The following issues were found
libavfilter/vf_curves.c
2 issues
Line: 64
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct CurvesContext {
const AVClass *class;
int preset;
char *comp_points_str[NB_COMP + 1];
char *comp_points_str_all;
uint16_t *graph[NB_COMP + 1];
int lut_size;
char *psfile;
uint8_t rgba_map[4];
Reported by FlawFinder.
Line: 411
Column: 30
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static int dump_curves(const char *fname, uint16_t *graph[NB_COMP + 1],
struct keypoint *comp_points[NB_COMP + 1],
int lut_size)
{
int i;
AVBPrint buf;
Reported by FlawFinder.
libavfilter/vf_dctdnoiz.c
2 issues
Line: 768
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *srcp = src + s->pr_width * 3;
for (y = 0; y < s->pr_height; y++) {
memcpy(dstp, srcp, hpad);
dstp += dst_linesize;
srcp += src_linesize;
}
}
if (vpad) {
Reported by FlawFinder.
Line: 778
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *srcp = src + s->pr_height * src_linesize;
for (y = 0; y < vpad; y++) {
memcpy(dstp, srcp, inlink->w * 3);
dstp += dst_linesize;
srcp += src_linesize;
}
}
Reported by FlawFinder.
libavcodec/atrac9dec.c
2 issues
Line: 355
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c->scalefactors[i] < 0 || c->scalefactors[i] > 31)
return AVERROR_INVALIDDATA;
memcpy(c->scalefactors_prev, c->scalefactors, sizeof(c->scalefactors));
return 0;
}
static inline void calc_codebook_idx(ATRAC9Context *s, ATRAC9BlockData *b,
Reported by FlawFinder.
Line: 783
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->imdct.imdct_half(&s->imdct, s->temp, c->coeffs);
s->fdsp->vector_fmul_window(dst, c->prev_win, s->temp,
s->imdct_win, wsize >> 1);
memcpy(c->prev_win, s->temp + (wsize >> 1), sizeof(float)*wsize >> 1);
}
return 0;
}
Reported by FlawFinder.
libavfilter/vf_dnn_classify.c
2 issues
Line: 142
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (!feof(file)) {
char *label;
char buf[256];
if (!fgets(buf, 256, file)) {
break;
}
line_len = strlen(buf);
Reported by FlawFinder.
Line: 147
Column: 20
CWE codes:
126
break;
}
line_len = strlen(buf);
while (line_len) {
int i = line_len - 1;
if (buf[i] == '\n' || buf[i] == '\r' || buf[i] == ' ') {
buf[i] = '\0';
line_len--;
Reported by FlawFinder.
libavfilter/vf_dnn_detect.c
2 issues
Line: 255
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (!feof(file)) {
char *label;
char buf[256];
if (!fgets(buf, 256, file)) {
break;
}
line_len = strlen(buf);
Reported by FlawFinder.
Line: 260
Column: 20
CWE codes:
126
break;
}
line_len = strlen(buf);
while (line_len) {
int i = line_len - 1;
if (buf[i] == '\n' || buf[i] == '\r' || buf[i] == ' ') {
buf[i] = '\0';
line_len--;
Reported by FlawFinder.
libavfilter/vf_drawbox.c
2 issues
Line: 77
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int x, y, w, h;
int thickness;
char *color_str;
unsigned char yuv_color[4];
int invert_color; ///< invert luma color
int vsub, hsub; ///< chroma subsampling
char *x_expr, *y_expr; ///< expression for x and y
char *w_expr, *h_expr; ///< expression for width and height
char *t_expr; ///< expression for thickness
Reported by FlawFinder.
Line: 105
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void draw_region(AVFrame *frame, DrawBoxContext *ctx, int left, int top, int right, int down,
PixelBelongsToRegion pixel_belongs_to_region)
{
unsigned char *row[4];
int x, y;
if (ctx->have_alpha && ctx->replace) {
for (y = top; y < down; y++) {
ASSIGN_FOUR_CHANNELS
if (ctx->invert_color) {
Reported by FlawFinder.
libavfilter/vf_fftdnoiz.c
2 issues
Line: 301
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst[j] = ssrc[j * data_linesize + i];
av_fft_permute(p->fft, dst);
av_fft_calc(p->fft, dst);
memcpy(bdst, dst, block * sizeof(FFTComplex));
dst += data_linesize;
bdst += buffer_linesize;
}
}
Reported by FlawFinder.
Line: 344
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdst = hdata;
for (i = 0; i < block; i++) {
memcpy(ddst, bsrc, block * sizeof(FFTComplex));
av_fft_permute(p->ifft, ddst);
av_fft_calc(p->ifft, ddst);
for (j = 0; j < block; j++) {
hdst[j * data_linesize + i] = ddst[j];
}
Reported by FlawFinder.
libavcodec/htmlsubtitles.c
2 issues
Line: 91
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct font_tag {
char face[128];
int size;
uint32_t color;
};
/*
Reported by FlawFinder.
Line: 131
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in)
{
char *param, buffer[128];
int len, tag_close, sptr = 0, line_start = 1, an = 0, end = 0;
int closing_brace_missing = 0;
int i, likely_a_tag;
/*
Reported by FlawFinder.
libavfilter/vf_frei0r.c
2 issues
Line: 207
Column: 27
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
/* see: http://frei0r.dyne.org/codedoc/html/group__pluglocations.html */
if ((path = av_strdup(getenv("FREI0R_PATH")))) {
#ifdef _WIN32
const char *separator = ";";
#else
const char *separator = ":";
#endif
Reported by FlawFinder.
Line: 234
Column: 34
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (ret < 0)
return ret;
}
if (!s->dl_handle && (path = getenv("HOME"))) {
char *prefix = av_asprintf("%s/.frei0r-1/lib/", path);
if (!prefix)
return AVERROR(ENOMEM);
ret = load_path(ctx, &s->dl_handle, prefix, dl_name);
av_free(prefix);
Reported by FlawFinder.
libavfilter/vf_geq.c
2 issues
Line: 51
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct GEQContext {
const AVClass *class;
AVExpr *e[NB_PLANES][MAX_NB_THREADS]; ///< expressions for each plane and thread
char *expr_str[4+3]; ///< expression strings for each plane
AVFrame *picref; ///< current input buffer
uint8_t *dst; ///< reference pointer to the 8bits output
uint16_t *dst16; ///< reference pointer to the 16bits output
double values[VAR_VARS_NB]; ///< expression values
int hsub, vsub; ///< chroma subsampling
Reported by FlawFinder.
Line: 253
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (!geq->expr_str[A]) {
char bps_string[8];
snprintf(bps_string, sizeof(bps_string), "%d", (1<<geq->bps) - 1);
geq->expr_str[A] = av_strdup(bps_string);
}
if (!geq->expr_str[G])
geq->expr_str[G] = av_strdup("g(X,Y)");
Reported by FlawFinder.