The following issues were found
tests/checkasm/checkasm.c
14 issues
Line: 418
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
#endif
va_start(arg, fmt);
vfprintf(stderr, fmt, arg);
va_end(arg);
if (use_color) {
#if HAVE_SETCONSOLETEXTATTRIBUTE && HAVE_GETSTDHANDLE
SetConsoleTextAttribute(con, org_attributes);
Reported by FlawFinder.
Line: 755
Column: 19
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list arg;
va_start(arg, name);
name_length = vsnprintf(name_buf, sizeof(name_buf), name, arg);
va_end(arg);
if (!func || name_length <= 0 || name_length >= sizeof(name_buf))
return NULL;
Reported by FlawFinder.
Line: 808
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
print_cpu_name();
fprintf(stderr, " %s_%s (", state.current_func->name, cpu_suffix(state.current_func_ver->cpu));
va_start(arg, msg);
vfprintf(stderr, msg, arg);
va_end(arg);
fprintf(stderr, ")\n");
state.current_func_ver->ok = 0;
state.num_failed++;
Reported by FlawFinder.
Line: 838
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
print_cpu_name();
pad_length -= fprintf(stderr, " - %s.", state.current_test_name);
va_start(arg, name);
pad_length -= vfprintf(stderr, name, arg);
va_end(arg);
fprintf(stderr, "%*c", FFMAX(pad_length, 0) + 2, '[');
if (state.num_failed == prev_failed)
color_printf(COLOR_GREEN, "OK");
Reported by FlawFinder.
Line: 856
Column: 19
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list arg;
va_start(arg, name);
length += vsnprintf(NULL, 0, name, arg);
va_end(arg);
if (length > max_length)
max_length = length;
}
Reported by FlawFinder.
Line: 884
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, "%s:\n", name); \
while (h--) { \
for (int x = 0; x < w; x++) \
fprintf(stderr, " " fmt, buf1[x]); \
fprintf(stderr, " "); \
for (int x = 0; x < w; x++) \
fprintf(stderr, " " fmt, buf2[x]); \
fprintf(stderr, " "); \
for (int x = 0; x < w; x++) \
Reported by FlawFinder.
Line: 887
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, " " fmt, buf1[x]); \
fprintf(stderr, " "); \
for (int x = 0; x < w; x++) \
fprintf(stderr, " " fmt, buf2[x]); \
fprintf(stderr, " "); \
for (int x = 0; x < w; x++) \
fprintf(stderr, "%c", buf1[x] != buf2[x] ? 'x' : '.'); \
buf1 += stride1; \
buf2 += stride2; \
Reported by FlawFinder.
Line: 410
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
SetConsoleTextAttribute(con, (org_attributes & 0xfff0) | (color & 0x0f));
#else
if (use_color < 0) {
const char *term = getenv("TERM");
use_color = term && strcmp(term, "dumb") && isatty(2);
}
if (use_color)
fprintf(stderr, "\x1b[%d;3%dm", (color & 0x08) >> 3, color & 0x07);
#endif
Reported by FlawFinder.
Line: 265
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct CheckasmFunc *child[2];
CheckasmFuncVersion versions;
uint8_t color; /* 0 = red, 1 = black */
char name[1];
} CheckasmFunc;
/* Internal state */
static struct {
CheckasmFunc *funcs;
Reported by FlawFinder.
Line: 582
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Allocate and insert a new node into the tree */
int name_length = strlen(name);
f = *root = checkasm_malloc(sizeof(CheckasmFunc) + name_length);
memcpy(f->name, name, name_length + 1);
}
return f;
}
Reported by FlawFinder.
libavcodec/libvpxenc.c
14 issues
Line: 367
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(data, frame_hdr10_plus.hdr10_plus->data, frame_hdr10_plus.hdr10_plus->size);
av_buffer_unref(&frame_hdr10_plus.hdr10_plus);
return 0;
}
static av_cold int codecctl_int(AVCodecContext *avctx,
Reported by FlawFinder.
Line: 376
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum vp8e_enc_control_id id, int val)
{
VPxContext *ctx = avctx->priv_data;
char buf[80];
int width = -30;
int res;
snprintf(buf, sizeof(buf), "%s:", ctlidstr[id]);
av_log(avctx, AV_LOG_DEBUG, " %*s%d\n", width, buf, val);
Reported by FlawFinder.
Line: 398
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum vp8e_enc_control_id id, int *val)
{
VPxContext *ctx = avctx->priv_data;
char buf[80];
int width = -30;
int res;
snprintf(buf, sizeof(buf), "%s:", ctlidstr[id]);
av_log(avctx, AV_LOG_DEBUG, " %*s%d\n", width, buf, *val);
Reported by FlawFinder.
