The following issues were found
libavfilter/vf_swaprect.c
2 issues
Line: 188
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *dst = in->data[p] + y2[p] * in->linesize[p] + x2[p] * s->pixsteps[p];
for (y = 0; y < ph[p]; y++) {
memcpy(s->temp, src, pw[p] * s->pixsteps[p]);
memmove(src, dst, pw[p] * s->pixsteps[p]);
memcpy(dst, s->temp, pw[p] * s->pixsteps[p]);
src += in->linesize[p];
dst += in->linesize[p];
}
Reported by FlawFinder.
Line: 190
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (y = 0; y < ph[p]; y++) {
memcpy(s->temp, src, pw[p] * s->pixsteps[p]);
memmove(src, dst, pw[p] * s->pixsteps[p]);
memcpy(dst, s->temp, pw[p] * s->pixsteps[p]);
src += in->linesize[p];
dst += in->linesize[p];
}
}
}
Reported by FlawFinder.
libavfilter/vf_tmidequalizer.c
2 issues
Line: 209
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->frames[s->f_frames])
return AVERROR(ENOMEM);
for (int p = 0; p < s->nb_planes; p++) {
memcpy(s->histogram[p][s->f_frames],
s->histogram[p][s->f_frames - 1],
s->histogram_size * sizeof(float));
}
s->f_frames++;
}
Reported by FlawFinder.
Line: 224
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->frames[s->f_frames])
return AVERROR(ENOMEM);
for (int p = 0; p < s->nb_planes; p++) {
memcpy(s->histogram[p][s->f_frames],
s->histogram[p][s->f_frames - 1],
s->histogram_size * sizeof(float));
}
s->f_frames++;
}
Reported by FlawFinder.
libavcodec/bfi.c
2 issues
Line: 92
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame->pict_type = AV_PICTURE_TYPE_P;
frame->key_frame = 0;
frame->palette_has_changed = 0;
memcpy(frame->data[1], bfi->pal, sizeof(bfi->pal));
}
bytestream2_skip(&g, 4); // Unpacked size, not required.
while (dst != frame_end) {
Reported by FlawFinder.
Line: 162
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = bfi->dst;
dst = frame->data[0];
while (height--) {
memcpy(dst, src, avctx->width);
src += avctx->width;
dst += frame->linesize[0];
}
*got_frame = 1;
Reported by FlawFinder.
libavfilter/vf_v360.c
2 issues
Line: 4280
CWE codes:
476
if (s->mask_size == 1) {
mask8[0] = 255 * (out_mask & in_mask);
} else {
mask16[0] = max_value * (out_mask & in_mask);
}
}
}
}
}
Reported by Cppcheck.
Line: 315
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} \
\
for (int y = slice_start; y < slice_end && mask; y++) { \
memcpy(dst + y * out_linesize, mask + \
(y - slice_start) * width * (bits >> 3), width * (bits >> 3)); \
} \
} \
} \
\
Reported by FlawFinder.
libavfilter/vf_vflip.c
2 issues
Line: 99
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_frame_copy_props(out, in);
outrow = out->data[0] + out->linesize[0] * (outlink->h - 2);
for (i = 0; i < outlink->h >> 1; i++) {
memcpy(outrow, inrow, width);
memcpy(outrow + out->linesize[0], inrow + in->linesize[0], width);
inrow += 2 * in->linesize[0];
outrow -= 2 * out->linesize[0];
}
av_frame_free(&in);
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outrow = out->data[0] + out->linesize[0] * (outlink->h - 2);
for (i = 0; i < outlink->h >> 1; i++) {
memcpy(outrow, inrow, width);
memcpy(outrow + out->linesize[0], inrow + in->linesize[0], width);
inrow += 2 * in->linesize[0];
outrow -= 2 * out->linesize[0];
}
av_frame_free(&in);
return ff_filter_frame(outlink, out);
Reported by FlawFinder.
libavfilter/vsrc_cellauto.c
2 issues
Line: 157
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->pattern = av_malloc(s->file_bufsize + 1);
if (!s->pattern)
return AVERROR(ENOMEM);
memcpy(s->pattern, s->file_buf, s->file_bufsize);
s->pattern[s->file_bufsize] = 0;
return init_pattern_from_string(ctx);
}
Reported by FlawFinder.
Line: 110
Column: 9
CWE codes:
126
char *p;
int i, w = 0;
w = strlen(s->pattern);
av_log(ctx, AV_LOG_DEBUG, "w:%d\n", w);
if (s->w) {
if (w > s->w) {
av_log(ctx, AV_LOG_ERROR,
Reported by FlawFinder.
libavcodec/binkaudio.c
2 issues
Line: 140
CWE codes:
908
ret = ff_dct_init(&s->trans.dct, frame_len_bits, DCT_III);
else
av_assert0(0);
if (ret < 0)
return ret;
s->pkt = av_packet_alloc();
if (!s->pkt)
return AVERROR(ENOMEM);
Reported by Cppcheck.
Line: 263
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out[ch][i] = (s->previous[ch][i] * (count - j) +
out[ch][i] * j) / count;
}
memcpy(s->previous[ch], &out[ch][s->frame_len - s->overlap_len],
s->overlap_len * sizeof(*s->previous[ch]));
}
s->first = 0;
Reported by FlawFinder.
libavcodec/8bps.c
2 issues
Line: 51
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVCodecContext *avctx;
unsigned char planes;
unsigned char planemap[4];
uint32_t pal[256];
} EightBpsContext;
static int decode_frame(AVCodecContext *avctx, void *data,
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avctx->bits_per_coded_sample <= 8) {
frame->palette_has_changed = ff_copy_palette(c->pal, avpkt, avctx);
memcpy (frame->data[1], c->pal, AVPALETTE_SIZE);
}
*got_frame = 1;
/* always report that the buffer was completely consumed */
Reported by FlawFinder.
libavformat/4xm.c
2 issues
Line: 300
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = 0;
unsigned int track_number;
int packet_read = 0;
unsigned char header[8];
int64_t audio_frame_count;
while (!packet_read) {
if ((ret = avio_read(s->pb, header, 8)) < 0)
return ret;
Reported by FlawFinder.
Line: 336
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->stream_index = fourxm->video_stream_index;
pkt->pts = fourxm->video_pts;
pkt->pos = avio_tell(s->pb);
memcpy(pkt->data, header, 8);
ret = avio_read(s->pb, &pkt->data[8], size);
if (ret < 0) {
av_packet_unref(pkt);
} else {
Reported by FlawFinder.
libavcodec/8svx.c
2 issues
Line: 121
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
}
memcpy(esc->data[0], &avpkt->data[hdr_size], chan_size);
if (avctx->channels == 2)
memcpy(esc->data[1], &avpkt->data[2*hdr_size+chan_size], chan_size);
}
if (!esc->data[0]) {
av_log(avctx, AV_LOG_ERROR, "unexpected empty packet\n");
Reported by FlawFinder.
Line: 123
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(esc->data[0], &avpkt->data[hdr_size], chan_size);
if (avctx->channels == 2)
memcpy(esc->data[1], &avpkt->data[2*hdr_size+chan_size], chan_size);
}
if (!esc->data[0]) {
av_log(avctx, AV_LOG_ERROR, "unexpected empty packet\n");
return AVERROR_INVALIDDATA;
}
Reported by FlawFinder.