The following issues were found
libavformat/lrcdec.c
2 issues
Line: 185
Column: 20
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
*right_bracket_offset = *comma_offset = '\0';
if(strcmp(line.str + 1, "offset") ||
sscanf(comma_offset + 1, "%"SCNd64, &lrc->ts_offset) != 1) {
av_dict_set(&s->metadata, line.str + 1, comma_offset + 1, 0);
}
lrc->ts_offset = av_clip64(lrc->ts_offset, INT64_MIN/4, INT64_MAX/4);
*comma_offset = ':';
Reported by FlawFinder.
Line: 147
Column: 36
CWE codes:
126
// Metadata items exist in ff_lrc_metadata_conv
for(metadata_item = ff_lrc_metadata_conv;
metadata_item->native; metadata_item++) {
size_t metadata_item_len = strlen(metadata_item->native);
if(p->buf[offset + metadata_item_len] == ':' &&
!memcmp(p->buf + offset, metadata_item->native, metadata_item_len)) {
return 40;
}
}
Reported by FlawFinder.
libavcodec/xfaceenc.c
2 issues
Line: 147
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, j, k, ret = 0;
const uint8_t *buf;
uint8_t *p;
char intbuf[XFACE_MAX_DIGITS];
if (avctx->width || avctx->height) {
if (avctx->width != XFACE_WIDTH || avctx->height != XFACE_HEIGHT) {
av_log(avctx, AV_LOG_ERROR,
"Size value %dx%d not supported, only accepts a size of %dx%d\n",
Reported by FlawFinder.
Line: 173
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} while (i < XFACE_PIXELS);
/* create a copy of bitmap */
memcpy(bitmap_copy, xface->bitmap, XFACE_PIXELS);
ff_xface_generate_face(xface->bitmap, bitmap_copy);
encode_block(xface->bitmap, 16, 16, 0, &pq);
encode_block(xface->bitmap + 16, 16, 16, 0, &pq);
encode_block(xface->bitmap + 32, 16, 16, 0, &pq);
Reported by FlawFinder.
libavformat/matroska.c
2 issues
Line: 128
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 0 }
};
const char * const ff_matroska_video_stereo_mode[MATROSKA_VIDEO_STEREOMODE_TYPE_NB] = {
"mono",
"left_right",
"bottom_top",
"top_bottom",
"checkerboard_rl",
Reported by FlawFinder.
Line: 146
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"block_rl",
};
const char * const ff_matroska_video_stereo_plane[MATROSKA_VIDEO_STEREO_PLANE_COUNT] = {
"left",
"right",
"background",
};
Reported by FlawFinder.
libavcodec/x86/mdct15_init.c
2 issues
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ tmp[6*3 + k].im, -tmp[6*3 + k].im },
{ tmp[6*4 + k].im, -tmp[6*4 + k].im },
};
memcpy(s->exptab + 8*k, ac_exp, 8*sizeof(FFTComplex));
}
/* Specialcase when k = 0 */
for (k = 0; k < 3; k++) {
FFTComplex dc_exp[] = {
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ tmp[2*k + 1].re, -tmp[2*k + 1].im },
{ tmp[2*k + 1].im, tmp[2*k + 1].re },
};
memcpy(s->exptab + 8*6 + 4*k, dc_exp, 4*sizeof(FFTComplex));
}
}
av_cold void ff_mdct15_init_x86(MDCT15Context *s)
{
Reported by FlawFinder.
libavcodec/x86/hpeldsp_init.c
2 issues
Line: 112
#undef STATIC
#if HAVE_MMX
CALL_2X_PIXELS(avg_no_rnd_pixels16_y2_mmx, avg_no_rnd_pixels8_y2_mmx, 8)
CALL_2X_PIXELS(put_no_rnd_pixels16_y2_mmx, put_no_rnd_pixels8_y2_mmx, 8)
CALL_2X_PIXELS(avg_no_rnd_pixels16_xy2_mmx, avg_no_rnd_pixels8_xy2_mmx, 8)
CALL_2X_PIXELS(put_no_rnd_pixels16_xy2_mmx, put_no_rnd_pixels8_xy2_mmx, 8)
#endif
Reported by Cppcheck.