Line: 485
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cfg->ts_number_layers = 2;
cfg->ts_rate_decimator[0] = 2;
cfg->ts_rate_decimator[1] = 1;
memcpy(cfg->ts_layer_id, ids, sizeof(ids));
layer_flags[0] =
VP8_EFLAG_NO_REF_GF | VP8_EFLAG_NO_REF_ARF |
VP8_EFLAG_NO_UPD_GF | VP8_EFLAG_NO_UPD_ARF;
layer_flags[1] =
Reported by FlawFinder.
Line: 510
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cfg->ts_rate_decimator[0] = 4;
cfg->ts_rate_decimator[1] = 2;
cfg->ts_rate_decimator[2] = 1;
memcpy(cfg->ts_layer_id, ids, sizeof(ids));
/**
* 0=L, 1=GF, 2=ARF,
* Intra-layer prediction disabled.
*/
Reported by FlawFinder.
Line: 545
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cfg->ts_rate_decimator[0] = 4;
cfg->ts_rate_decimator[1] = 2;
cfg->ts_rate_decimator[2] = 1;
memcpy(cfg->ts_layer_id, ids, sizeof(ids));
/**
* 0=L, 1=GF, 2=ARF, Intra-layer prediction disabled.
*/
layer_flags[0] =
Reported by FlawFinder.
Line: 1250
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
memcpy(pkt->data, cx_frame->buf, pkt->size);
pkt->pts = pkt->dts = cx_frame->pts;
if (!!(cx_frame->flags & VPX_FRAME_IS_KEY)) {
pict_type = AV_PICTURE_TYPE_I;
pkt->flags |= AV_PKT_FLAG_KEY;
Reported by FlawFinder.
Line: 1278
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
AV_WB64(side_data, 1);
memcpy(side_data + 8, cx_frame->buf_alpha, cx_frame->sz_alpha);
}
if (cx_frame->frame_number != -1) {
VPxContext *ctx = avctx->priv_data;
if (!ctx->discard_hdr10_plus) {
int err = copy_hdr10_plus_to_pkt(ctx->hdr10_plus_fifo, pkt);
Reported by FlawFinder.
Line: 1354
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_freep(&cx_frame);
return AVERROR(ENOMEM);
}
memcpy(cx_frame->buf, pkt->data.frame.buf, pkt->data.frame.sz);
if (ctx->is_alpha) {
cx_frame->buf_alpha = av_malloc(cx_frame->sz_alpha);
if (!cx_frame->buf_alpha) {
av_log(avctx, AV_LOG_ERROR,
"Data buffer alloc (%"SIZE_SPECIFIER" bytes) failed\n",
Reported by FlawFinder.
Line: 1364
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_free(cx_frame);
return AVERROR(ENOMEM);
}
memcpy(cx_frame->buf_alpha, pkt_alpha->data.frame.buf, pkt_alpha->data.frame.sz);
}
coded_frame_add(&ctx->coded_frame_list, cx_frame);
}
break;
case VPX_CODEC_STATS_PKT: {
Reported by FlawFinder.
libavcodec/mpegvideo_enc.c
13 issues
Line: 2711
CWE codes:
908
bytestream_put_byte(&ptr, s->qscale);
bytestream_put_byte(&ptr, gobn);
bytestream_put_le16(&ptr, mba);
bytestream_put_byte(&ptr, pred_x); /* hmv1 */
bytestream_put_byte(&ptr, pred_y); /* vmv1 */
/* 4MV not implemented */
bytestream_put_byte(&ptr, 0); /* hmv2 */
bytestream_put_byte(&ptr, 0); /* vmv2 */
}
Reported by Cppcheck.
Line: 2712
CWE codes:
908
bytestream_put_byte(&ptr, gobn);
bytestream_put_le16(&ptr, mba);
bytestream_put_byte(&ptr, pred_x); /* hmv1 */
bytestream_put_byte(&ptr, pred_y); /* vmv1 */
/* 4MV not implemented */
bytestream_put_byte(&ptr, 0); /* hmv2 */
bytestream_put_byte(&ptr, 0); /* vmv2 */
}
Reported by Cppcheck.
Line: 1143
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst += INPLACE_OFFSET;
if (src_stride == dst_stride)
memcpy(dst, src, src_stride * h);
else {
int h2 = h;
uint8_t *dst2 = dst;
while (h2--) {
memcpy(dst2, src, w);
Reported by FlawFinder.
Line: 1148
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int h2 = h;
uint8_t *dst2 = dst;
while (h2--) {
memcpy(dst2, src, w);
dst2 += dst_stride;
src += src_stride;
}
}
if ((s->width & 15) || (s->height & (vpad-1))) {
Reported by FlawFinder.
Line: 1946
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void dct_single_coeff_elimination(MpegEncContext *s,
int n, int threshold)
{
static const char tab[64] = {
3, 2, 2, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
Reported by FlawFinder.
Line: 2322
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
get_visual_weight(weight[7], ptr_cr + uv_dct_offset,
wrap_c);
}
memcpy(orig[0], s->block[0], sizeof(int16_t) * 64 * mb_block_count);
}
/* DCT & quantize */
av_assert2(s->out_format != FMT_MJPEG || s->qscale == 8);
{
Reported by FlawFinder.
