The following issues were found
libavcodec/jpegtables.c
2 issues
Line: 41
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The spec says that the values given produce "good" quality, and
* when divided by 2, "very good" quality.
*/
static const unsigned char std_luminance_quant_tbl[64] = {
16, 11, 10, 16, 24, 40, 51, 61,
12, 12, 14, 19, 26, 58, 60, 55,
14, 13, 16, 24, 40, 57, 69, 56,
14, 17, 22, 29, 51, 87, 80, 62,
18, 22, 37, 56, 68, 109, 103, 77,
Reported by FlawFinder.
Line: 51
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
49, 64, 78, 87, 103, 121, 120, 101,
72, 92, 95, 98, 112, 100, 103, 99
};
static const unsigned char std_chrominance_quant_tbl[64] = {
17, 18, 24, 47, 99, 99, 99, 99,
18, 21, 26, 66, 99, 99, 99, 99,
24, 26, 56, 99, 99, 99, 99, 99,
47, 66, 99, 99, 99, 99, 99, 99,
99, 99, 99, 99, 99, 99, 99, 99,
Reported by FlawFinder.
doc/examples/decode_audio.c
2 issues
Line: 156
Column: 9
CWE codes:
362
exit(1);
}
f = fopen(filename, "rb");
if (!f) {
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
outfile = fopen(outfilename, "wb");
Reported by FlawFinder.
Line: 161
Column: 15
CWE codes:
362
fprintf(stderr, "Could not open %s\n", filename);
exit(1);
}
outfile = fopen(outfilename, "wb");
if (!outfile) {
av_free(c);
exit(1);
}
Reported by FlawFinder.
libavformat/nuv.c
2 issues
Line: 161
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
NUVContext *ctx = s->priv_data;
AVIOContext *pb = s->pb;
char id_string[12];
double aspect, fps;
int is_mythtv, width, height, v_packs, a_packs, ret;
AVStream *vst = NULL, *ast = NULL;
avio_read(pb, id_string, 12);
Reported by FlawFinder.
Line: 289
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->flags |= hdr[2] == 0 ? AV_PKT_FLAG_KEY : 0;
pkt->pts = AV_RL32(&hdr[4]);
pkt->stream_index = ctx->v_id;
memcpy(pkt->data, hdr, copyhdrsize);
ret = avio_read(pb, pkt->data + copyhdrsize, size);
if (ret < 0) {
return ret;
}
if (ret < size)
Reported by FlawFinder.
libavcodec/vqavideo.c
2 issues
Line: 557
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (s->partial_countdown <= 0) {
/* time to replace codebook */
memcpy(s->codebook, s->next_codebook_buffer,
s->next_codebook_buffer_index);
/* reset accounting */
s->next_codebook_buffer_index = 0;
s->partial_countdown = s->partial_count;
Reported by FlawFinder.
Line: 615
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return res;
/* make the palette available on the way out */
memcpy(frame->data[1], s->palette, PALETTE_COUNT * 4);
frame->palette_has_changed = 1;
*got_frame = 1;
/* report that the buffer was completely consumed */
Reported by FlawFinder.
libavcodec/amfenc.c
2 issues
Line: 458
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = ff_get_encode_buffer(avctx, pkt, size, 0)) < 0) {
return ret;
}
memcpy(pkt->data, buffer->pVtbl->GetNative(buffer), size);
switch (avctx->codec->id) {
case AV_CODEC_ID_H264:
buffer->pVtbl->GetProperty(buffer, AMF_VIDEO_ENCODER_OUTPUT_DATA_TYPE, &var);
if(var.int64Value == AMF_VIDEO_ENCODER_OUTPUT_DATA_TYPE_IDR) {
Reported by FlawFinder.
Line: 575
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (res == AMF_OK) {
frame_ref = av_frame_clone(frame);
if (frame_ref) {
memcpy(frame_ref_storage_buffer->pVtbl->GetNative(frame_ref_storage_buffer), &frame_ref, sizeof(frame_ref));
} else {
frame_ref_storage_buffer->pVtbl->Release(frame_ref_storage_buffer);
frame_ref_storage_buffer = NULL;
}
}
Reported by FlawFinder.
libavformat/matroska.c
2 issues
Line: 128
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 0 }
};
const char * const ff_matroska_video_stereo_mode[MATROSKA_VIDEO_STEREOMODE_TYPE_NB] = {
"mono",
"left_right",
"bottom_top",
"top_bottom",
"checkerboard_rl",
Reported by FlawFinder.
