The following issues were found
libavcodec/svq1dec.c
2 issues
Line: 327
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst = current;
for (i = 0; i < 16; i++) {
memcpy(dst, src, 16);
src += pitch;
dst += pitch;
}
}
Reported by FlawFinder.
Line: 656
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->pkt_swapped)
return AVERROR(ENOMEM);
memcpy(s->pkt_swapped, buf, buf_size);
buf = s->pkt_swapped;
init_get_bits(&s->gb, buf, buf_size * 8);
skip_bits(&s->gb, 22);
src = (uint32_t *)(s->pkt_swapped + 4);
Reported by FlawFinder.
libavcodec/svq3.c
2 issues
Line: 775
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_ZERO32(s->mv_cache[m][scan8[0] - 1 + i * 8]);
}
if (s->mb_y > 0) {
memcpy(s->mv_cache[m][scan8[0] - 1 * 8],
s->cur_pic->motion_val[m][b_xy - s->b_stride],
4 * 2 * sizeof(int16_t));
memset(&s->ref_cache[m][scan8[0] - 1 * 8],
(s->intra4x4_pred_mode[s->mb2br_xy[mb_xy - s->mb_stride]] == -1) ? PART_NOT_AVAILABLE : 1, 4);
Reported by FlawFinder.
Line: 1044
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
return AVERROR_INVALIDDATA;
}
memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
if (s->watermark_key) {
uint32_t header = AV_RL32(&s->slice_buf[1]);
AV_WL32(&s->slice_buf[1], header ^ s->watermark_key);
}
Reported by FlawFinder.
libavcodec/tableprint_vlc.h
2 issues
Line: 63
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define WRITE_VLC_TYPE(prefix, name, base_table) \
do { \
printf(prefix" VLC "#name" = {\n"); \
write_vlc_type(&name, base_table, #base_table); \
printf("};\n"); \
} while(0)
#define WRITE_VLC_ARRAY(prefix, name, base_table) \
Reported by FlawFinder.
Line: 72
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
int i; \
const size_t array_size = FF_ARRAY_ELEMS(name); \
printf(prefix" VLC "#name"[%"FMT"] = {{\n", \
array_size); \
for (i = 0; i < array_size; i++) { \
write_vlc_type(name + i, \
base_table, #base_table); \
if (i != array_size - 1) printf("}, {\n"); \
Reported by FlawFinder.
libavcodec/takdec.c
2 issues
Line: 502
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
x -= tmp;
if (x > 0)
memcpy(s->residues, &s->residues[y], 2 * filter_order);
}
emms_c();
return 0;
Reported by FlawFinder.
Line: 927
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dst == src)
return 0;
memcpy(&tdst->ti, &tsrc->ti, sizeof(TAKStreamInfo));
return 0;
}
#endif
static av_cold int tak_decode_close(AVCodecContext *avctx)
Reported by FlawFinder.
libavcodec/targaenc.c
2 issues
Line: 78
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *ptr = pic->data[0];
for(i=0; i < h; i++) {
memcpy(out, ptr, n);
out += n;
ptr += pic->linesize[0];
}
return out - outbuf;
Reported by FlawFinder.
Line: 172
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* The standard recommends including this section, even if we don't use
* any of the features it affords. TODO: take advantage of the pixel
* aspect ratio and encoder ID fields available? */
memcpy(out, "\0\0\0\0\0\0\0\0TRUEVISION-XFILE.", 26);
pkt->size = out + 26 - pkt->data;
pkt->flags |= AV_PKT_FLAG_KEY;
*got_packet = 1;
Reported by FlawFinder.
libavcodec/truehd_core_bsf.c
2 issues
Line: 106
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_assert1(reduce >= 0 && reduce % 2 == 0);
if (have_header) {
memcpy(header, pkt->data + 4, 28);
header[16] = (header[16] & 0x0c) | (FFMIN(s->hdr.num_substreams, 3) << 4);
header[17] &= 0x7f;
header[25] &= 0xfe;
AV_WL16(header + 26, ff_mlp_checksum16(header, 26));
}
Reported by FlawFinder.