Line: 2452
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void copy_context_before_encode(MpegEncContext *d, MpegEncContext *s, int type){
int i;
memcpy(d->last_mv, s->last_mv, 2*2*2*sizeof(int)); //FIXME is memcpy faster than a loop?
/* MPEG-1 */
d->mb_skip_run= s->mb_skip_run;
for(i=0; i<3; i++)
d->last_dc[i] = s->last_dc[i];
Reported by FlawFinder.
Line: 2480
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void copy_context_after_encode(MpegEncContext *d, MpegEncContext *s, int type){
int i;
memcpy(d->mv, s->mv, 2*4*2*sizeof(int));
memcpy(d->last_mv, s->last_mv, 2*2*2*sizeof(int)); //FIXME is memcpy faster than a loop?
/* MPEG-1 */
d->mb_skip_run= s->mb_skip_run;
for(i=0; i<3; i++)
Reported by FlawFinder.
Line: 2481
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
memcpy(d->mv, s->mv, 2*4*2*sizeof(int));
memcpy(d->last_mv, s->last_mv, 2*2*2*sizeof(int)); //FIXME is memcpy faster than a loop?
/* MPEG-1 */
d->mb_skip_run= s->mb_skip_run;
for(i=0; i<3; i++)
d->last_dc[i] = s->last_dc[i];
Reported by FlawFinder.
Line: 2533
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if(*next_block){
memcpy(dest_backup, s->dest, sizeof(s->dest));
s->dest[0] = s->sc.rd_scratchpad;
s->dest[1] = s->sc.rd_scratchpad + 16*s->linesize;
s->dest[2] = s->sc.rd_scratchpad + 16*s->linesize + 8;
av_assert0(s->linesize >= 32); //FIXME
}
Reported by FlawFinder.
libavcodec/cbs.c
13 issues
Line: 235
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frag->data = frag->data_ref->data;
frag->data_size = size;
memcpy(frag->data, data, size);
memset(frag->data + size, 0,
AV_INPUT_BUFFER_PADDING_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 367
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
memcpy(unit->data, ctx->write_buffer, unit->data_size);
return 0;
}
int ff_cbs_write_fragment_data(CodedBitstreamContext *ctx,
Reported by FlawFinder.
Line: 425
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!par->extradata)
return AVERROR(ENOMEM);
memcpy(par->extradata, frag->data, frag->data_size);
memset(par->extradata + frag->data_size, 0,
AV_INPUT_BUFFER_PADDING_SIZE);
par->extradata_size = frag->data_size;
return 0;
Reported by FlawFinder.
Line: 471
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *str, const int *subscripts,
const char *bits, int64_t value)
{
char name[256];
size_t name_len, bits_len;
int pad, subs, i, j, k, n;
if (!ctx->trace_enable)
return;
Reported by FlawFinder.
Line: 539
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
value = get_bits_long(gbc, width);
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = value >> (width - i - 1) & 1 ? '1' : '0';
bits[i] = 0;
Reported by FlawFinder.
Line: 578
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = value >> (width - i - 1) & 1 ? '1' : '0';
bits[i] = 0;
Reported by FlawFinder.
Line: 618
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
value = get_sbits_long(gbc, width);
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = value & (1U << (width - i - 1)) ? '1' : '0';
bits[i] = 0;
Reported by FlawFinder.
Line: 657
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return AVERROR(ENOSPC);
if (ctx->trace_enable) {
char bits[33];
int i;
for (i = 0; i < width; i++)
bits[i] = value & (1U << (width - i - 1)) ? '1' : '0';
bits[i] = 0;
Reported by FlawFinder.
Line: 732
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frag->nb_units_allocated = 2*frag->nb_units_allocated + 1;
if (position > 0)
memcpy(units, frag->units, position * sizeof(*units));
if (position < frag->nb_units)
memcpy(units + position + 1, frag->units + position,
(frag->nb_units - position) * sizeof(*units));
}
Reported by FlawFinder.
Line: 735
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(units, frag->units, position * sizeof(*units));
if (position < frag->nb_units)
memcpy(units + position + 1, frag->units + position,
(frag->nb_units - position) * sizeof(*units));
}
memset(units + position, 0, sizeof(*units));
Reported by FlawFinder.
libavformat/vorbiscomment.c
13 issues
Line: 93
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
for (int i = 0; i < nb_chapters; i++) {
AVChapter *chp = chapters[i];
char chapter_time[13];
char chapter_number[4];
int h, m, s, ms;
s = av_rescale(chp->start, chp->time_base.num, chp->time_base.den);
h = s / 3600;
Reported by FlawFinder.
Line: 94
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (int i = 0; i < nb_chapters; i++) {
AVChapter *chp = chapters[i];
char chapter_time[13];
char chapter_number[4];
int h, m, s, ms;
s = av_rescale(chp->start, chp->time_base.num, chp->time_base.den);
h = s / 3600;
m = (s / 60) % 60;
Reported by FlawFinder.
