The following issues were found
libavdevice/jack.c
2 issues
Line: 170
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Register JACK ports */
for (i = 0; i < self->nports; i++) {
char str[16];
snprintf(str, sizeof(str), "input_%d", i + 1);
self->ports[i] = jack_port_register(self->client, str,
JACK_DEFAULT_AUDIO_TYPE,
JackPortIsInput, 0);
if (!self->ports[i]) {
Reported by FlawFinder.
Line: 293
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
av_log(context, AV_LOG_ERROR,
"Input error: timed out when waiting for JACK process callback output\n");
} else {
char errbuf[128];
int ret = AVERROR(errno);
av_strerror(ret, errbuf, sizeof(errbuf));
av_log(context, AV_LOG_ERROR, "Error while waiting for audio packet: %s\n",
errbuf);
}
Reported by FlawFinder.
libavdevice/lavfi.c
2 issues
Line: 377
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
if ((ret = av_new_packet(&lavfi->subcc_packet, sd->size)) < 0)
return ret;
memcpy(lavfi->subcc_packet.data, sd->data, sd->size);
lavfi->subcc_packet.stream_index = stream_idx;
lavfi->subcc_packet.pts = frame->pts;
lavfi->subcc_packet.pos = frame->pkt_pos;
return 0;
}
Reported by FlawFinder.
Line: 448
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame->channels;
if ((ret = av_new_packet(pkt, size)) < 0)
goto fail;
memcpy(pkt->data, frame->data[0], size);
}
frame_metadata = frame->metadata;
if (frame_metadata) {
size_t size;
Reported by FlawFinder.
libavdevice/libcdio.c
2 issues
Line: 102
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
avpriv_set_pts_info(st, 64, CDIO_CD_FRAMESIZE_RAW, 2 * st->codecpar->channels * st->codecpar->sample_rate);
for (i = 0; i < s->drive->tracks; i++) {
char title[16];
snprintf(title, sizeof(title), "track %02d", s->drive->disc_toc[i].bTrack);
avpriv_new_chapter(ctx, i, st->time_base, s->drive->disc_toc[i].dwStartSector,
s->drive->disc_toc[i+1].dwStartSector, title);
}
Reported by FlawFinder.
Line: 137
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = av_new_packet(pkt, CDIO_CD_FRAMESIZE_RAW)) < 0)
return ret;
memcpy(pkt->data, buf, CDIO_CD_FRAMESIZE_RAW);
return 0;
}
static av_cold int read_close(AVFormatContext *ctx)
{
Reported by FlawFinder.
libavcodec/flashsvenc.c
2 issues
Line: 241
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
//save the current frame
if (p->linesize[0] > 0)
memcpy(s->previous_frame, p->data[0], s->image_height * p->linesize[0]);
else
memcpy(s->previous_frame,
p->data[0] + p->linesize[0] * (s->image_height - 1),
s->image_height * FFABS(p->linesize[0]));
Reported by FlawFinder.
Line: 243
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (p->linesize[0] > 0)
memcpy(s->previous_frame, p->data[0], s->image_height * p->linesize[0]);
else
memcpy(s->previous_frame,
p->data[0] + p->linesize[0] * (s->image_height - 1),
s->image_height * FFABS(p->linesize[0]));
//mark the frame type so the muxer can mux it correctly
if (I_frame) {
Reported by FlawFinder.
libavdevice/opengl_enc.c
2 issues
Line: 1217
CWE codes:
476
if (!repaint) {
if (is_pkt)
glPixelStorei(GL_UNPACK_ALIGNMENT, 1);
LOAD_TEXTURE_DATA(0, 0)
if (desc->flags & AV_PIX_FMT_FLAG_PLANAR) {
LOAD_TEXTURE_DATA(1, 1)
LOAD_TEXTURE_DATA(2, 1)
if (desc->flags & AV_PIX_FMT_FLAG_ALPHA)
LOAD_TEXTURE_DATA(3, 0)
Reported by Cppcheck.
