The following issues were found
libavformat/avc.c
2 issues
Line: 244
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!out)
return AVERROR(ENOMEM);
AV_WB32(&out[0], 0x00000001);
memcpy(out + 4, &in[8], sps_size);
AV_WB32(&out[4 + sps_size], 0x00000001);
memcpy(out + 8 + sps_size, &in[11 + sps_size], pps_size);
*buf = out;
*size = out_size;
return 0;
Reported by FlawFinder.
Line: 246
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB32(&out[0], 0x00000001);
memcpy(out + 4, &in[8], sps_size);
AV_WB32(&out[4 + sps_size], 0x00000001);
memcpy(out + 8 + sps_size, &in[11 + sps_size], pps_size);
*buf = out;
*size = out_size;
return 0;
}
Reported by FlawFinder.
libavformat/bethsoftvid.c
2 issues
Line: 193
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// copy data into packet
if ((ret = av_new_packet(pkt, vidbuf_nbytes)) < 0)
goto fail;
memcpy(pkt->data, vidbuf_start, vidbuf_nbytes);
pkt->pos = position;
pkt->stream_index = vid->video_index;
pkt->duration = duration;
if (block_type == VIDEO_I_FRAME)
Reported by FlawFinder.
Line: 210
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(s, AV_LOG_ERROR, "Failed to allocate palette side data\n");
goto fail;
}
memcpy(pdata, vid->palette, BVID_PALETTE_SIZE);
vid->has_palette = 0;
}
vid->nframes--; // used to check if all the frames were read
fail:
Reported by FlawFinder.
libavcodec/libshine.c
2 issues
Line: 90
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_log(avctx, AV_LOG_ERROR, "internal buffer too small\n");
return AVERROR_BUG;
}
memcpy(s->buffer + s->buffer_index, data, written);
s->buffer_index += written;
}
if (frame) {
if ((ret = ff_af_queue_add(&s->afq, frame)) < 0)
return ret;
Reported by FlawFinder.
Line: 109
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len <= s->buffer_index) {
if ((ret = ff_get_encode_buffer(avctx, avpkt, len, 0)))
return ret;
memcpy(avpkt->data, s->buffer, len);
s->buffer_index -= len;
memmove(s->buffer, s->buffer + len, s->buffer_index);
ff_af_queue_remove(&s->afq, avctx->frame_size, &avpkt->pts,
&avpkt->duration);
Reported by FlawFinder.
libavformat/bmv.c
2 issues
Line: 101
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if ((err = av_new_packet(pkt, audio_size)) < 0)
return err;
memcpy(pkt->data, c->packet + 1, pkt->size);
pkt->stream_index = 1;
pkt->pts = c->audio_pos;
pkt->duration = c->packet[1] * 32;
c->audio_pos += pkt->duration;
c->get_next = 0;
Reported by FlawFinder.
Line: 115
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
pkt->stream_index = 0;
c->get_next = 1;
memcpy(pkt->data, c->packet, pkt->size);
return pkt->size;
}
static int bmv_read_close(AVFormatContext *s)
{
Reported by FlawFinder.
libavformat/cafenc.c
2 issues
Line: 190
Column: 44
CWE codes:
126
if (av_dict_count(s->metadata)) {
ffio_wfourcc(pb, "info"); //< Information chunk
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
chunk_size += strlen(t->key) + strlen(t->value) + 2;
}
avio_wb64(pb, chunk_size + 4);
avio_wb32(pb, av_dict_count(s->metadata));
t = NULL;
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
Reported by FlawFinder.
Line: 190
Column: 27
CWE codes:
126
if (av_dict_count(s->metadata)) {
ffio_wfourcc(pb, "info"); //< Information chunk
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
chunk_size += strlen(t->key) + strlen(t->value) + 2;
}
avio_wb64(pb, chunk_size + 4);
avio_wb32(pb, av_dict_count(s->metadata));
t = NULL;
while ((t = av_dict_get(s->metadata, "", t, AV_DICT_IGNORE_SUFFIX))) {
Reported by FlawFinder.
libavcodec/libsvtav1.c
2 issues
Line: 306
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return AVERROR(ENOMEM);
}
memcpy(avctx->extradata, headerPtr->p_buffer, avctx->extradata_size);
svt_ret = svt_av1_enc_stream_header_release(headerPtr);
if (svt_ret != EB_ErrorNone) {
return svt_print_error(avctx, svt_ret, "Error freeing stream header");
}
Reported by FlawFinder.
Line: 418
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt->buf = ref;
pkt->data = ref->data;
memcpy(pkt->data, headerPtr->p_buffer, headerPtr->n_filled_len);
memset(pkt->data + headerPtr->n_filled_len, 0, AV_INPUT_BUFFER_PADDING_SIZE);
pkt->size = headerPtr->n_filled_len;
pkt->pts = headerPtr->pts;
pkt->dts = headerPtr->dts;
Reported by FlawFinder.
libavformat/crcenc.c
2 issues
Line: 51
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int crc_write_trailer(struct AVFormatContext *s)
{
CRCState *crc = s->priv_data;
char buf[64];
snprintf(buf, sizeof(buf), "CRC=0x%08"PRIx32"\n", crc->crcval);
avio_write(s->pb, buf, strlen(buf));
return 0;
Reported by FlawFinder.
Line: 54
Column: 28
CWE codes:
126
char buf[64];
snprintf(buf, sizeof(buf), "CRC=0x%08"PRIx32"\n", crc->crcval);
avio_write(s->pb, buf, strlen(buf));
return 0;
}
const AVOutputFormat ff_crc_muxer = {
Reported by FlawFinder.
libavformat/data_uri.c
2 issues
Line: 107
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dc->pos >= dc->size)
return AVERROR_EOF;
size = FFMIN(size, dc->size - dc->pos);
memcpy(buf, dc->data + dc->pos, size);
dc->pos += size;
return size;
}
const URLProtocol ff_data_protocol = {
Reported by FlawFinder.
Line: 72
Column: 15
CWE codes:
126
}
data++;
in_size = strlen(data);
if (base64) {
size_t out_size = 3 * (in_size / 4) + 1;
if (out_size > INT_MAX || !(ddata = av_malloc(out_size)))
return AVERROR(ENOMEM);
Reported by FlawFinder.
libavformat/fitsdec.c
2 issues
Line: 83
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVBPrint *avbuf, uint64_t *data_size)
{
int i, ret, image = 0;
char buf[FITS_BLOCK_SIZE] = { 0 };
int64_t buf_size = 0, size = 0, t;
do {
ret = avio_read(s->pb, buf, FITS_BLOCK_SIZE);
if (ret < 0) {
Reported by FlawFinder.
Line: 195
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(pkt->data, buf + 80, avbuf.len - 80);
pkt->size = avbuf.len - 80;
av_freep(&buf);
ret = avio_read(s->pb, pkt->data + pkt->size, size);
if (ret < 0) {
return ret;
Reported by FlawFinder.
libavformat/flvenc.c
2 issues
Line: 911
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ff_alloc_extradata(par, side_size);
if (ret < 0)
return ret;
memcpy(par->extradata, side, side_size);
flv_write_codec_header(s, par, pkt->dts);
}
}
if (flv->delay == AV_NOPTS_VALUE)
Reported by FlawFinder.
Line: 228
Column: 18
CWE codes:
126
static void put_amf_string(AVIOContext *pb, const char *str)
{
size_t len = strlen(str);
avio_wb16(pb, len);
avio_write(pb, str, len);
}
// FLV timestamps are 32 bits signed, RTMP timestamps should be 32-bit unsigned
Reported by FlawFinder.