The following issues were found
libavcodec/libopenh264enc.c
2 issues
Line: 348
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!avctx->extradata)
return AVERROR(ENOMEM);
avctx->extradata_size = size;
memcpy(avctx->extradata, fbi.sLayerInfo[0].pBsBuf, size);
}
props = ff_add_cpb_side_data(avctx);
if (!props)
return AVERROR(ENOMEM);
Reported by FlawFinder.
Line: 413
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = 0;
for (layer = first_layer; layer < fbi.iLayerNum; layer++) {
memcpy(avpkt->data + size, fbi.sLayerInfo[layer].pBsBuf, layer_size[layer]);
size += layer_size[layer];
}
avpkt->pts = frame->pts;
if (fbi.eFrameType == videoFrameTypeIDR)
avpkt->flags |= AV_PKT_FLAG_KEY;
Reported by FlawFinder.
libavdevice/fbdev_common.c
2 issues
Line: 66
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char* ff_fbdev_default_device()
{
const char *dev = getenv("FRAMEBUFFER");
if (!dev)
dev = "/dev/fb0";
return dev;
}
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fb_var_screeninfo varinfo;
struct fb_fix_screeninfo fixinfo;
char device_file[12];
AVDeviceInfo *device = NULL;
int i, fd, ret = 0;
const char *default_device = ff_fbdev_default_device();
if (!device_list)
Reported by FlawFinder.
libavcodec/dca_lbr.c
2 issues
Line: 880
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ch != ch1 && ff_dca_grid_2_to_scf[sb] >= s->min_mono_subband) != flag) {
if (!flag)
memcpy(g2_scf, s->grid_2_scf[ch1][sb], 64);
continue;
}
// Scale factors in groups of 8
for (i = 0; i < 8; i++, g2_scf += 8) {
Reported by FlawFinder.
Line: 1725
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Update history for LPC and forward MDCT
for (sb = 0; sb < nsubbands; sb++) {
float *samples = s->time_samples[ch][sb] - DCA_LBR_TIME_HISTORY;
memcpy(samples, samples + DCA_LBR_TIME_SAMPLES, DCA_LBR_TIME_HISTORY * sizeof(float));
}
}
int ff_dca_lbr_filter_frame(DCALbrDecoder *s, AVFrame *frame)
{
Reported by FlawFinder.
libavcodec/libopencore-amr.c
2 issues
Line: 163
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 7400, MR74 }, { 7950, MR795 }, { 10200, MR102 }, { 12200, MR122 }
};
int i, best = -1, min_diff = 0;
char log_buf[200];
for (i = 0; i < 8; i++) {
if (rates[i].rate == bitrate)
return rates[i].mode;
if (best < 0 || abs(rates[i].rate - bitrate) < min_diff) {
Reported by FlawFinder.
Line: 255
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flush_buf = av_mallocz_array(avctx->frame_size, sizeof(*flush_buf));
if (!flush_buf)
return AVERROR(ENOMEM);
memcpy(flush_buf, samples, frame->nb_samples * sizeof(*flush_buf));
samples = flush_buf;
if (frame->nb_samples < avctx->frame_size - avctx->initial_padding)
s->enc_last_frame = -1;
}
if ((ret = ff_af_queue_add(&s->afq, frame)) < 0) {
Reported by FlawFinder.
libavcodec/libkvazaar.c
2 issues
Line: 141
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avctx->extradata_size = len_out;
for (chunk = data_out; chunk != NULL; chunk = chunk->next) {
memcpy(p, chunk->data, chunk->len);
p += chunk->len;
}
ctx->api->chunk_free(data_out);
}
Reported by FlawFinder.
Line: 249
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (chunk = data_out; chunk != NULL; chunk = chunk->next) {
av_assert0(written + chunk->len <= len_out);
memcpy(avpkt->data + written, chunk->data, chunk->len);
written += chunk->len;
}
avpkt->pts = recon_pic->pts;
avpkt->dts = recon_pic->dts;
Reported by FlawFinder.
libavdevice/dshow_capture.h
2 issues
Line: 292
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IGraphBuilder *graph;
char *device_name[2];
char *device_unique_name[2];
int video_device_number;
int audio_device_number;
Reported by FlawFinder.
Line: 293
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IGraphBuilder *graph;
char *device_name[2];
char *device_unique_name[2];
int video_device_number;
int audio_device_number;
int list_options;
Reported by FlawFinder.
libavformat/lrcdec.c
2 issues
Line: 185
Column: 20
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
*right_bracket_offset = *comma_offset = '\0';
if(strcmp(line.str + 1, "offset") ||
sscanf(comma_offset + 1, "%"SCNd64, &lrc->ts_offset) != 1) {
av_dict_set(&s->metadata, line.str + 1, comma_offset + 1, 0);
}
lrc->ts_offset = av_clip64(lrc->ts_offset, INT64_MIN/4, INT64_MAX/4);
*comma_offset = ':';
Reported by FlawFinder.
Line: 147
Column: 36
CWE codes:
126
// Metadata items exist in ff_lrc_metadata_conv
for(metadata_item = ff_lrc_metadata_conv;
metadata_item->native; metadata_item++) {
size_t metadata_item_len = strlen(metadata_item->native);
if(p->buf[offset + metadata_item_len] == ':' &&
!memcmp(p->buf + offset, metadata_item->native, metadata_item_len)) {
return 40;
}
}
Reported by FlawFinder.
libavdevice/android_camera.c
2 issues
Line: 659
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(side_data, display_matrix, sizeof(display_matrix));
return 0;
}
static int add_video_stream(AVFormatContext *avctx)
Reported by FlawFinder.
Line: 634
Column: 9
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
while (!atomic_load(&ctx->got_image_format) && !atomic_load(&ctx->exit)) {
//Wait until first frame arrived and actual image format was determined
usleep(1000);
}
return atomic_load(&ctx->got_image_format);
}
Reported by FlawFinder.
libavformat/matroska.c
2 issues
Line: 128
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 0 }
};
const char * const ff_matroska_video_stereo_mode[MATROSKA_VIDEO_STEREOMODE_TYPE_NB] = {
"mono",
"left_right",
"bottom_top",
"top_bottom",
"checkerboard_rl",
Reported by FlawFinder.
Line: 146
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"block_rl",
};
const char * const ff_matroska_video_stereo_plane[MATROSKA_VIDEO_STEREO_PLANE_COUNT] = {
"left",
"right",
"background",
};
Reported by FlawFinder.
libavformat/libgme.c
2 issues
Line: 67
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return AVERROR_STREAM_NOT_FOUND;
*duration = info->length;
add_meta(s, "system", info->system);
add_meta(s, "game", info->game);
add_meta(s, "song", info->song);
add_meta(s, "author", info->author);
add_meta(s, "copyright", info->copyright);
add_meta(s, "comment", info->comment);
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
GMEContext *gme = s->priv_data;
gme_info_t *info = NULL;
char buf[30];
if (gme_track_info(gme->music_emu, &info, gme->track_index))
return AVERROR_STREAM_NOT_FOUND;
*duration = info->length;
Reported by FlawFinder.