The following issues were found
libavformat/mpeg.c
12 issues
Line: 839
Column: 17
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
av_dict_set(&st->metadata, "title", alt, 0);
}
if (sscanf(p, "%02d:%02d:%02d:%03d, filepos: %"SCNx64,
&hh, &mm, &ss, &ms, &pos) != 5) {
av_log(s, AV_LOG_ERROR, "Unable to parse timestamp line '%s', "
"abort parsing\n", line);
ret = AVERROR_INVALIDDATA;
goto end;
Reported by FlawFinder.
Line: 120
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct MpegDemuxContext {
int32_t header_state;
unsigned char psm_es_type[256];
int sofdec;
int dvd;
int imkh_cctv;
int raw_ac3;
} MpegDemuxContext;
Reported by FlawFinder.
Line: 130
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mpegps_read_header(AVFormatContext *s)
{
MpegDemuxContext *m = s->priv_data;
char buffer[7] = { 0 };
int64_t last_pos = avio_tell(s->pb);
m->header_state = 0xff;
s->ctx_flags |= AVFMTCTX_NOHEADER;
Reported by FlawFinder.
Line: 552
Column: 31
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
codec_id = AV_CODEC_ID_PCM_MULAW;
type = AVMEDIA_TYPE_AUDIO;
} else if (startcode >= 0x1e0 && startcode <= 0x1ef) {
static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
unsigned char buf[8];
avio_read(s->pb, buf, 8);
avio_seek(s->pb, -8, SEEK_CUR);
if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
Reported by FlawFinder.
Line: 553
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
type = AVMEDIA_TYPE_AUDIO;
} else if (startcode >= 0x1e0 && startcode <= 0x1ef) {
static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
unsigned char buf[8];
avio_read(s->pb, buf, 8);
avio_seek(s->pb, -8, SEEK_CUR);
if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
codec_id = AV_CODEC_ID_CAVS;
Reported by FlawFinder.
Line: 741
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t delay = 0;
AVStream *st = NULL;
int stream_id = -1;
char id[64] = {0};
char alt[MAX_LINE_SIZE] = {0};
if (!vobsub->sub_name) {
char *ext;
vobsub->sub_name = av_strdup(s->url);
Reported by FlawFinder.
Line: 742
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVStream *st = NULL;
int stream_id = -1;
char id[64] = {0};
char alt[MAX_LINE_SIZE] = {0};
if (!vobsub->sub_name) {
char *ext;
vobsub->sub_name = av_strdup(s->url);
if (!vobsub->sub_name) {
Reported by FlawFinder.
Line: 758
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"to guess the associated .SUB file\n");
return AVERROR_INVALIDDATA;
}
memcpy(ext, !strncmp(ext, "IDX", 3) ? "SUB" : "sub", 3);
av_log(s, AV_LOG_VERBOSE, "IDX/SUB: %s -> %s\n", s->url, vobsub->sub_name);
}
if (!(iformat = av_find_input_format("mpeg"))) {
return AVERROR_DEMUXER_NOT_FOUND;
Reported by FlawFinder.
Line: 783
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
av_bprint_init(&header, 0, INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE);
while (!avio_feof(s->pb)) {
char line[MAX_LINE_SIZE];
int len = ff_get_line(s->pb, line, sizeof(line));
if (!len)
break;
Reported by FlawFinder.
Line: 795
Column: 17
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (sscanf(line, "id: %63[^,], index: %u", id, &stream_id) != 2) {
av_log(s, AV_LOG_WARNING, "Unable to parse index line '%s', "
"assuming 'id: und, index: 0'\n", line);
strcpy(id, "und");
stream_id = 0;
}
if (stream_id >= FF_ARRAY_ELEMS(vobsub->q)) {
av_log(s, AV_LOG_ERROR, "Maximum number of subtitles streams reached\n");
Reported by FlawFinder.
libavformat/matroskaenc.c
12 issues
Line: 353
CWE codes:
908
{
int64_t pos = avio_tell(pb);
if (avio_seek(pb, master.pos - master.sizebytes, SEEK_SET) < 0)
return;
put_ebml_length(pb, pos - master.pos, master.sizebytes);
avio_seek(pb, pos, SEEK_SET);
}
Reported by Cppcheck.
Line: 1541
CWE codes:
908
}
if (!tag)
end_ebml_master(*pb, tag2);
return 0;
}
static int mkv_check_tag(const AVDictionary *m, uint32_t elementid)
Reported by Cppcheck.
Line: 1601
CWE codes:
908
// 2 (ebml id) + 1 (data size) + 20 (data)
put_ebml_void(pb, 23);
end_ebml_master(pb, simpletag);
end_ebml_master(pb, tag);
}
}
if (mkv->nb_attachments && mkv->mode != MODE_WEBM) {
for (i = 0; i < s->nb_streams; i++) {
Reported by Cppcheck.
Line: 663
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
uint8_t buf[32];
int64_t len;
snprintf(buf, sizeof(buf), "0x%"PRIx64, par->channel_layout);
av_dict_set(&dict, "WAVEFORMATEXTENSIBLE_CHANNEL_MASK", buf, 0);
len = ff_vorbiscomment_length(dict, vendor, NULL, 0);
av_assert1(len < (1 << 24) - 4);
Reported by FlawFinder.