Line: 146
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"block_rl",
};
const char * const ff_matroska_video_stereo_plane[MATROSKA_VIDEO_STEREO_PLANE_COUNT] = {
"left",
"right",
"background",
};
Reported by FlawFinder.
libavcodec/vmnc.c
2 issues
Line: 370
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((w > 0) && (h > 0)) {
outptr = c->pic->data[0] + dx * c->bpp2 + dy * c->pic->linesize[0];
for (i = 0; i < h; i++) {
memcpy(outptr, c->screendta + i * c->cur_w * c->bpp2,
w * c->bpp2);
outptr += c->pic->linesize[0];
}
}
}
Reported by FlawFinder.
Line: 511
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((w > 0) && (h > 0)) {
outptr = c->pic->data[0] + dx * c->bpp2 + dy * c->pic->linesize[0];
for (i = 0; i < h; i++) {
memcpy(c->screendta + i * c->cur_w * c->bpp2, outptr,
w * c->bpp2);
outptr += c->pic->linesize[0];
}
outptr = c->pic->data[0];
put_cursor(outptr, c->pic->linesize[0], c, c->cur_x, c->cur_y);
Reported by FlawFinder.
libavformat/lrcdec.c
2 issues
Line: 185
Column: 20
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
*right_bracket_offset = *comma_offset = '\0';
if(strcmp(line.str + 1, "offset") ||
sscanf(comma_offset + 1, "%"SCNd64, &lrc->ts_offset) != 1) {
av_dict_set(&s->metadata, line.str + 1, comma_offset + 1, 0);
}
lrc->ts_offset = av_clip64(lrc->ts_offset, INT64_MIN/4, INT64_MAX/4);
*comma_offset = ':';
Reported by FlawFinder.
Line: 147
Column: 36
CWE codes:
126
// Metadata items exist in ff_lrc_metadata_conv
for(metadata_item = ff_lrc_metadata_conv;
metadata_item->native; metadata_item++) {
size_t metadata_item_len = strlen(metadata_item->native);
if(p->buf[offset + metadata_item_len] == ':' &&
!memcmp(p->buf + offset, metadata_item->native, metadata_item_len)) {
return 40;
}
}
Reported by FlawFinder.
libavcodec/indeo4.c
2 issues
Line: 453
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
band->blk_vlc = arg_band->blk_vlc;
memcpy(arg_band, band, sizeof(*arg_band));
return 0;
}
Reported by FlawFinder.
Line: 677
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_ivi_init_static_vlc();
/* copy rvmap tables in our context so we can apply changes to them */
memcpy(ctx->rvmap_tabs, ff_ivi_rvmap_tabs, sizeof(ff_ivi_rvmap_tabs));
/* Force allocation of the internal buffers */
/* during picture header decoding. */
ctx->pic_conf.pic_width = 0;
ctx->pic_conf.pic_height = 0;
Reported by FlawFinder.
libavcodec/vc1dec.c
2 issues
Line: 243
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ysub[0]) {
v->vc1dsp.sprite_v_single(dst, src_h[0][0], src_h[0][1], ysub[0], width);
} else {
memcpy(dst, src_h[0][0], width);
}
} else {
if (ysub[0] && ysub[1]) {
v->vc1dsp.sprite_v_double_twoscale(dst, src_h[0][0], src_h[0][1], ysub[0],
src_h[1][0], src_h[1][1], ysub[1], alpha, width);
Reported by FlawFinder.
Line: 556
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (v->profile == PROFILE_ADVANCED || v->res_fasttx) {
ff_vc1_init_transposed_scantables(v);
} else {
memcpy(v->zz_8x8, ff_wmv1_scantable, 4*64);
v->left_blk_sh = 3;
v->top_blk_sh = 0;
}
if (avctx->codec_id == AV_CODEC_ID_WMV3IMAGE || avctx->codec_id == AV_CODEC_ID_VC1IMAGE) {
Reported by FlawFinder.