by FlawFinder.
Line: 608
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pkt->data, &bfh, sizeof(bfh));
memcpy(pkt->data + sizeof(bfh), &gdigrab->bmi.bmiHeader, sizeof(gdigrab->bmi.bmiHeader));
if (gdigrab->bmi.bmiHeader.biBitCount <= 8)
GetDIBColorTable(dest_hdc, 0, 1 << gdigrab->bmi.bmiHeader.biBitCount,
(RGBQUAD *) (pkt->data + sizeof(bfh) + sizeof(gdigrab->bmi.bmiHeader)));
Reported by FlawFinder.
Line: 614
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GetDIBColorTable(dest_hdc, 0, 1 << gdigrab->bmi.bmiHeader.biBitCount,
(RGBQUAD *) (pkt->data + sizeof(bfh) + sizeof(gdigrab->bmi.bmiHeader)));
memcpy(pkt->data + gdigrab->header_size, gdigrab->buffer, gdigrab->frame_size);
gdigrab->time_frame = time_frame;
return gdigrab->header_size + gdigrab->frame_size;
}
Reported by FlawFinder.
libavformat/pcmdec.c
3 issues
Line: 134
#define PCMDEF(name, long_name, ext, uppercase) \
PCMDEF_EXT(name, long_name, ext, uppercase, )
PCMDEF(f64be, "PCM 64-bit floating-point big-endian", NULL, F64BE)
PCMDEF(f64le, "PCM 64-bit floating-point little-endian", NULL, F64LE)
PCMDEF(f32be, "PCM 32-bit floating-point big-endian", NULL, F32BE)
PCMDEF(f32le, "PCM 32-bit floating-point little-endian", NULL, F32LE)
PCMDEF(s32be, "PCM signed 32-bit big-endian", NULL, S32BE)
PCMDEF(s32le, "PCM signed 32-bit little-endian", NULL, S32LE)
Reported by Cppcheck.
Line: 65
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!channels)
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
Reported by FlawFinder.
Line: 66
Column: 26
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
sscanf(options, " channels=%d", &channels);
if (!little_endian) {
char val[sizeof("little-endian")];
if (sscanf(options, " endianness=%13s", val) == 1) {
little_endian = strcmp(val, "little-endian") == 0;
}
}
}
if (rate <= 0) {
Reported by FlawFinder.