Line: 1038
Column: 27
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
// convert metadata into proper side data and add it to the stream
if ((tag = av_dict_get(st->metadata, "stereo_mode", NULL, 0)) ||
(tag = av_dict_get( s->metadata, "stereo_mode", NULL, 0))) {
int stereo_mode = atoi(tag->value);
for (int i = 0; i < MATROSKA_VIDEO_STEREOMODE_TYPE_NB; i++)
if (!strcmp(tag->value, ff_matroska_video_stereo_mode[i])){
stereo_mode = i;
break;
Reported by FlawFinder.
Line: 1273
Column: 74
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (ret < 0)
return ret;
if (((tag = av_dict_get(st->metadata, "alpha_mode", NULL, 0)) && atoi(tag->value)) ||
((tag = av_dict_get( s->metadata, "alpha_mode", NULL, 0)) && atoi(tag->value)) ||
(par->format == AV_PIX_FMT_YUVA420P)) {
put_ebml_uint(pb, MATROSKA_ID_VIDEOALPHAMODE, 1);
}
Reported by FlawFinder.
Line: 1274
Column: 74
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return ret;
if (((tag = av_dict_get(st->metadata, "alpha_mode", NULL, 0)) && atoi(tag->value)) ||
((tag = av_dict_get( s->metadata, "alpha_mode", NULL, 0)) && atoi(tag->value)) ||
(par->format == AV_PIX_FMT_YUVA420P)) {
put_ebml_uint(pb, MATROSKA_ID_VIDEOALPHAMODE, 1);
}
// write DisplayWidth and DisplayHeight, they contain the size of
Reported by FlawFinder.
Line: 2011
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += 4;
}
memcpy(dst + offset, src, header.blocksize);
src += header.blocksize;
srclen -= header.blocksize;
offset += header.blocksize;
}
Reported by FlawFinder.
Line: 2236
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ff_alloc_extradata(par, side_data_size);
if (ret < 0)
return ret;
memcpy(par->extradata, side_data, side_data_size);
avio_seek(mkv->track.bc, track->codecpriv_offset, SEEK_SET);
mkv_write_codecprivate(s, mkv->track.bc, par, 1, 0);
filler = MAX_PCE_SIZE + 2 + 4 - (avio_tell(mkv->track.bc) - track->codecpriv_offset);
if (filler)
put_ebml_void(mkv->track.bc, filler);
Reported by FlawFinder.
Line: 2289
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ff_alloc_extradata(par, side_data_size);
if (ret < 0)
return ret;
memcpy(par->extradata, side_data, side_data_size);
} else if (!par->extradata_size)
return AVERROR_INVALIDDATA;
break;
default:
if (side_data_size)
Reported by FlawFinder.
libavformat/rdt.c
12 issues
Line: 451
Column: 13
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
{
do {
/* can be either averagebandwidth= or AverageBandwidth= */
if (sscanf(p, " %*1[Aa]verage%*1[Bb]andwidth=%"SCNd64, &st->codecpar->bit_rate) == 1)
break;
if (!(p = strchr(p, ',')) || p > end)
p = end;
p++;
} while (p < end);
Reported by FlawFinder.
Line: 89
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RMStream **rmst;
uint8_t *mlti_data;
unsigned int mlti_data_size;
char buffer[RTP_MAX_PACKET_LENGTH + AV_INPUT_BUFFER_PADDING_SIZE];
int audio_pkt_cnt; /**< remaining audio packets in rmdec */
};
void
ff_rdt_calc_response_and_checksum(char response[41], char chksum[9],
Reported by FlawFinder.
Line: 94
Column: 54
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
void
ff_rdt_calc_response_and_checksum(char response[41], char chksum[9],
const char *challenge)
{
int ch_len = strlen (challenge), i;
unsigned char zres[16],
buf[64] = { 0xa1, 0xe9, 0x14, 0x9d, 0x0e, 0x6b, 0x3b, 0x59 };
Reported by FlawFinder.
Line: 94
Column: 35
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
void
ff_rdt_calc_response_and_checksum(char response[41], char chksum[9],
const char *challenge)
{
int ch_len = strlen (challenge), i;
unsigned char zres[16],
buf[64] = { 0xa1, 0xe9, 0x14, 0x9d, 0x0e, 0x6b, 0x3b, 0x59 };
Reported by FlawFinder.
Line: 98
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *challenge)
{
int ch_len = strlen (challenge), i;
unsigned char zres[16],
buf[64] = { 0xa1, 0xe9, 0x14, 0x9d, 0x0e, 0x6b, 0x3b, 0x59 };
#define XOR_TABLE_SIZE 37
static const unsigned char xor_table[XOR_TABLE_SIZE] = {
0x05, 0x18, 0x74, 0xd0, 0x0d, 0x09, 0x02, 0x53,
0xc0, 0x01, 0x05, 0x05, 0x67, 0x03, 0x19, 0x70,
Reported by FlawFinder.