Line: 45
Column: 12
CWE codes:
126
AVChapter **chapters, unsigned int nb_chapters)
{
int64_t len = 8;
len += strlen(vendor_string);
if (chapters && nb_chapters) {
for (int i = 0; i < nb_chapters; i++) {
AVDictionaryEntry *tag = NULL;
len += 4 + 12 + 1 + 10;
while ((tag = av_dict_get(chapters[i]->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) {
Reported by FlawFinder.
Line: 51
Column: 65
CWE codes:
126
AVDictionaryEntry *tag = NULL;
len += 4 + 12 + 1 + 10;
while ((tag = av_dict_get(chapters[i]->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) {
int64_t len1 = !strcmp(tag->key, "title") ? 4 : strlen(tag->key);
len += 4 + 10 + len1 + 1 + strlen(tag->value);
}
}
}
if (m) {
Reported by FlawFinder.
Line: 52
Column: 44
CWE codes:
126
len += 4 + 12 + 1 + 10;
while ((tag = av_dict_get(chapters[i]->metadata, "", tag, AV_DICT_IGNORE_SUFFIX))) {
int64_t len1 = !strcmp(tag->key, "title") ? 4 : strlen(tag->key);
len += 4 + 10 + len1 + 1 + strlen(tag->value);
}
}
}
if (m) {
AVDictionaryEntry *tag = NULL;
Reported by FlawFinder.
Line: 59
Column: 46
CWE codes:
126
if (m) {
AVDictionaryEntry *tag = NULL;
while ((tag = av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) {
len += 4 +strlen(tag->key) + 1 + strlen(tag->value);
}
}
return len;
}
Reported by FlawFinder.
Line: 59
Column: 23
CWE codes:
126
if (m) {
AVDictionaryEntry *tag = NULL;
while ((tag = av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) {
len += 4 +strlen(tag->key) + 1 + strlen(tag->value);
}
}
return len;
}
Reported by FlawFinder.
Line: 70
Column: 19
CWE codes:
126
AVChapter **chapters, unsigned int nb_chapters)
{
int cm_count = 0;
avio_wl32(pb, strlen(vendor_string));
avio_write(pb, vendor_string, strlen(vendor_string));
if (chapters && nb_chapters) {
for (int i = 0; i < nb_chapters; i++) {
cm_count += av_dict_count(chapters[i]->metadata) + 1;
}
Reported by FlawFinder.
Line: 71
Column: 35
CWE codes:
126
{
int cm_count = 0;
avio_wl32(pb, strlen(vendor_string));
avio_write(pb, vendor_string, strlen(vendor_string));
if (chapters && nb_chapters) {
for (int i = 0; i < nb_chapters; i++) {
cm_count += av_dict_count(chapters[i]->metadata) + 1;
}
}
Reported by FlawFinder.
Line: 82
Column: 28
CWE codes:
126
AVDictionaryEntry *tag = NULL;
avio_wl32(pb, count);
while ((tag = av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) {
int64_t len1 = strlen(tag->key);
int64_t len2 = strlen(tag->value);
if (len1+1+len2 > UINT32_MAX)
return AVERROR(EINVAL);
avio_wl32(pb, len1 + 1 + len2);
avio_write(pb, tag->key, len1);
Reported by FlawFinder.
libavutil/encryption_info.c
13 issues
Line: 74
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret->scheme = info->scheme;
ret->crypt_byte_block = info->crypt_byte_block;
ret->skip_byte_block = info->skip_byte_block;
memcpy(ret->iv, info->iv, info->iv_size);
memcpy(ret->key_id, info->key_id, info->key_id_size);
memcpy(ret->subsamples, info->subsamples, sizeof(*info->subsamples) * info->subsample_count);
return ret;
}
Reported by FlawFinder.
Line: 75
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret->crypt_byte_block = info->crypt_byte_block;
ret->skip_byte_block = info->skip_byte_block;
memcpy(ret->iv, info->iv, info->iv_size);
memcpy(ret->key_id, info->key_id, info->key_id_size);
memcpy(ret->subsamples, info->subsamples, sizeof(*info->subsamples) * info->subsample_count);
return ret;
}
void av_encryption_info_free(AVEncryptionInfo *info)
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret->skip_byte_block = info->skip_byte_block;
memcpy(ret->iv, info->iv, info->iv_size);
memcpy(ret->key_id, info->key_id, info->key_id_size);
memcpy(ret->subsamples, info->subsamples, sizeof(*info->subsamples) * info->subsample_count);
return ret;
}
void av_encryption_info_free(AVEncryptionInfo *info)
{
Reported by FlawFinder.
