The following issues were found
libavcodec/ws-snd1.c
2 issues
Line: 90
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
samples_end = samples + out_size;
if (in_size == out_size) {
memcpy(samples, buf, out_size);
*got_frame_ptr = 1;
return buf_size;
}
while (samples < samples_end && buf - avpkt->data < buf_size) {
Reported by FlawFinder.
Line: 155
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sample = av_clip_uint8(sample);
*samples++ = sample;
} else { /* copy */
memcpy(samples, buf, smp);
samples += smp;
buf += smp;
sample = buf[-1];
}
break;
Reported by FlawFinder.
libavcodec/x86/hpeldsp_init.c
2 issues
Line: 112
#undef STATIC
#if HAVE_MMX
CALL_2X_PIXELS(avg_no_rnd_pixels16_y2_mmx, avg_no_rnd_pixels8_y2_mmx, 8)
CALL_2X_PIXELS(put_no_rnd_pixels16_y2_mmx, put_no_rnd_pixels8_y2_mmx, 8)
CALL_2X_PIXELS(avg_no_rnd_pixels16_xy2_mmx, avg_no_rnd_pixels8_xy2_mmx, 8)
CALL_2X_PIXELS(put_no_rnd_pixels16_xy2_mmx, put_no_rnd_pixels8_xy2_mmx, 8)
#endif
Reported by Cppcheck.
Line: 163
CALL_2X_PIXELS(avg_pixels16_xy2 ## CPUEXT, ff_avg_pixels8_xy2 ## CPUEXT, 8) \
CALL_2X_PIXELS(avg_approx_pixels16_xy2## CPUEXT, ff_avg_approx_pixels8_xy2## CPUEXT, 8)
HPELDSP_AVG_PIXELS16(_3dnow)
HPELDSP_AVG_PIXELS16(_mmxext)
#endif /* HAVE_X86ASM */
#define SET_HPEL_FUNCS_EXT(PFX, IDX, SIZE, CPU) \
Reported by Cppcheck.
libavcodec/x86/mdct15_init.c
2 issues
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ tmp[6*3 + k].im, -tmp[6*3 + k].im },
{ tmp[6*4 + k].im, -tmp[6*4 + k].im },
};
memcpy(s->exptab + 8*k, ac_exp, 8*sizeof(FFTComplex));
}
/* Specialcase when k = 0 */
for (k = 0; k < 3; k++) {
FFTComplex dc_exp[] = {
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{ tmp[2*k + 1].re, -tmp[2*k + 1].im },
{ tmp[2*k + 1].im, tmp[2*k + 1].re },
};
memcpy(s->exptab + 8*6 + 4*k, dc_exp, 4*sizeof(FFTComplex));
}
}
av_cold void ff_mdct15_init_x86(MDCT15Context *s)
{
Reported by FlawFinder.
libavcodec/xfaceenc.c
2 issues
Line: 147
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, j, k, ret = 0;
const uint8_t *buf;
uint8_t *p;
char intbuf[XFACE_MAX_DIGITS];
if (avctx->width || avctx->height) {
if (avctx->width != XFACE_WIDTH || avctx->height != XFACE_HEIGHT) {
av_log(avctx, AV_LOG_ERROR,
"Size value %dx%d not supported, only accepts a size of %dx%d\n",
Reported by FlawFinder.
Line: 173
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} while (i < XFACE_PIXELS);
/* create a copy of bitmap */
memcpy(bitmap_copy, xface->bitmap, XFACE_PIXELS);
ff_xface_generate_face(xface->bitmap, bitmap_copy);
encode_block(xface->bitmap, 16, 16, 0, &pq);
encode_block(xface->bitmap + 16, 16, 16, 0, &pq);
encode_block(xface->bitmap + 32, 16, 16, 0, &pq);
Reported by FlawFinder.
libavcodec/ylc.c
2 issues
Line: 319
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->buffer)
return AVERROR(ENOMEM);
memcpy(s->buffer, avpkt->data + toffset, boffset - toffset);
memset(s->buffer + boffset - toffset, 0, AV_INPUT_BUFFER_PADDING_SIZE);
s->bdsp.bswap_buf((uint32_t *) s->buffer,
(uint32_t *) s->buffer,
(boffset - toffset + 3) >> 2);
if ((ret = init_get_bits8(&gb, s->buffer, boffset - toffset)) < 0)
Reported by FlawFinder.
