The following issues were found
libavcodec/rle.c
2 issues
Line: 66
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
*out++ = (count ^ xor_rep) + add_rep;
memcpy(out, ptr, bpp);
out += bpp;
} else {
/* fall back on uncompressed */
count = ff_rle_count_pixels(ptr, w - x, bpp, 0);
if (out + bpp * count >= outbuf + out_size)
Reported by FlawFinder.
Line: 75
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
*out++ = (count ^ xor_raw) + add_raw;
memcpy(out, ptr, bpp * count);
out += bpp * count;
}
ptr += count * bpp;
}
Reported by FlawFinder.
tests/checkasm/hevc_add_res.c
2 issues
Line: 59
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
randomize_buffers2(dst0, size);
if (overflow_test)
res0[0] = 0x8000;
memcpy(res1, res0, sizeof(*res0) * size);
memcpy(dst1, dst0, sizeof(int16_t) * size);
call_ref(dst0, res0, stride);
call_new(dst1, res1, stride);
if (memcmp(dst0, dst1, size))
Reported by FlawFinder.
Line: 60
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (overflow_test)
res0[0] = 0x8000;
memcpy(res1, res0, sizeof(*res0) * size);
memcpy(dst1, dst0, sizeof(int16_t) * size);
call_ref(dst0, res0, stride);
call_new(dst1, res1, stride);
if (memcmp(dst0, dst1, size))
fail();
Reported by FlawFinder.
tests/checkasm/hevc_idct.c
2 issues
Line: 52
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, int16_t *coeffs, int col_limit);
randomize_buffers(coeffs0, size);
memcpy(coeffs1, coeffs0, sizeof(*coeffs0) * size);
if (check_func(h.idct[i - 2], "hevc_idct_%dx%d_%d", block_size, block_size, bit_depth)) {
call_ref(coeffs0, col_limit);
call_new(coeffs1, col_limit);
if (memcmp(coeffs0, coeffs1, sizeof(*coeffs0) * size))
fail();
Reported by FlawFinder.
Line: 75
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func_emms(AV_CPU_FLAG_MMXEXT, void, int16_t *coeffs);
randomize_buffers(coeffs0, size);
memcpy(coeffs1, coeffs0, sizeof(*coeffs0) * size);
if (check_func(h.idct_dc[i - 2], "hevc_idct_%dx%d_dc_%d", block_size, block_size, bit_depth)) {
call_ref(coeffs0);
call_new(coeffs1);
if (memcmp(coeffs0, coeffs1, sizeof(*coeffs0) * size))
Reported by FlawFinder.
libavcodec/dump_extradata_bsf.c
2 issues
Line: 70
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
memcpy(out->data, ctx->par_in->extradata, ctx->par_in->extradata_size);
memcpy(out->data + ctx->par_in->extradata_size, in->data, in->size);
} else {
av_packet_move_ref(out, in);
}
Reported by FlawFinder.
Line: 71
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(out->data, ctx->par_in->extradata, ctx->par_in->extradata_size);
memcpy(out->data + ctx->par_in->extradata_size, in->data, in->size);
} else {
av_packet_move_ref(out, in);
}
fail:
Reported by FlawFinder.
libavcodec/ac3enc_template.c
2 issues
Line: 69
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy and remap input samples */
for (ch = 0; ch < s->channels; ch++) {
/* copy last 256 samples of previous frame to the start of the current frame */
memcpy(&s->planar_samples[ch][0], &s->planar_samples[ch][AC3_BLOCK_SIZE * s->num_blocks],
AC3_BLOCK_SIZE * sizeof(s->planar_samples[0][0]));
/* copy new samples for current frame */
memcpy(&s->planar_samples[ch][AC3_BLOCK_SIZE],
samples[s->channel_map[ch]],
Reported by FlawFinder.