Line: 101
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char zres[16],
buf[64] = { 0xa1, 0xe9, 0x14, 0x9d, 0x0e, 0x6b, 0x3b, 0x59 };
#define XOR_TABLE_SIZE 37
static const unsigned char xor_table[XOR_TABLE_SIZE] = {
0x05, 0x18, 0x74, 0xd0, 0x0d, 0x09, 0x02, 0x53,
0xc0, 0x01, 0x05, 0x05, 0x67, 0x03, 0x19, 0x70,
0x08, 0x27, 0x66, 0x10, 0x10, 0x72, 0x08, 0x09,
0x63, 0x11, 0x03, 0x71, 0x08, 0x08, 0x70, 0x02,
0x10, 0x57, 0x05, 0x18, 0x54 };
Reported by FlawFinder.
Line: 113
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ch_len = 32;
else if (ch_len > 56)
ch_len = 56;
memcpy(buf + 8, challenge, ch_len);
/* xor challenge bytewise with xor_table */
for (i = 0; i < XOR_TABLE_SIZE; i++)
buf[8 + i] ^= xor_table[i];
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ff_data_to_hex(response, zres, 16, 1);
/* add tail */
strcpy (response + 32, "01d0a8e3");
/* calculate checksum */
for (i = 0; i < 8; i++)
chksum[i] = response[i * 4];
chksum[8] = 0;
Reported by FlawFinder.
Line: 313
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return res;
if (res > 0) {
if (st->codecpar->codec_id == AV_CODEC_ID_AAC) {
memcpy (rdt->buffer, buf + pos, len - pos);
rdt->rmctx->pb = avio_alloc_context (rdt->buffer, len - pos, 0,
NULL, NULL, NULL, NULL);
}
goto get_cache;
}
Reported by FlawFinder.
Line: 418
Column: 39
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (av_strstart(p, "OpaqueData:buffer;", &p)) {
rdt->mlti_data = rdt_parse_b64buf(&rdt->mlti_data_size, p);
} else if (av_strstart(p, "StartTime:integer;", &p))
stream->internal->first_dts = atoi(p);
else if (av_strstart(p, "ASMRuleBook:string;", &p)) {
int n, first = -1;
for (n = 0; n < s->nb_streams; n++)
if (s->streams[n]->id == stream->id) {
Reported by FlawFinder.
libavfilter/af_afwtdn.c
12 issues
Line: 492
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
double thigh = 0.0, tlow = 0.0;
int buff_idx = 1 + skip;
memcpy(buffer, in, buff_idx * sizeof(*buffer));
memset(buffer + buff_idx, 0, (buffer_length - buff_idx) * sizeof(*buffer));
for (int i = 0; i < out_length - 1; i++) {
double thigh = 0.0, tlow = 0.0;
Reported by FlawFinder.
Line: 670
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp->temp_in_length = in_length + leftext;
if (leftext)
memcpy(cp->temp_in, cp->prev + s->prev_length - leftext, leftext * sizeof(*cp->temp_in));
memcpy(cp->temp_in + leftext, in, in_length * sizeof(*in));
if (levels == 1) {
conv_down(cp->temp_in, cp->temp_in_length, out[1], out[0], out_length[1],
s->lp, s->hp, s->wavelet_length, skip,
Reported by FlawFinder.
Line: 671
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (leftext)
memcpy(cp->temp_in, cp->prev + s->prev_length - leftext, leftext * sizeof(*cp->temp_in));
memcpy(cp->temp_in + leftext, in, in_length * sizeof(*in));
if (levels == 1) {
conv_down(cp->temp_in, cp->temp_in_length, out[1], out[0], out_length[1],
s->lp, s->hp, s->wavelet_length, skip,
cp->buffer, cp->buffer_length);
Reported by FlawFinder.
Line: 701
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp->tempa, cp->tempd, cp->tempa_length,
s->lp, s->hp, s->wavelet_length, skip,
cp->buffer, cp->buffer_length);
memcpy(out[0], cp->tempd + discard, out_length[0] * sizeof(**out));
tempa_length_prev = cp->tempa_length;
for (int level = 1; level < levels - 1; level++) {
if (out_length[level] == 0)
return 0;
Reported by FlawFinder.
Line: 713
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp->tempa, cp->tempd, cp->tempa_length,
s->lp, s->hp, s->wavelet_length, skip,
cp->buffer, cp->buffer_length);
memcpy(out[level], cp->tempd + discard, out_length[level] * sizeof(**out));
tempa_length_prev = cp->tempa_length;
}
if (out_length[levels] == 0)
return 0;
Reported by FlawFinder.
Line: 725
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (s->prev_length < in_length) {
memcpy(cp->prev, in + in_length - cp->max_left_ext, cp->max_left_ext * sizeof(*cp->prev));
} else {
memmove(cp->prev, cp->prev + in_length, (s->prev_length - in_length) * sizeof(*cp->prev));
memcpy(cp->prev + s->prev_length - in_length, in, in_length * sizeof(*cp->prev));
}
Reported by FlawFinder.