Line: 340
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(s->buffer, avpkt->data + boffset, avpkt->size - boffset);
memset(s->buffer + avpkt->size - boffset, 0, AV_INPUT_BUFFER_PADDING_SIZE);
s->bdsp.bswap_buf((uint32_t *) s->buffer,
(uint32_t *) s->buffer,
(avpkt->size - boffset) >> 2);
if ((ret = init_get_bits8(&gb, s->buffer, avpkt->size - boffset)) < 0)
Reported by FlawFinder.
libavdevice/android_camera.c
2 issues
Line: 659
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(side_data, display_matrix, sizeof(display_matrix));
return 0;
}
static int add_video_stream(AVFormatContext *avctx)
Reported by FlawFinder.
Line: 634
Column: 9
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
while (!atomic_load(&ctx->got_image_format) && !atomic_load(&ctx->exit)) {
//Wait until first frame arrived and actual image format was determined
usleep(1000);
}
return atomic_load(&ctx->got_image_format);
}
Reported by FlawFinder.
libavdevice/dshow_capture.h
2 issues
Line: 292
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IGraphBuilder *graph;
char *device_name[2];
char *device_unique_name[2];
int video_device_number;
int audio_device_number;
Reported by FlawFinder.
Line: 293
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
IGraphBuilder *graph;
char *device_name[2];
char *device_unique_name[2];
int video_device_number;
int audio_device_number;
int list_options;
Reported by FlawFinder.
libavcodec/flac_parser.c
2 issues
Line: 361
CWE codes:
788
for (i = 0; i < FLAC_MAX_SEQUENTIAL_HEADERS && curr != child; i++)
curr = curr->next;
if (header->link_penalty[i] < FLAC_HEADER_CRC_FAIL_PENALTY ||
header->link_penalty[i] == FLAC_HEADER_NOT_PENALIZED_YET) {
FLACHeaderMarker *start, *end;
/* Although overlapping chains are scored, the crc should never
have to be computed twice for a single byte. */
Reported by Cppcheck.
Line: 138
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*wrap_buf = tmp_buf;
do {
int seg_len = FFMIN(f->end - start, len);
memcpy(tmp_buf, start, seg_len);
tmp_buf = (uint8_t*)tmp_buf + seg_len;
// memory barrier needed for SMP here in theory
start += seg_len - (f->end - f->buffer);
len -= seg_len;
Reported by FlawFinder.
libavdevice/fbdev_common.c
2 issues
Line: 66
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char* ff_fbdev_default_device()
{
const char *dev = getenv("FRAMEBUFFER");
if (!dev)
dev = "/dev/fb0";
return dev;
}
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fb_var_screeninfo varinfo;
struct fb_fix_screeninfo fixinfo;
char device_file[12];
AVDeviceInfo *device = NULL;
int i, fd, ret = 0;
const char *default_device = ff_fbdev_default_device();
if (!device_list)
Reported by FlawFinder.
libavdevice/iec61883.c
2 issues
Line: 283
Column: 13
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
if (dv->device_guid) {
if (sscanf(dv->device_guid, "%"SCNu64, &guid) != 1) {
av_log(context, AV_LOG_INFO, "Invalid dvguid parameter: %s\n",
dv->device_guid);
goto fail;
}
}
Reported by FlawFinder.
Line: 129
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
packet->len = length;
memcpy(packet->buf, data, length);
memset(packet->buf + length, 0, AV_INPUT_BUFFER_PADDING_SIZE);
if (dv->queue_first) {
dv->queue_last->next = packet;
dv->queue_last = packet;
Reported by FlawFinder.