Line: 1217
CWE codes:
476
if (!repaint) {
if (is_pkt)
glPixelStorei(GL_UNPACK_ALIGNMENT, 1);
LOAD_TEXTURE_DATA(0, 0)
if (desc->flags & AV_PIX_FMT_FLAG_PLANAR) {
LOAD_TEXTURE_DATA(1, 1)
LOAD_TEXTURE_DATA(2, 1)
if (desc->flags & AV_PIX_FMT_FLAG_ALPHA)
LOAD_TEXTURE_DATA(3, 0)
Reported by Cppcheck.
libavcodec/fmvc.c
2 issues
Line: 440
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = s->buffer;
dst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
for (y = 0; y < avctx->height; y++) {
memcpy(dst, src, avctx->width * s->bpp);
dst -= frame->linesize[0];
src += s->stride * 4;
if (bytestream2_tell_p(pb) < y*s->stride * 4)
break;
}
Reported by FlawFinder.
Line: 520
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ssrc = s->buffer;
ddst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
for (y = 0; y < avctx->height; y++) {
memcpy(ddst, ssrc, avctx->width * s->bpp);
ddst -= frame->linesize[0];
ssrc += s->stride * 4;
}
}
Reported by FlawFinder.
libavcodec/fraps.c
2 issues
Line: 270
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (y = 0; y <avctx->height; y++)
memcpy(&f->data[0][y * f->linesize[0]],
&buf[y * avctx->width],
avctx->width);
} else {
/* Fraps v1 is an upside-down BGR24 */
for (y = 0; y<avctx->height; y++)
Reported by FlawFinder.
Line: 276
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
/* Fraps v1 is an upside-down BGR24 */
for (y = 0; y<avctx->height; y++)
memcpy(&f->data[0][(avctx->height - y - 1) * f->linesize[0]],
&buf[y * avctx->width * 3],
3 * avctx->width);
}
break;
Reported by FlawFinder.
libavcodec/ansi.c
2 issues
Line: 109
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void set_palette(uint32_t *pal)
{
int r, g, b;
memcpy(pal, ff_cga_palette, 16 * 4);
pal += 16;
#define COLOR(x) ((x) * 40 + 55)
for (r = 0; r < 6; r++)
for (g = 0; g < 6; g++)
for (b = 0; b < 6; b++)
Reported by FlawFinder.
Line: 133
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = 0;
for (; i < avctx->height - s->font_height; i++)
memcpy(s->frame->data[0] + i * s->frame->linesize[0],
s->frame->data[0] + (i + s->font_height) * s->frame->linesize[0],
avctx->width);
for (; i < avctx->height; i++)
memset(s->frame->data[0] + i * s->frame->linesize[0],
DEFAULT_BG_COLOR, avctx->width);
Reported by FlawFinder.
libavfilter/af_adelay.c
2 issues
Line: 94
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (d->delay_index < d->delay) { \
const int len = FFMIN(nb_samples, d->delay - d->delay_index); \
\
memcpy(&samples[d->delay_index], src, len * sizeof(type)); \
memset(dst, fill, len * sizeof(type)); \
d->delay_index += len; \
src += len; \
dst += len; \
nb_samples -= len; \
Reported by FlawFinder.
Line: 230
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst = out_frame->extended_data[i];
if (!d->delay)
memcpy(dst, src, frame->nb_samples * s->block_align);
else
s->delay_channel(d, frame->nb_samples, src, dst);
}
out_frame->pts = s->next_pts;
Reported by FlawFinder.
libavfilter/af_afftdn.c
2 issues
Line: 580
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
av_free(p);
memcpy(dnch->band_noise, band_noise, sizeof(band_noise));
}
static void set_parameters(AudioFFTDeNoiseContext *s)
{
if (s->last_noise_floor != s->noise_floor)
Reported by FlawFinder.
Line: 1083
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s, AV_LOG_INFO, "%d ", new_band_noise[m]);
}
av_log(s, AV_LOG_INFO, "\n");
memcpy(dnch->band_noise, new_band_noise, sizeof(new_band_noise));
}
if (s->track_noise)
s->noise_floor = new_noise_floor;
}
Reported by FlawFinder.