Line: 728
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(cp->prev, in + in_length - cp->max_left_ext, cp->max_left_ext * sizeof(*cp->prev));
} else {
memmove(cp->prev, cp->prev + in_length, (s->prev_length - in_length) * sizeof(*cp->prev));
memcpy(cp->prev + s->prev_length - in_length, in, in_length * sizeof(*cp->prev));
}
return 0;
}
Reported by FlawFinder.
Line: 810
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
conv_up(in[1], in[0], in_length[1], cp->temp_in, cp->temp_in_length,
s->ilp, s->ihp, s->wavelet_length,
cp->buffer, cp->buffer2, cp->buffer_length);
memcpy(out + cp->max_left_ext - leftext, cp->temp_in + temp_skip,
FFMAX(0, out_length - (cp->max_left_ext - leftext)) * sizeof(*out));
} else {
double *hp1, *hp2;
int add, add2;
Reported by FlawFinder.
Line: 853
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(cp->temp_in, 0, temp_skip * sizeof(*cp->temp_in));
if (s->overlap_length <= out_length) {
memcpy(out + cp->max_left_ext - leftext, cp->temp_in + temp_skip,
FFMAX(0, out_length - (cp->max_left_ext - leftext)) * sizeof(*out));
for (int i = 0;i < FFMIN(s->overlap_length, out_length); i++)
out[i] += cp->overlap[i];
memcpy(cp->overlap, cp->temp_in + out_length - (cp->max_left_ext - leftext),
Reported by FlawFinder.
Line: 858
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int i = 0;i < FFMIN(s->overlap_length, out_length); i++)
out[i] += cp->overlap[i];
memcpy(cp->overlap, cp->temp_in + out_length - (cp->max_left_ext - leftext),
s->overlap_length * sizeof(*cp->overlap));
} else {
for (int i = 0;i < s->overlap_length - (cp->max_left_ext - leftext); i++)
cp->overlap[i + cp->max_left_ext - leftext] += cp->temp_in[i];
memcpy(out, cp->overlap, out_length * sizeof(*out));
Reported by FlawFinder.
libavcodec/dxva2.c
12 issues
Line: 138
CWE codes:
908
}
#endif
if (ConfigBitstreamRaw == 1)
score = 1;
else if (avctx->codec_id == AV_CODEC_ID_H264 && ConfigBitstreamRaw == 2)
score = 2;
else
continue;
Reported by Cppcheck.
Line: 290
CWE codes:
908
if (sctx->pix_fmt == AV_PIX_FMT_DXVA2_VLD)
validate = dxva2_validate_output(service, *mode->guid, surface_format);
#endif
if (validate) {
*decoder_guid = *mode->guid;
break;
}
}
Reported by Cppcheck.
Line: 825
CWE codes:
908
type, (unsigned)hr);
return -1;
}
if (size <= dxva_size) {
memcpy(dxva_data, data, size);
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx)) {
D3D11_VIDEO_DECODER_BUFFER_DESC *dsc11 = dsc;
Reported by Cppcheck.
Line: 826
CWE codes:
908
return -1;
}
if (size <= dxva_size) {
memcpy(dxva_data, data, size);
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx)) {
D3D11_VIDEO_DECODER_BUFFER_DESC *dsc11 = dsc;
memset(dsc11, 0, sizeof(*dsc11));
Reported by Cppcheck.
Line: 927
CWE codes:
908
get_surface(avctx, frame),
NULL);
#endif
if (hr != E_PENDING || ++runs > 50)
break;
ff_dxva2_unlock(avctx);
av_usleep(2000);
} while(1);
Reported by Cppcheck.
Line: 952
CWE codes:
908
}
#endif
result = ff_dxva2_commit_buffer(avctx, ctx, buffer,
type,
pp, pp_size, 0);
if (result) {
av_log(avctx, AV_LOG_ERROR,
"Failed to add picture parameter buffer\n");
goto end;
Reported by Cppcheck.
Line: 975
CWE codes:
908
}
#endif
result = ff_dxva2_commit_buffer(avctx, ctx, buffer,
type,
qm, qm_size, 0);
if (result) {
av_log(avctx, AV_LOG_ERROR,
"Failed to add inverse quantization matrix buffer\n");
goto end;
Reported by Cppcheck.
Line: 840
CWE codes:
476
#if CONFIG_DXVA2
if (avctx->pix_fmt == AV_PIX_FMT_DXVA2_VLD) {
DXVA2_DecodeBufferDesc *dsc2 = dsc;
memset(dsc2, 0, sizeof(*dsc2));
dsc2->CompressedBufferType = type;
dsc2->DataSize = size;
dsc2->NumMBsInBuffer = mb_count;
}
#endif
Reported by Cppcheck.
Line: 841
CWE codes:
476
if (avctx->pix_fmt == AV_PIX_FMT_DXVA2_VLD) {
DXVA2_DecodeBufferDesc *dsc2 = dsc;
memset(dsc2, 0, sizeof(*dsc2));
dsc2->CompressedBufferType = type;
dsc2->DataSize = size;
dsc2->NumMBsInBuffer = mb_count;
}
#endif
Reported by Cppcheck.
