The following issues were found
tools/target_bsf_fuzzer.c
2 issues
Line: 110
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bsf->par_in->extradata) {
bsf->par_in->extradata_size = extradata_size;
size -= bsf->par_in->extradata_size;
memcpy(bsf->par_in->extradata, data + size, bsf->par_in->extradata_size);
}
}
if (av_image_check_size(bsf->par_in->width, bsf->par_in->height, 0, bsf))
bsf->par_in->width = bsf->par_in->height = 0;
}
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
res = av_new_packet(in, data - last);
if (res < 0)
error("Failed memory allocation");
memcpy(in->data, last, data - last);
in->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
keyframes = (keyframes >> 2) + (keyframes<<62);
data += sizeof(fuzz_tag);
last = data;
Reported by FlawFinder.
tools/target_dec_fuzzer.c
2 issues
Line: 306
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->extradata) {
ctx->extradata_size = extradata_size;
size -= ctx->extradata_size;
memcpy(ctx->extradata, data + size, ctx->extradata_size);
}
}
if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
ctx->width = ctx->height = 0;
}
Reported by FlawFinder.
Line: 347
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
res = av_new_packet(parsepkt, data - last);
if (res < 0)
error("Failed memory allocation");
memcpy(parsepkt->data, last, data - last);
parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
keyframes = (keyframes >> 2) + (keyframes<<62);
data += sizeof(fuzz_tag);
last = data;
Reported by FlawFinder.
libavcodec/sbc_parser.c
2 issues
Line: 85
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
next = buf_size;
} else {
if (pc->header_size) {
memcpy(pc->header + pc->header_size, buf,
sizeof(pc->header) - pc->header_size);
next = sbc_parse_header(s, avctx, pc->header, sizeof(pc->header))
- pc->buffered_size;
pc->header_size = 0;
} else {
Reported by FlawFinder.
Line: 98
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (next < 0) {
pc->header_size = FFMIN(sizeof(pc->header), buf_size);
memcpy(pc->header, buf, pc->header_size);
pc->buffered_size = buf_size;
next = END_NOT_FOUND;
}
if (ff_combine_frame(&pc->pc, next, &buf, &buf_size) < 0) {
Reported by FlawFinder.
libavcodec/sbcdec.c
2 issues
Line: 226
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset[i]--;
if (offset[i] < 0) {
offset[i] = 79;
memcpy(v + 80, v, 9 * sizeof(*v));
}
/* Distribute the new matrix value to the shifted position */
v[offset[i]] =
(int)( (unsigned)ff_synmatrix4[i][0] * frame->sb_sample[blk][ch][0] +
Reported by FlawFinder.
Line: 269
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset[i]--;
if (offset[i] < 0) {
offset[i] = 159;
memcpy(v + 160, v, 9 * sizeof(*v));
}
/* Distribute the new matrix value to the shifted position */
v[offset[i]] =
(int)( (unsigned)ff_synmatrix8[i][0] * frame->sb_sample[blk][ch][0] +
Reported by FlawFinder.
libavcodec/sbcdsp.c
2 issues
Line: 173
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* handle X buffer wraparound */
if (position < nsamples) {
for (c = 0; c < nchannels; c++)
memcpy(&X[c][SBC_X_BUFFER_SIZE - 40], &X[c][position],
36 * sizeof(int16_t));
position = SBC_X_BUFFER_SIZE - 40;
}
/* copy/permutate audio samples */
Reported by FlawFinder.
Line: 206
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* handle X buffer wraparound */
if (position < nsamples) {
for (c = 0; c < nchannels; c++)
memcpy(&X[c][SBC_X_BUFFER_SIZE - 72], &X[c][position],
72 * sizeof(int16_t));
position = SBC_X_BUFFER_SIZE - 72;
}
if (position % 16 == 8) {
Reported by FlawFinder.
libavcodec/shorten.c
2 issues
Line: 385
CWE codes:
786
/* subtract offset from previous samples to use in prediction */
if (command == FN_QLPC && coffset)
for (i = -pred_order; i < 0; i++)
s->decoded[channel][i] -= (unsigned)coffset;
/* decode residual and do LPC prediction */
init_sum = pred_order ? (command == FN_QLPC ? s->lpcqoffset : 0) : coffset;
for (i = 0; i < s->blocksize; i++) {
sum = init_sum;
Reported by Cppcheck.