Line: 112
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->scheme = AV_RB32(buffer);
info->crypt_byte_block = AV_RB32(buffer + 4);
info->skip_byte_block = AV_RB32(buffer + 8);
memcpy(info->key_id, buffer + 24, key_id_size);
memcpy(info->iv, buffer + key_id_size + 24, iv_size);
buffer += key_id_size + iv_size + 24;
for (i = 0; i < subsample_count; i++) {
info->subsamples[i].bytes_of_clear_data = AV_RB32(buffer);
Reported by FlawFinder.
Line: 113
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->crypt_byte_block = AV_RB32(buffer + 4);
info->skip_byte_block = AV_RB32(buffer + 8);
memcpy(info->key_id, buffer + 24, key_id_size);
memcpy(info->iv, buffer + key_id_size + 24, iv_size);
buffer += key_id_size + iv_size + 24;
for (i = 0; i < subsample_count; i++) {
info->subsamples[i].bytes_of_clear_data = AV_RB32(buffer);
info->subsamples[i].bytes_of_protected_data = AV_RB32(buffer + 4);
Reported by FlawFinder.
Line: 149
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB32(cur_buffer + 16, info->iv_size);
AV_WB32(cur_buffer + 20, info->subsample_count);
cur_buffer += 24;
memcpy(cur_buffer, info->key_id, info->key_id_size);
cur_buffer += info->key_id_size;
memcpy(cur_buffer, info->iv, info->iv_size);
cur_buffer += info->iv_size;
for (i = 0; i < info->subsample_count; i++) {
AV_WB32(cur_buffer, info->subsamples[i].bytes_of_clear_data);
Reported by FlawFinder.
Line: 151
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cur_buffer += 24;
memcpy(cur_buffer, info->key_id, info->key_id_size);
cur_buffer += info->key_id_size;
memcpy(cur_buffer, info->iv, info->iv_size);
cur_buffer += info->iv_size;
for (i = 0; i < info->subsample_count; i++) {
AV_WB32(cur_buffer, info->subsamples[i].bytes_of_clear_data);
AV_WB32(cur_buffer + 4, info->subsamples[i].bytes_of_protected_data);
cur_buffer += 8;
Reported by FlawFinder.
Line: 274
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info = temp_info;
}
memcpy(info->system_id, side_data, system_id_size);
side_data += system_id_size;
side_data_size -= system_id_size;
for (j = 0; j < num_key_ids; j++) {
memcpy(info->key_ids[j], side_data, key_id_size);
side_data += key_id_size;
Reported by FlawFinder.
Line: 278
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
side_data += system_id_size;
side_data_size -= system_id_size;
for (j = 0; j < num_key_ids; j++) {
memcpy(info->key_ids[j], side_data, key_id_size);
side_data += key_id_size;
side_data_size -= key_id_size;
}
memcpy(info->data, side_data, data_size);
side_data += data_size;
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
side_data += key_id_size;
side_data_size -= key_id_size;
}
memcpy(info->data, side_data, data_size);
side_data += data_size;
side_data_size -= data_size;
}
return ret;
Reported by FlawFinder.
libavcodec/aacsbr_template.c
13 issues
Line: 147
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (k = 1; k <= sbr->num_patches; k++)
patch_borders[k] = patch_borders[k-1] + sbr->patch_num_subbands[k-1];
memcpy(sbr->f_tablelim, sbr->f_tablelow,
(sbr->n[0] + 1) * sizeof(sbr->f_tablelow[0]));
if (sbr->num_patches > 1)
memcpy(sbr->f_tablelim + sbr->n[0] + 1, patch_borders + 1,
(sbr->num_patches - 1) * sizeof(patch_borders[0]));
Reported by FlawFinder.
Line: 150
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sbr->f_tablelim, sbr->f_tablelow,
(sbr->n[0] + 1) * sizeof(sbr->f_tablelow[0]));
if (sbr->num_patches > 1)
memcpy(sbr->f_tablelim + sbr->n[0] + 1, patch_borders + 1,
(sbr->num_patches - 1) * sizeof(patch_borders[0]));
AV_QSORT(sbr->f_tablelim, sbr->num_patches + sbr->n[0],
uint16_t,
qsort_comparison_function_int16);
Reported by FlawFinder.
Line: 195
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sbr->ready_for_dequant = 0;
// Save last spectrum parameters variables to compare to new ones
memcpy(&old_spectrum_params, &sbr->spectrum_params, sizeof(SpectrumParameters));
sbr->bs_amp_res_header = get_bits1(gb);
sbr->spectrum_params.bs_start_freq = get_bits(gb, 4);
sbr->spectrum_params.bs_stop_freq = get_bits(gb, 4);
sbr->spectrum_params.bs_xover_band = get_bits(gb, 3);
Reported by FlawFinder.
Line: 468
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
memcpy(&sbr->f_master[0], vk0,
(num_bands_0 + 1) * sizeof(sbr->f_master[0]));
memcpy(&sbr->f_master[num_bands_0 + 1], vk1 + 1,
num_bands_1 * sizeof(sbr->f_master[0]));
} else {
sbr->n_master = num_bands_0;
if (check_n_master(ac->avctx, sbr->n_master, sbr->spectrum_params.bs_xover_band))
Reported by FlawFinder.