Line: 842
CWE codes:
476
DXVA2_DecodeBufferDesc *dsc2 = dsc;
memset(dsc2, 0, sizeof(*dsc2));
dsc2->CompressedBufferType = type;
dsc2->DataSize = size;
dsc2->NumMBsInBuffer = mb_count;
}
#endif
result = 0;
Reported by Cppcheck.
tests/checkasm/float_dsp.c
12 issues
Line: 167
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, float *dst, const float *src, float mul, int len);
memcpy(cdst, src2, LEN * sizeof(*src2));
memcpy(odst, src2, LEN * sizeof(*src2));
call_ref(cdst, src0, src1[0], LEN);
call_new(odst, src0, src1[0], LEN);
for (i = 0; i < LEN; i++) {
Reported by FlawFinder.
Line: 168
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, float *dst, const float *src, float mul, int len);
memcpy(cdst, src2, LEN * sizeof(*src2));
memcpy(odst, src2, LEN * sizeof(*src2));
call_ref(cdst, src0, src1[0], LEN);
call_new(odst, src0, src1[0], LEN);
for (i = 0; i < LEN; i++) {
if (!float_near_abs_eps(cdst[i], odst[i], ARBITRARY_FMAC_SCALAR_CONST)) {
Reported by FlawFinder.
Line: 180
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
}
memcpy(odst, src2, LEN * sizeof(*src2));
bench_new(odst, src0, src1[0], LEN);
}
static void test_vector_dmul_scalar(const double *src0, const double *src1)
{
Reported by FlawFinder.
Line: 215
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, double *dst, const double *src, double mul, int len);
memcpy(cdst, src2, LEN * sizeof(*src2));
memcpy(odst, src2, LEN * sizeof(*src2));
call_ref(cdst, src0, src1[0], LEN);
call_new(odst, src0, src1[0], LEN);
for (i = 0; i < LEN; i++) {
if (!double_near_abs_eps(cdst[i], odst[i], ARBITRARY_DMAC_SCALAR_CONST)) {
Reported by FlawFinder.
Line: 216
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, double *dst, const double *src, double mul, int len);
memcpy(cdst, src2, LEN * sizeof(*src2));
memcpy(odst, src2, LEN * sizeof(*src2));
call_ref(cdst, src0, src1[0], LEN);
call_new(odst, src0, src1[0], LEN);
for (i = 0; i < LEN; i++) {
if (!double_near_abs_eps(cdst[i], odst[i], ARBITRARY_DMAC_SCALAR_CONST)) {
fprintf(stderr, "%d: %- .12f - %- .12f = % .12g\n",
Reported by FlawFinder.
Line: 227
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
}
memcpy(odst, src2, LEN * sizeof(*src2));
bench_new(odst, src0, src1[0], LEN);
}
static void test_butterflies_float(const float *src0, const float *src1)
{
Reported by FlawFinder.
Line: 242
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
declare_func(void, float *av_restrict src0, float *av_restrict src1,
int len);
memcpy(cdst, src0, LEN * sizeof(*src0));
memcpy(cdst1, src1, LEN * sizeof(*src1));
memcpy(odst, src0, LEN * sizeof(*src0));
memcpy(odst1, src1, LEN * sizeof(*src1));
call_ref(cdst, cdst1, LEN);
Reported by FlawFinder.
Line: 243
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len);
memcpy(cdst, src0, LEN * sizeof(*src0));
memcpy(cdst1, src1, LEN * sizeof(*src1));
memcpy(odst, src0, LEN * sizeof(*src0));
memcpy(odst1, src1, LEN * sizeof(*src1));
call_ref(cdst, cdst1, LEN);
call_new(odst, odst1, LEN);
Reported by FlawFinder.
Line: 244
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(cdst, src0, LEN * sizeof(*src0));
memcpy(cdst1, src1, LEN * sizeof(*src1));
memcpy(odst, src0, LEN * sizeof(*src0));
memcpy(odst1, src1, LEN * sizeof(*src1));
call_ref(cdst, cdst1, LEN);
call_new(odst, odst1, LEN);
for (i = 0; i < LEN; i++) {
Reported by FlawFinder.
Line: 245
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(cdst, src0, LEN * sizeof(*src0));
memcpy(cdst1, src1, LEN * sizeof(*src1));
memcpy(odst, src0, LEN * sizeof(*src0));
memcpy(odst1, src1, LEN * sizeof(*src1));
call_ref(cdst, cdst1, LEN);
call_new(odst, odst1, LEN);
for (i = 0; i < LEN; i++) {
if (!float_near_abs_eps(cdst[i], odst[i], FLT_EPSILON) ||
Reported by FlawFinder.
libavcodec/tests/fft.c
12 issues
Line: 596
CWE codes:
908
switch (transform) {
case TRANSFORM_MDCT:
if (do_inverse)
imdct_calc(m, &tab->re, &tab1->re);
else
mdct_calc(m, &tab->re, &tab1->re);
break;
case TRANSFORM_FFT:
memcpy(tab, tab1, fft_size * sizeof(FFTComplex));
Reported by Cppcheck.