Line: 556
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->bitstream_index = 0;
}
if (buf)
memcpy(&s->bitstream[s->bitstream_index + s->bitstream_size], buf,
buf_size);
buf = &s->bitstream[s->bitstream_index];
buf_size += s->bitstream_size;
s->bitstream_size = buf_size;
Reported by FlawFinder.
libavcodec/siren.c
2 issues
Line: 719
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (frame_error) {
memcpy(s->imdct_in, s->backup_frame, number_of_valid_coefs * sizeof(float));
memset(s->backup_frame, 0, number_of_valid_coefs * sizeof(float));
} else {
memcpy(s->backup_frame, s->imdct_in, number_of_valid_coefs * sizeof(float));
}
Reported by FlawFinder.
Line: 722
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(s->imdct_in, s->backup_frame, number_of_valid_coefs * sizeof(float));
memset(s->backup_frame, 0, number_of_valid_coefs * sizeof(float));
} else {
memcpy(s->backup_frame, s->imdct_in, number_of_valid_coefs * sizeof(float));
}
frame->nb_samples = FRAME_SIZE;
if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
return ret;
Reported by FlawFinder.
libavcodec/snowdec.c
2 issues
Line: 381
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
s->plane[2].diag_mc= s->plane[1].diag_mc;
s->plane[2].htaps = s->plane[1].htaps;
memcpy(s->plane[2].hcoeff, s->plane[1].hcoeff, sizeof(s->plane[1].hcoeff));
}
if(get_rac(&s->c, s->header_state)){
GET_S(s->spatial_decomposition_count, 0 < tmp && tmp <= MAX_DECOMPOSITIONS)
decode_qlogs(s);
}
Reported by FlawFinder.
Line: 623
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sd = av_frame_new_side_data(picture, AV_FRAME_DATA_MOTION_VECTORS, s->avmv_index * sizeof(AVMotionVector));
if (!sd)
return AVERROR(ENOMEM);
memcpy(sd->data, s->avmv, s->avmv_index * sizeof(AVMotionVector));
}
av_freep(&s->avmv);
if (res < 0)
Reported by FlawFinder.
doc/examples/demuxing_decoding.c
2 issues
Line: 260
Column: 26
CWE codes:
362
if (open_codec_context(&video_stream_idx, &video_dec_ctx, fmt_ctx, AVMEDIA_TYPE_VIDEO) >= 0) {
video_stream = fmt_ctx->streams[video_stream_idx];
video_dst_file = fopen(video_dst_filename, "wb");
if (!video_dst_file) {
fprintf(stderr, "Could not open destination file %s\n", video_dst_filename);
ret = 1;
goto end;
}
Reported by FlawFinder.
Line: 282
Column: 26
CWE codes:
362
if (open_codec_context(&audio_stream_idx, &audio_dec_ctx, fmt_ctx, AVMEDIA_TYPE_AUDIO) >= 0) {
audio_stream = fmt_ctx->streams[audio_stream_idx];
audio_dst_file = fopen(audio_dst_filename, "wb");
if (!audio_dst_file) {
fprintf(stderr, "Could not open destination file %s\n", audio_dst_filename);
ret = 1;
goto end;
}
Reported by FlawFinder.
libavcodec/srtenc.c
2 issues
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVCodecContext *avctx;
ASSSplitContext *ass_ctx;
AVBPrint buffer;
char stack[SRT_STACK_SIZE];
int stack_ptr;
int alignment_applied;
} SRTContext;
Reported by FlawFinder.
Line: 267
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_ERROR, "Buffer too small for ASS event.\n");
return AVERROR_BUFFER_TOO_SMALL;
}
memcpy(buf, s->buffer.str, s->buffer.len);
return s->buffer.len;
}
static int srt_encode_frame(AVCodecContext *avctx,
Reported by FlawFinder.