Line: 475
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sbr->n_master = num_bands_0;
if (check_n_master(ac->avctx, sbr->n_master, sbr->spectrum_params.bs_xover_band))
return -1;
memcpy(sbr->f_master, vk0, (num_bands_0 + 1) * sizeof(sbr->f_master[0]));
}
}
return 0;
}
Reported by FlawFinder.
Line: 551
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sbr->n[1] = sbr->n_master - sbr->spectrum_params.bs_xover_band;
sbr->n[0] = (sbr->n[1] + 1) >> 1;
memcpy(sbr->f_tablehigh, &sbr->f_master[sbr->spectrum_params.bs_xover_band],
(sbr->n[1] + 1) * sizeof(sbr->f_master[0]));
sbr->m[1] = sbr->f_tablehigh[sbr->n[1]] - sbr->f_tablehigh[0];
sbr->kx[1] = sbr->f_tablehigh[0];
// Requirements (14496-3 sp04 p205)
Reported by FlawFinder.
Line: 780
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst->e_a[0] = -(dst->e_a[1] != dst->bs_num_env);
//These variables are read from the bitstream and therefore copied
memcpy(dst->bs_freq_res+1, src->bs_freq_res+1, sizeof(dst->bs_freq_res)-sizeof(*dst->bs_freq_res));
memcpy(dst->t_env, src->t_env, sizeof(dst->t_env));
memcpy(dst->t_q, src->t_q, sizeof(dst->t_q));
dst->bs_num_env = src->bs_num_env;
dst->bs_amp_res = src->bs_amp_res;
dst->bs_num_noise = src->bs_num_noise;
Reported by FlawFinder.
Line: 804
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int i;
memcpy(ch_data->bs_invf_mode[1], ch_data->bs_invf_mode[0], 5 * sizeof(uint8_t));
for (i = 0; i < sbr->n_q; i++)
ch_data->bs_invf_mode[0][i] = get_bits(gb, 2);
}
static int read_sbr_envelope(AACContext *ac, SpectralBandReplication *sbr, GetBitContext *gb,
Reported by FlawFinder.
Line: 1010
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
read_sbr_dtdf(sbr, gb, &sbr->data[0]);
read_sbr_dtdf(sbr, gb, &sbr->data[1]);
read_sbr_invf(sbr, gb, &sbr->data[0]);
memcpy(sbr->data[1].bs_invf_mode[1], sbr->data[1].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0]));
memcpy(sbr->data[1].bs_invf_mode[0], sbr->data[0].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0]));
if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret;
Reported by FlawFinder.
Line: 1176
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if USE_FIXED
int j;
#endif
memcpy(x , x+1024, (320-32)*sizeof(x[0]));
memcpy(x+288, in, 1024*sizeof(x[0]));
for (i = 0; i < 32; i++) { // numTimeSlots*RATE = 16*2 as 960 sample frames
// are not supported
dsp->vector_fmul_reverse(z, sbr_qmf_window_ds, x, 320);
sbrdsp->sum64x5(z);
Reported by FlawFinder.
libavfilter/af_firequalizer.c
13 issues
Line: 210
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int k;
memset(buf, 0, center * sizeof(*data));
memcpy(buf + center, data, nsamples * sizeof(*data));
memset(buf + center + nsamples, 0, (s->rdft_len - nsamples - center) * sizeof(*data));
av_rdft_calc(s->rdft, buf);
buf[0] *= kernel_buf[0];
buf[1] *= kernel_buf[s->rdft_len/2];
Reported by FlawFinder.
Line: 224
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_rdft_calc(s->irdft, buf);
for (k = 0; k < s->rdft_len - idx->overlap_idx; k++)
buf[k] += obuf[k];
memcpy(data, buf, nsamples * sizeof(*data));
idx->buf_idx = !idx->buf_idx;
idx->overlap_idx = nsamples;
} else {
while (nsamples > s->nsamples_max * 2) {
fast_convolute(s, kernel_buf, conv_buf, idx, data, s->nsamples_max);
Reported by FlawFinder.
Line: 247
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *obuf = conv_buf + !idx->buf_idx * s->rdft_len + idx->overlap_idx;
int k;
memcpy(buf, data, nsamples * sizeof(*data));
memset(buf + nsamples, 0, (s->rdft_len - nsamples) * sizeof(*data));
av_rdft_calc(s->rdft, buf);
buf[0] *= kernel_buf[0];
buf[1] *= kernel_buf[1];
Reported by FlawFinder.
Line: 264
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_rdft_calc(s->irdft, buf);
for (k = 0; k < s->rdft_len - idx->overlap_idx; k++)
buf[k] += obuf[k];
memcpy(data, buf, nsamples * sizeof(*data));
idx->buf_idx = !idx->buf_idx;
idx->overlap_idx = nsamples;
} else {
while (nsamples > s->nsamples_max * 2) {
fast_convolute_nonlinear(s, kernel_buf, conv_buf, idx, data, s->nsamples_max);
Reported by FlawFinder.
