The following issues were found
libavformat/tty.c
2 issues
Line: 42
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f);
}
static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt";
typedef struct TtyDemuxContext {
AVClass *class;
int chars_per_frame;
uint64_t fsize; /**< file size less metadata buffer */
Reported by FlawFinder.
Line: 79
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
TtyDemuxContext *s = avctx->priv_data;
AVIOContext *pb = avctx->pb;
char buf[37];
int len;
avio_seek(pb, start_pos, SEEK_SET);
if (avio_r8(pb) != 0x1A)
return -1;
Reported by FlawFinder.
libavformat/vapoursynth.c
2 issues
Line: 161
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
// Use it.
memcpy(c_order, order, sizeof(int[4]));
return pixfmt;
cont: ;
}
Reported by FlawFinder.
Line: 340
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
VSContext *vs = s->priv_data;
AVStream *st = s->streams[0];
AVFrame *frame = NULL;
char vserr[80];
const VSFrameRef *vsframe;
const VSVideoInfo *info = vs->vsapi->getVideoInfo(vs->outnode);
const VSMap *props;
const AVPixFmtDescriptor *desc;
AVBufferRef *vsframe_ref = NULL;
Reported by FlawFinder.
libavcodec/opusdec.c
2 issues
Line: 320
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
for (i = 0; i < s->output_channels; i++) {
memcpy(s->cur_out[i] + delayed_samples, s->redundancy_output[i], 120 * sizeof(float));
opus_fade(s->cur_out[i] + 120 + delayed_samples,
s->redundancy_output[i] + 120,
s->cur_out[i] + 120 + delayed_samples,
ff_celt_window2, 120);
}
Reported by FlawFinder.
Line: 549
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* handle copied channels */
if (map->copy) {
memcpy(frame->extended_data[i],
frame->extended_data[map->copy_idx],
frame->linesize[0]);
} else if (map->silence) {
memset(frame->extended_data[i], 0, frame->linesize[0]);
}
Reported by FlawFinder.
libavformat/vplayerdec.c
2 issues
Line: 70
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
st->codecpar->codec_id = AV_CODEC_ID_VPLAYER;
while (!avio_feof(s->pb)) {
char line[4096];
char *p = line;
const int64_t pos = avio_tell(s->pb);
int len = ff_get_line(s->pb, line, sizeof(line));
int64_t pts_start;
Reported by FlawFinder.
Line: 85
Column: 61
CWE codes:
126
if (pts_start != AV_NOPTS_VALUE) {
AVPacket *sub;
sub = ff_subtitles_queue_insert(&vplayer->q, p, strlen(p), 0);
if (!sub)
return AVERROR(ENOMEM);
sub->pos = pos;
sub->pts = pts_start;
sub->duration = -1;
Reported by FlawFinder.
libavformat/vqf.c
2 issues
Line: 56
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int tag_len, unsigned int remaining)
{
int len = FFMIN(tag_len, remaining);
char *buf, key[5] = {0};
if (len == UINT_MAX)
return;
buf = av_malloc(len+1);
Reported by FlawFinder.
Line: 230
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* put first 12 bytes of COMM chunk in extradata */
if ((ret = ff_alloc_extradata(st->codecpar, 12)) < 0)
return ret;
memcpy(st->codecpar->extradata, comm_chunk, 12);
ff_metadata_conv_ctx(s, NULL, vqf_metadata_conv);
return 0;
}
Reported by FlawFinder.
libavformat/webm_chunk.c
2 issues
Line: 135
Column: 51
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static int get_chunk_filename(AVFormatContext *s, char filename[MAX_FILENAME_SIZE])
{
WebMChunkContext *wc = s->priv_data;
if (!filename) {
return AVERROR(EINVAL);
}
Reported by FlawFinder.
Line: 184
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int buffer_size;
uint8_t *buffer;
AVIOContext *pb;
char filename[MAX_FILENAME_SIZE];
AVDictionary *options = NULL;
if (!oc->pb)
return 0;
Reported by FlawFinder.
libavformat/webvttdec.c
2 issues
Line: 156
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
res = AVERROR(ENOMEM); \
goto end; \
} \
memcpy(buf, name, name##_len); \
} \
} while (0)
SET_SIDE_DATA(identifier, AV_PKT_DATA_WEBVTT_IDENTIFIER);
SET_SIDE_DATA(settings, AV_PKT_DATA_WEBVTT_SETTINGS);
Reported by FlawFinder.
Line: 140
Column: 56
CWE codes:
126
p++;
/* create packet */
sub = ff_subtitles_queue_insert(&webvtt->q, p, strlen(p), 0);
if (!sub) {
res = AVERROR(ENOMEM);
goto end;
}
sub->pos = pos;
Reported by FlawFinder.
libavformat/westwood_aud.c
2 issues
Line: 87
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
AVIOContext *pb = s->pb;
AVStream *st;
unsigned char header[AUD_HEADER_SIZE];
int sample_rate, channels, codec;
if (avio_read(pb, header, AUD_HEADER_SIZE) != AUD_HEADER_SIZE)
return AVERROR(EIO);
Reported by FlawFinder.
Line: 133
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVPacket *pkt)
{
AVIOContext *pb = s->pb;
unsigned char preamble[AUD_CHUNK_PREAMBLE_SIZE];
unsigned int chunk_size;
int ret = 0;
AVStream *st = s->streams[0];
if (avio_read(pb, preamble, AUD_CHUNK_PREAMBLE_SIZE) !=
Reported by FlawFinder.
libavcodec/dcaenc.c
2 issues
Line: 329
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int hist_start = 0;
const int chi = c->channel_order_tab[ch];
memcpy(hist, &c->history[ch][0], 512 * sizeof(int32_t));
for (subs = 0; subs < SUBBAND_SAMPLES; subs++) {
int32_t accum[64];
int32_t resp;
int band;
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int32_t accum;
int hist_start = 0;
memcpy(hist, &c->history[c->channels - 1][0], 512 * sizeof(int32_t));
for (lfes = 0; lfes < DCA_LFE_SAMPLES; lfes++) {
/* Calculate the convolution */
accum = 0;
Reported by FlawFinder.
libavformat/wvdec.c
2 issues
Line: 297
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = wc->pos;
if ((ret = av_new_packet(pkt, wc->header.blocksize + WV_HEADER_SIZE)) < 0)
return ret;
memcpy(pkt->data, wc->block_header, WV_HEADER_SIZE);
ret = avio_read(s->pb, pkt->data + WV_HEADER_SIZE, wc->header.blocksize);
if (ret != wc->header.blocksize) {
return AVERROR(EIO);
}
while (!(wc->header.flags & WV_FLAG_FINAL_BLOCK)) {
Reported by FlawFinder.
Line: 311
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_grow_packet(pkt, WV_HEADER_SIZE + wc->header.blocksize)) < 0) {
return ret;
}
memcpy(pkt->data + off, wc->block_header, WV_HEADER_SIZE);
ret = avio_read(s->pb, pkt->data + off + WV_HEADER_SIZE, wc->header.blocksize);
if (ret != wc->header.blocksize) {
return (ret < 0) ? ret : AVERROR_EOF;
}
Reported by FlawFinder.