Line: 73
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AC3_BLOCK_SIZE * sizeof(s->planar_samples[0][0]));
/* copy new samples for current frame */
memcpy(&s->planar_samples[ch][AC3_BLOCK_SIZE],
samples[s->channel_map[ch]],
AC3_BLOCK_SIZE * s->num_blocks * sizeof(s->planar_samples[0][0]));
}
}
Reported by FlawFinder.
tests/checkasm/sw_rgb.c
2 issues
Line: 58
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(dst0, 0, MAX_STRIDE);
memset(dst1, 0, MAX_STRIDE);
randomize_buffers(src0, MAX_STRIDE);
memcpy(src1, src0, MAX_STRIDE);
if (check_func(func, "%s", report)) {
for (i = 0; i < 6; i ++) {
call_ref(src0, dst0, width[i]);
call_new(src1, dst1, width[i]);
Reported by FlawFinder.
Line: 89
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int lumStride, int chromStride, int srcStride);
randomize_buffers(src0, MAX_STRIDE * MAX_HEIGHT * 2);
memcpy(src1, src0, MAX_STRIDE * MAX_HEIGHT * 2);
if (check_func(uyvytoyuv422, "uyvytoyuv422")) {
for (i = 0; i < 6; i ++) {
memset(dst_y_0, 0, MAX_STRIDE * MAX_HEIGHT);
memset(dst_y_1, 0, MAX_STRIDE * MAX_HEIGHT);
Reported by FlawFinder.
tests/checkasm/vf_gblur.c
2 issues
Line: 72
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GBlurContext s;
randomize_buffers(dst_ref, PIXELS);
memcpy(dst_new, dst_ref, BUF_SIZE);
ff_gblur_init(&s);
if (check_func(s.horiz_slice, "horiz_slice")) {
check_horiz_slice(dst_ref, dst_new);
Reported by FlawFinder.
Line: 82
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
report("horiz_slice");
randomize_buffers(dst_ref, PIXELS);
memcpy(dst_new, dst_ref, BUF_SIZE);
if (check_func(s.postscale_slice, "postscale_slice")) {
check_postscale_slice(dst_ref, dst_new);
}
report("postscale_slice");
Reported by FlawFinder.
libavcodec/dvd_nav_parser.c
2 issues
Line: 72
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->pts = (int64_t)startpts;
s->duration = endpts - startpts;
memcpy(pc1->buffer, buf, PCI_SIZE);
pc1->copied = PCI_SIZE;
valid = 1;
}
}
break;
Reported by FlawFinder.
Line: 85
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint32_t lba = AV_RB32(&buf[0x05]);
if (lba == pc1->lba) {
memcpy(pc1->buffer + pc1->copied, buf, DSI_SIZE);
lastPacket = 1;
valid = 1;
}
}
break;
Reported by FlawFinder.
doc/examples/qsvdec.c
2 issues
Line: 179
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = AVERROR(ENOMEM);
goto finish;
}
memcpy(decoder_ctx->extradata, video_st->codecpar->extradata,
video_st->codecpar->extradata_size);
decoder_ctx->extradata_size = video_st->codecpar->extradata_size;
}
Reported by FlawFinder.
Line: 227
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
finish:
if (ret < 0) {
char buf[1024];
av_strerror(ret, buf, sizeof(buf));
fprintf(stderr, "%s\n", buf);
}
avformat_close_input(&input_ctx);
Reported by FlawFinder.
tools/sofa2wavs.c
2 issues
Line: 61
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int bps = 32;
int blkalign = 8;
int bytespersec = blkalign * sample_rate;
char filename[1024];
int azi = hrtf->SourcePosition.values[i * 3];
int ele = hrtf->SourcePosition.values[i * 3 + 1];
int dis = hrtf->SourcePosition.values[i * 3 + 2];
int size = 8 * hrtf->N;
int offset = i * 2 * hrtf->N;
Reported by FlawFinder.
Line: 69
Column: 16
CWE codes:
362
int offset = i * 2 * hrtf->N;
snprintf(filename, sizeof(filename), "azi_%d_ele_%d_dis_%d.wav", azi, ele, dis);
file = fopen(filename, "w+");
fwrite("RIFF", 4, 1, file);
fwrite("\xFF\xFF\xFF\xFF", 4, 1, file);
fwrite("WAVE", 4, 1, file);
fwrite("fmt ", 4, 1, file);
fwrite("\x10\x00\00\00", 4, 1, file);
Reported by FlawFinder.