Line: 156
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB16(pkt->data, auheader);
if (have_header)
memcpy(pkt->data + 4, header, 28);
}
fail:
if (ret < 0)
av_packet_unref(pkt);
Reported by FlawFinder.
libavcodec/ttmlenc.c
2 issues
Line: 355
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avctx->extradata_size =
TTMLENC_EXTRADATA_SIGNATURE_SIZE + additional_extradata_size;
memcpy(avctx->extradata, TTMLENC_EXTRADATA_SIGNATURE,
TTMLENC_EXTRADATA_SIGNATURE_SIZE);
if (additional_extradata_size)
memcpy(avctx->extradata + TTMLENC_EXTRADATA_SIGNATURE_SIZE,
s->buffer.str, additional_extradata_size);
Reported by FlawFinder.
Line: 359
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TTMLENC_EXTRADATA_SIGNATURE_SIZE);
if (additional_extradata_size)
memcpy(avctx->extradata + TTMLENC_EXTRADATA_SIGNATURE_SIZE,
s->buffer.str, additional_extradata_size);
av_bprint_clear(&s->buffer);
return 0;
Reported by FlawFinder.
libavcodec/v210enc.c
2 issues
Line: 139
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *buf = av_packet_new_side_data(pkt, AV_PKT_DATA_A53_CC, side_data->size);
if (!buf)
return AVERROR(ENOMEM);
memcpy(buf, side_data->data, side_data->size);
}
side_data = av_frame_get_side_data(pic, AV_FRAME_DATA_AFD);
if (side_data && side_data->size) {
uint8_t *buf = av_packet_new_side_data(pkt, AV_PKT_DATA_AFD, side_data->size);
Reported by FlawFinder.
Line: 147
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *buf = av_packet_new_side_data(pkt, AV_PKT_DATA_AFD, side_data->size);
if (!buf)
return AVERROR(ENOMEM);
memcpy(buf, side_data->data, side_data->size);
}
pkt->flags |= AV_PKT_FLAG_KEY;
*got_packet = 1;
return 0;
Reported by FlawFinder.
doc/examples/transcoding.c
2 issues
Line: 303
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!dec_ctx->channel_layout)
dec_ctx->channel_layout =
av_get_default_channel_layout(dec_ctx->channels);
snprintf(args, sizeof(args),
"time_base=%d/%d:sample_rate=%d:sample_fmt=%s:channel_layout=0x%"PRIx64,
dec_ctx->time_base.num, dec_ctx->time_base.den, dec_ctx->sample_rate,
av_get_sample_fmt_name(dec_ctx->sample_fmt),
dec_ctx->channel_layout);
ret = avfilter_graph_create_filter(&buffersrc_ctx, buffersrc, "in",
Reported by FlawFinder.
Line: 239
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_filter(FilteringContext* fctx, AVCodecContext *dec_ctx,
AVCodecContext *enc_ctx, const char *filter_spec)
{
char args[512];
int ret = 0;
const AVFilter *buffersrc = NULL;
const AVFilter *buffersink = NULL;
AVFilterContext *buffersrc_ctx = NULL;
AVFilterContext *buffersink_ctx = NULL;
Reported by FlawFinder.
libavcodec/v4l2_m2m.c
2 issues
Line: 105
Column: 13
CWE codes:
362
void *log_ctx = s->avctx;
int ret;
s->fd = open(s->devname, O_RDWR | O_NONBLOCK, 0);
if (s->fd < 0)
return AVERROR(errno);
ret = v4l2_prepare_contexts(s, 1);
if (ret < 0)
Reported by FlawFinder.
Line: 142
Column: 13
CWE codes:
362
int ret;
struct v4l2_format ofmt, cfmt;
s->fd = open(s->devname, O_RDWR | O_NONBLOCK, 0);
if (s->fd < 0)
return AVERROR(errno);
ret = v4l2_prepare_contexts(s, 0);
if (ret < 0)
Reported by FlawFinder.