Line: 598
CWE codes:
908
if (do_inverse)
imdct_calc(m, &tab->re, &tab1->re);
else
mdct_calc(m, &tab->re, &tab1->re);
break;
case TRANSFORM_FFT:
memcpy(tab, tab1, fft_size * sizeof(FFTComplex));
fft_calc(s, tab);
break;
Reported by Cppcheck.
Line: 607
CWE codes:
908
#if FFT_FLOAT
case TRANSFORM_RDFT:
memcpy(tab2, tab1, fft_size * sizeof(FFTSample));
rdft_calc(r, tab2);
break;
case TRANSFORM_DCT:
memcpy(tab2, tab1, fft_size * sizeof(FFTSample));
dct_calc(d, tab2);
break;
Reported by Cppcheck.
Line: 611
CWE codes:
908
break;
case TRANSFORM_DCT:
memcpy(tab2, tab1, fft_size * sizeof(FFTSample));
dct_calc(d, tab2);
break;
#endif /* FFT_FLOAT */
}
}
duration = av_gettime_relative() - time_start;
Reported by Cppcheck.
Line: 401
Column: 17
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
av_lfg_init(&prng, 1);
for (;;) {
int c = getopt(argc, argv, "hsimrdn:f:c:");
if (c == -1)
break;
switch (c) {
case 'h':
help();
Reported by FlawFinder.
Line: 424
Column: 25
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
transform = TRANSFORM_DCT;
break;
case 'n':
fft_nbits = atoi(optarg);
break;
case 'f':
scale = atof(optarg);
break;
case 'c':
Reported by FlawFinder.
Line: 524
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
#endif /* CONFIG_MDCT */
case TRANSFORM_FFT:
memcpy(tab, tab1, fft_size * sizeof(FFTComplex));
fft_permute(s, tab);
fft_calc(s, tab);
fft_ref(tab_ref, tab1, fft_nbits);
err = check_diff(&tab_ref->re, &tab->re, fft_size * 2, 1.0);
Reported by FlawFinder.
Line: 544
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tab1[fft_size_2 + i].im = -tab1[fft_size_2 - i].im;
}
memcpy(tab2, tab1, fft_size * sizeof(FFTSample));
tab2[1] = tab1[fft_size_2].re;
rdft_calc(r, tab2);
fft_ref(tab_ref, tab1, fft_nbits);
for (i = 0; i < fft_size; i++) {
Reported by FlawFinder.
Line: 569
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif /* CONFIG_RDFT */
#if CONFIG_DCT
case TRANSFORM_DCT:
memcpy(tab, tab1, fft_size * sizeof(FFTComplex));
dct_calc(d, &tab->re);
if (do_inverse)
idct_ref(&tab_ref->re, &tab1->re, fft_nbits);
else
dct_ref(&tab_ref->re, &tab1->re, fft_nbits);
Reported by FlawFinder.
Line: 601
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mdct_calc(m, &tab->re, &tab1->re);
break;
case TRANSFORM_FFT:
memcpy(tab, tab1, fft_size * sizeof(FFTComplex));
fft_calc(s, tab);
break;
#if FFT_FLOAT
case TRANSFORM_RDFT:
memcpy(tab2, tab1, fft_size * sizeof(FFTSample));
Reported by FlawFinder.
libavfilter/graphdump.c
12 issues
Line: 33
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int print_link_prop(AVBPrint *buf, AVFilterLink *link)
{
char *format;
char layout[64];
AVBPrint dummy_buffer = { 0 };
if (!buf)
buf = &dummy_buffer;
switch (link->type) {
Reported by FlawFinder.
Line: 72
Column: 26
CWE codes:
126
unsigned max_in_name = 0, max_out_name = 0;
unsigned max_in_fmt = 0, max_out_fmt = 0;
unsigned width, height, in_indent;
unsigned lname = strlen(filter->name);
unsigned ltype = strlen(filter->filter->name);
for (j = 0; j < filter->nb_inputs; j++) {
AVFilterLink *l = filter->inputs[j];
unsigned ln = strlen(l->src->name) + 1 + strlen(l->srcpad->name);
Reported by FlawFinder.
Line: 73
Column: 26
CWE codes:
126
unsigned max_in_fmt = 0, max_out_fmt = 0;
unsigned width, height, in_indent;
unsigned lname = strlen(filter->name);
unsigned ltype = strlen(filter->filter->name);
for (j = 0; j < filter->nb_inputs; j++) {
AVFilterLink *l = filter->inputs[j];
unsigned ln = strlen(l->src->name) + 1 + strlen(l->srcpad->name);
max_src_name = FFMAX(max_src_name, ln);
Reported by FlawFinder.
Line: 77
Column: 27
CWE codes:
126
for (j = 0; j < filter->nb_inputs; j++) {
AVFilterLink *l = filter->inputs[j];
unsigned ln = strlen(l->src->name) + 1 + strlen(l->srcpad->name);
max_src_name = FFMAX(max_src_name, ln);
max_in_name = FFMAX(max_in_name, strlen(l->dstpad->name));
max_in_fmt = FFMAX(max_in_fmt, print_link_prop(NULL, l));
}
for (j = 0; j < filter->nb_outputs; j++) {
Reported by FlawFinder.