Line: 549
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
double minval = 1e-7 / rdft_len;
memset(s->cepstrum_buf, 0, cepstrum_len * sizeof(*s->cepstrum_buf));
memcpy(s->cepstrum_buf, rdft_buf, rdft_len/2 * sizeof(*rdft_buf));
memcpy(s->cepstrum_buf + cepstrum_len - rdft_len/2, rdft_buf + rdft_len/2, rdft_len/2 * sizeof(*rdft_buf));
av_rdft_calc(s->cepstrum_rdft, s->cepstrum_buf);
s->cepstrum_buf[0] = log(FFMAX(s->cepstrum_buf[0], minval));
Reported by FlawFinder.
Line: 550
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(s->cepstrum_buf, 0, cepstrum_len * sizeof(*s->cepstrum_buf));
memcpy(s->cepstrum_buf, rdft_buf, rdft_len/2 * sizeof(*rdft_buf));
memcpy(s->cepstrum_buf + cepstrum_len - rdft_len/2, rdft_buf + rdft_len/2, rdft_len/2 * sizeof(*rdft_buf));
av_rdft_calc(s->cepstrum_rdft, s->cepstrum_buf);
s->cepstrum_buf[0] = log(FFMAX(s->cepstrum_buf[0], minval));
s->cepstrum_buf[1] = log(FFMAX(s->cepstrum_buf[1], minval));
Reported by FlawFinder.
Line: 581
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_rdft_calc(s->cepstrum_irdft, s->cepstrum_buf);
memset(rdft_buf, 0, s->rdft_len * sizeof(*rdft_buf));
memcpy(rdft_buf, s->cepstrum_buf, s->fir_len * sizeof(*rdft_buf));
if (s->dumpfile) {
memset(s->analysis_buf, 0, s->analysis_rdft_len * sizeof(*s->analysis_buf));
memcpy(s->analysis_buf, s->cepstrum_buf, s->fir_len * sizeof(*s->analysis_buf));
}
Reported by FlawFinder.
Line: 585
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (s->dumpfile) {
memset(s->analysis_buf, 0, s->analysis_rdft_len * sizeof(*s->analysis_buf));
memcpy(s->analysis_buf, s->cepstrum_buf, s->fir_len * sizeof(*s->analysis_buf));
}
}
static int generate_kernel(AVFilterContext *ctx, const char *gain, const char *gain_entry)
Reported by FlawFinder.
Line: 624
Column: 74
CWE codes:
362
if (ret < 0)
return ret;
if (s->dumpfile && (!s->dump_buf || !s->analysis_rdft || !(dump_fp = fopen(s->dumpfile, "w"))))
av_log(ctx, AV_LOG_WARNING, "dumping failed.\n");
vars[VAR_CHS] = inlink->channels;
vars[VAR_CHLAYOUT] = inlink->channel_layout;
vars[VAR_SR] = inlink->sample_rate;
Reported by FlawFinder.
Line: 657
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (s->dump_buf)
memcpy(s->dump_buf, s->analysis_buf, s->analysis_rdft_len * sizeof(*s->analysis_buf));
av_rdft_calc(s->analysis_irdft, s->analysis_buf);
center = s->fir_len / 2;
for (k = 0; k <= center; k++) {
Reported by FlawFinder.
libavcodec/dnxhdenc.c
13 issues
Line: 96
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pixels += line_size;
block += 8;
}
memcpy(block, block - 8, sizeof(*block) * 8);
memcpy(block + 8, block - 16, sizeof(*block) * 8);
memcpy(block + 16, block - 24, sizeof(*block) * 8);
memcpy(block + 24, block - 32, sizeof(*block) * 8);
}
Reported by FlawFinder.
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block += 8;
}
memcpy(block, block - 8, sizeof(*block) * 8);
memcpy(block + 8, block - 16, sizeof(*block) * 8);
memcpy(block + 16, block - 24, sizeof(*block) * 8);
memcpy(block + 24, block - 32, sizeof(*block) * 8);
}
static av_always_inline
Reported by FlawFinder.
Line: 98
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(block, block - 8, sizeof(*block) * 8);
memcpy(block + 8, block - 16, sizeof(*block) * 8);
memcpy(block + 16, block - 24, sizeof(*block) * 8);
memcpy(block + 24, block - 32, sizeof(*block) * 8);
}
static av_always_inline
void dnxhd_10bit_get_pixels_8x4_sym(int16_t *av_restrict block,
Reported by FlawFinder.
Line: 99
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(block, block - 8, sizeof(*block) * 8);
memcpy(block + 8, block - 16, sizeof(*block) * 8);
memcpy(block + 16, block - 24, sizeof(*block) * 8);
memcpy(block + 24, block - 32, sizeof(*block) * 8);
}
static av_always_inline
void dnxhd_10bit_get_pixels_8x4_sym(int16_t *av_restrict block,
const uint8_t *pixels,
Reported by FlawFinder.