Line: 163
CALL_2X_PIXELS(avg_pixels16_xy2 ## CPUEXT, ff_avg_pixels8_xy2 ## CPUEXT, 8) \
CALL_2X_PIXELS(avg_approx_pixels16_xy2## CPUEXT, ff_avg_approx_pixels8_xy2## CPUEXT, 8)
HPELDSP_AVG_PIXELS16(_3dnow)
HPELDSP_AVG_PIXELS16(_mmxext)
#endif /* HAVE_X86ASM */
#define SET_HPEL_FUNCS_EXT(PFX, IDX, SIZE, CPU) \
Reported by Cppcheck.
libavcodec/ws-snd1.c
2 issues
Line: 90
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
samples_end = samples + out_size;
if (in_size == out_size) {
memcpy(samples, buf, out_size);
*got_frame_ptr = 1;
return buf_size;
}
while (samples < samples_end && buf - avpkt->data < buf_size) {
Reported by FlawFinder.
Line: 155
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sample = av_clip_uint8(sample);
*samples++ = sample;
} else { /* copy */
memcpy(samples, buf, smp);
samples += smp;
buf += smp;
sample = buf[-1];
}
break;
Reported by FlawFinder.
libavcodec/webvttenc.c
2 issues
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVBPrint buffer;
unsigned timestamp_end;
int count;
char stack[WEBVTT_STACK_SIZE];
int stack_ptr;
} WebVTTContext;
#ifdef __GNUC__
__attribute__ ((__format__ (__printf__, 2, 3)))
Reported by FlawFinder.
Line: 192
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_ERROR, "Buffer too small for ASS event.\n");
return AVERROR_BUFFER_TOO_SMALL;
}
memcpy(buf, s->buffer.str, s->buffer.len);
return s->buffer.len;
}
static int webvtt_encode_close(AVCodecContext *avctx)
Reported by FlawFinder.
libavcodec/jpegtables.c
2 issues
Line: 41
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The spec says that the values given produce "good" quality, and
* when divided by 2, "very good" quality.
*/
static const unsigned char std_luminance_quant_tbl[64] = {
16, 11, 10, 16, 24, 40, 51, 61,
12, 12, 14, 19, 26, 58, 60, 55,
14, 13, 16, 24, 40, 57, 69, 56,
14, 17, 22, 29, 51, 87, 80, 62,
18, 22, 37, 56, 68, 109, 103, 77,
Reported by FlawFinder.
Line: 51
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
49, 64, 78, 87, 103, 121, 120, 101,
72, 92, 95, 98, 112, 100, 103, 99
};
static const unsigned char std_chrominance_quant_tbl[64] = {
17, 18, 24, 47, 99, 99, 99, 99,
18, 21, 26, 66, 99, 99, 99, 99,
24, 26, 56, 99, 99, 99, 99, 99,
47, 66, 99, 99, 99, 99, 99, 99,
99, 99, 99, 99, 99, 99, 99, 99,
Reported by FlawFinder.
doc/examples/decode_audio.c
2 issues
Line: 156
Column: 9
CWE codes:
362
exit(1);
}
f = fopen(filename, "rb");
if (!f) {
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
outfile = fopen(outfilename, "wb");
Reported by FlawFinder.
Line: 161
Column: 15
CWE codes:
362
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
outfile = fopen(outfilename, "wb");
if (!outfile) {
av_free(c);
exit(1);
}
Reported by FlawFinder.
libavformat/libmodplug.c
2 issues
Line: 122
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned i, n = 0; \
\
for (i = 0; i < n_## entry_name ##s; i++) { \
char item_name[64] = {0}; \
fname(f, i, item_name); \
if (!*item_name) \
continue; \
if (n) \
av_dict_set(&s->metadata, #entry_name, "\n", AV_DICT_APPEND); \
Reported by FlawFinder.
Line: 314
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
memset(pkt->data, 0, modplug->fsize);
if (modplug->print_textinfo) {
char intbuf[32];
PRINT_INFO(0, "speed", VAR_SPEED);
PRINT_INFO(1, "tempo", VAR_TEMPO);
PRINT_INFO(2, "order", VAR_ORDER);
PRINT_INFO(3, "pattern", VAR_PATTERN);
PRINT_INFO(4, "row", VAR_ROW);
Reported by FlawFinder.