Line: 77
Column: 54
CWE codes:
126
for (j = 0; j < filter->nb_inputs; j++) {
AVFilterLink *l = filter->inputs[j];
unsigned ln = strlen(l->src->name) + 1 + strlen(l->srcpad->name);
max_src_name = FFMAX(max_src_name, ln);
max_in_name = FFMAX(max_in_name, strlen(l->dstpad->name));
max_in_fmt = FFMAX(max_in_fmt, print_link_prop(NULL, l));
}
for (j = 0; j < filter->nb_outputs; j++) {
Reported by FlawFinder.
Line: 79
Column: 46
CWE codes:
126
AVFilterLink *l = filter->inputs[j];
unsigned ln = strlen(l->src->name) + 1 + strlen(l->srcpad->name);
max_src_name = FFMAX(max_src_name, ln);
max_in_name = FFMAX(max_in_name, strlen(l->dstpad->name));
max_in_fmt = FFMAX(max_in_fmt, print_link_prop(NULL, l));
}
for (j = 0; j < filter->nb_outputs; j++) {
AVFilterLink *l = filter->outputs[j];
unsigned ln = strlen(l->dst->name) + 1 + strlen(l->dstpad->name);
Reported by FlawFinder.
Line: 84
Column: 54
CWE codes:
126
}
for (j = 0; j < filter->nb_outputs; j++) {
AVFilterLink *l = filter->outputs[j];
unsigned ln = strlen(l->dst->name) + 1 + strlen(l->dstpad->name);
max_dst_name = FFMAX(max_dst_name, ln);
max_out_name = FFMAX(max_out_name, strlen(l->srcpad->name));
max_out_fmt = FFMAX(max_out_fmt, print_link_prop(NULL, l));
}
in_indent = max_src_name + max_in_name + max_in_fmt;
Reported by FlawFinder.
Line: 84
Column: 27
CWE codes:
126
}
for (j = 0; j < filter->nb_outputs; j++) {
AVFilterLink *l = filter->outputs[j];
unsigned ln = strlen(l->dst->name) + 1 + strlen(l->dstpad->name);
max_dst_name = FFMAX(max_dst_name, ln);
max_out_name = FFMAX(max_out_name, strlen(l->srcpad->name));
max_out_fmt = FFMAX(max_out_fmt, print_link_prop(NULL, l));
}
in_indent = max_src_name + max_in_name + max_in_fmt;
Reported by FlawFinder.
Line: 86
Column: 48
CWE codes:
126
AVFilterLink *l = filter->outputs[j];
unsigned ln = strlen(l->dst->name) + 1 + strlen(l->dstpad->name);
max_dst_name = FFMAX(max_dst_name, ln);
max_out_name = FFMAX(max_out_name, strlen(l->srcpad->name));
max_out_fmt = FFMAX(max_out_fmt, print_link_prop(NULL, l));
}
in_indent = max_src_name + max_in_name + max_in_fmt;
in_indent += in_indent ? 4 : 0;
width = FFMAX(lname + 2, ltype + 4);
Reported by FlawFinder.
Line: 108
Column: 35
CWE codes:
126
av_bprintf(buf, "%s:%s", l->src->name, l->srcpad->name);
av_bprint_chars(buf, '-', e - buf->len);
e = buf->len + max_in_fmt + 2 +
max_in_name - strlen(l->dstpad->name);
print_link_prop(buf, l);
av_bprint_chars(buf, '-', e - buf->len);
av_bprintf(buf, "%s", l->dstpad->name);
} else {
av_bprint_chars(buf, ' ', in_indent);
Reported by FlawFinder.
libavfilter/f_ebur128.c
11 issues
Line: 248
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
else return;
va_start(vl, fmt);
vsnprintf(buf, sizeof(buf), fmt, vl);
va_end(vl);
for (i = 0; buf[i]; i++) {
int char_y, mask;
uint8_t *p = pic->data[0] + y*pic->linesize[0] + (x + i*8)*3;
Reported by FlawFinder.
Line: 862
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (ebur128->peak_mode & PEAK_MODE_ ## ptype ## _PEAKS) { \
char key[64]; \
for (ch = 0; ch < nb_channels; ch++) { \
snprintf(key, sizeof(key), \
META_PREFIX AV_STRINGIFY(name) "_peaks_ch%d", ch); \
SET_META(key, ebur128->name##_peaks[ch]); \
} \
} \
} while (0)
Reported by FlawFinder.
Line: 238
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void drawtext(AVFrame *pic, int x, int y, int ftid, const uint8_t *color, const char *fmt, ...)
{
int i;
char buf[128] = {0};
const uint8_t *font;
int font_height;
va_list vl;
if (ftid == FONT16) font = avpriv_vga16_font, font_height = 16;
Reported by FlawFinder.
Line: 258
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (char_y = 0; char_y < font_height; char_y++) {
for (mask = 0x80; mask; mask >>= 1) {
if (font[buf[i] * font_height + char_y] & mask)
memcpy(p, color, 3);
else
memcpy(p, "\x00\x00\x00", 3);
p += 3;
}
p += pic->linesize[0] - 8*3;
Reported by FlawFinder.