Line: 107
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *pixels,
ptrdiff_t line_size)
{
memcpy(block + 0 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 7 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptrdiff_t line_size)
{
memcpy(block + 0 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 7 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 3 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
Reported by FlawFinder.
Line: 109
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(block + 0 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 7 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 3 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
memcpy(block + 4 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
Reported by FlawFinder.
Line: 110
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(block + 0 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 7 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 3 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
memcpy(block + 4 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
}
Reported by FlawFinder.
Line: 111
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(block + 7 * 8, pixels + 0 * line_size, 8 * sizeof(*block));
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 3 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
memcpy(block + 4 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
}
Reported by FlawFinder.
Line: 112
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(block + 1 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 6 * 8, pixels + 1 * line_size, 8 * sizeof(*block));
memcpy(block + 2 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 5 * 8, pixels + 2 * line_size, 8 * sizeof(*block));
memcpy(block + 3 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
memcpy(block + 4 * 8, pixels + 3 * line_size, 8 * sizeof(*block));
}
static int dnxhd_10bit_dct_quantize_444(MpegEncContext *ctx, int16_t *block,
Reported by FlawFinder.
libavfilter/vf_nnedi.c
13 issues
Line: 250
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float state[12];
for (int i = 0; i < 4; i++)
memcpy(input + i * 12, window + i * src_stride + j, 12 * sizeof(float));
// Layer 0.
for (int n = 0; n < 4; n++)
state[n] = dot_dsp(s, m_data->kernel_l0[n], input, 48, 1.0f, m_data->bias_l0[n]);
transform_elliott(state + 1, 3);
Reported by FlawFinder.
Line: 286
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float state[8];
for (int i = 0; i < 4; i++)
memcpy(input + i * 16, window + i * src_stride + j, 16 * sizeof(float));
for (int n = 0; n < 4; n++)
state[n] = dot_dsp(s, m_data->kernel_l0[n], input, 64, 1.0f, m_data->bias_l0[n]);
transform_elliott(state, 4);
Reported by FlawFinder.
Line: 339
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float tmp;
for (int i = 0; i < model->ydim; i++) {
memcpy(buf, src, model->xdim * sizeof(float));
for (int j = 0; j < model->xdim; j++) {
const float val = src[j];
sum += val;
Reported by FlawFinder.
Line: 585
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out_line = dst_data + (y_out * dst_linesize);
while (y_out < slice_end) {
memcpy(out_line, in_line, s->linesize[p]);
y_out += 2;
in_line += src_linesize * 2;
out_line += dst_linesize * 2;
}
Reported by FlawFinder.
Line: 747
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void copy_weights(float *dst, int n, const float **data)
{
memcpy(dst, *data, n * sizeof(float));
*data += n;
}
static float *allocate(float **ptr, int size)
{
Reported by FlawFinder.
Line: 104
Column: 12
CWE codes:
120
20
float **input_buf;
float **output_buf;
void (*read)(const uint8_t *src, float *dst,
int src_stride, int dst_stride,
int width, int height, float scale);
void (*write)(const float *src, uint8_t *dst,
int src_stride, int dst_stride,
int width, int height, int depth, float scale);
Reported by FlawFinder.
Line: 593
Column: 12
CWE codes:
120
20
y_out = slice_start + ((!tff) ^ (slice_start & 1));
s->read(src_data + FFMAX(y_out - 5, tff) * src_linesize,
srcbuf + 32,
src_linesize * 2, srcbuf_stride,
width, 1, in_scale);
srcbuf += srcbuf_stride;
Reported by FlawFinder.
Line: 599
Column: 12
CWE codes:
120
20
width, 1, in_scale);
srcbuf += srcbuf_stride;
s->read(src_data + FFMAX(y_out - 3, tff) * src_linesize,
srcbuf + 32,
src_linesize * 2, srcbuf_stride,
width, 1, in_scale);
srcbuf += srcbuf_stride;
Reported by FlawFinder.
Line: 605
Column: 12
CWE codes:
120
20
width, 1, in_scale);
srcbuf += srcbuf_stride;
s->read(src_data + FFMAX(y_out - 1, tff) * src_linesize,
srcbuf + 32,
src_linesize * 2, srcbuf_stride,
width, 1, in_scale);
srcbuf += srcbuf_stride;
Reported by FlawFinder.
Line: 614
Column: 12
CWE codes:
120
20
in_line = src_data + FFMIN(y_out + 1, height - 1 - !tff) * src_linesize;
out_line = dst_data + (y_out * dst_linesize);
s->read(in_line, srcbuf + 32, src_linesize * 2, srcbuf_stride,
width, slice_height - last_slice, in_scale);
y_out += (slice_height - last_slice) * 2;
s->read(src_data + FFMIN(y_out + 1, height - 1 - !tff) * src_linesize,
Reported by FlawFinder.