Line: 260
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (font[buf[i] * font_height + char_y] & mask)
memcpy(p, color, 3);
else
memcpy(p, "\x00\x00\x00", 3);
p += 3;
}
p += pic->linesize[0] - 8*3;
}
}
Reported by FlawFinder.
Line: 274
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *p = pic->data[0] + y*pic->linesize[0] + x*3;
for (i = 0; i < len; i++) {
memcpy(p, "\x00\xff\x00", 3);
p += step;
}
}
static int config_video_output(AVFilterLink *outlink)
Reported by FlawFinder.
Line: 357
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, INT_MAX, y);
for (x = 0; x < ebur128->graph.w; x++)
memcpy(p + x*3, c, 3);
p += outpicref->linesize[0];
}
/* draw fancy rectangles around the graph and the gauge */
#define DRAW_RECT(r) do { \
Reported by FlawFinder.
Line: 812
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, y_loudness_lu_graph, y);
memmove(p, p + 3, (ebur128->graph.w - 1) * 3);
memcpy(p + (ebur128->graph.w - 1) * 3, c, 3);
p += pic->linesize[0];
}
/* draw the gauge using either momentary or short-term loudness */
p = pic->data[0] + ebur128->gauge.y*pic->linesize[0] + ebur128->gauge.x*3;
Reported by FlawFinder.
Line: 822
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, y_loudness_lu_gauge, y);
for (x = 0; x < ebur128->gauge.w; x++)
memcpy(p + x*3, c, 3);
p += pic->linesize[0];
}
/* draw textual info */
if (ebur128->scale == SCALE_TYPE_ABSOLUTE) {
Reported by FlawFinder.
Line: 850
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (ebur128->metadata) { /* happens only once per filter_frame call */
char metabuf[128];
#define META_PREFIX "lavfi.r128."
#define SET_META(name, var) do { \
snprintf(metabuf, sizeof(metabuf), "%.3f", var); \
av_dict_set(&insamples->metadata, name, metabuf, 0); \
Reported by FlawFinder.
libavcodec/amrnbdec.c
11 issues
Line: 271
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < LP_FILTER_ORDER >> 1; i++)
memcpy(&lsf_r[i << 1], &lsf_quantizer[i][quantizer_offset],
2 * sizeof(*lsf_r));
if (sign) {
lsf_r[4] *= -1;
lsf_r[5] *= -1;
Reported by FlawFinder.
Line: 280
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (update)
memcpy(p->prev_lsf_r, lsf_r, LP_FILTER_ORDER * sizeof(*lsf_r));
for (i = 0; i < LP_FILTER_ORDER; i++)
lsf_q[i] = lsf_r[i] * (LSF_R_FAC / 8000.0) + lsf_no_r[i] * (1.0 / 8000.0);
ff_set_min_dist_lsf(lsf_q, MIN_LSF_SPACING, LP_FILTER_ORDER);
Reported by FlawFinder.
Line: 336
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i, j;
lsf_quantizer = (p->cur_frame_mode == MODE_7k95 ? lsf_3_1_MODE_7k95 : lsf_3_1)[lsf_param[0]];
memcpy(lsf_r, lsf_quantizer, 3 * sizeof(*lsf_r));
lsf_quantizer = lsf_3_2[lsf_param[1] << (p->cur_frame_mode <= MODE_5k15)];
memcpy(lsf_r + 3, lsf_quantizer, 3 * sizeof(*lsf_r));
lsf_quantizer = (p->cur_frame_mode <= MODE_5k15 ? lsf_3_3_MODE_5k15 : lsf_3_3)[lsf_param[2]];
Reported by FlawFinder.
Line: 339
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(lsf_r, lsf_quantizer, 3 * sizeof(*lsf_r));
lsf_quantizer = lsf_3_2[lsf_param[1] << (p->cur_frame_mode <= MODE_5k15)];
memcpy(lsf_r + 3, lsf_quantizer, 3 * sizeof(*lsf_r));
lsf_quantizer = (p->cur_frame_mode <= MODE_5k15 ? lsf_3_3_MODE_5k15 : lsf_3_3)[lsf_param[2]];
memcpy(lsf_r + 6, lsf_quantizer, 4 * sizeof(*lsf_r));
// calculate mean-removed LSF vector and add mean
Reported by FlawFinder.
Line: 342
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(lsf_r + 3, lsf_quantizer, 3 * sizeof(*lsf_r));
lsf_quantizer = (p->cur_frame_mode <= MODE_5k15 ? lsf_3_3_MODE_5k15 : lsf_3_3)[lsf_param[2]];
memcpy(lsf_r + 6, lsf_quantizer, 4 * sizeof(*lsf_r));
// calculate mean-removed LSF vector and add mean
for (i = 0; i < LP_FILTER_ORDER; i++)
lsf_q[i] = (lsf_r[i] + p->prev_lsf_r[i] * pred_fac[i]) * (LSF_R_FAC / 8000.0) + lsf_3_mean[i] * (1.0 / 8000.0);
Reported by FlawFinder.
Line: 352
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// store data for computing the next frame's LSFs
interpolate_lsf(&p->acelpv_ctx, p->lsf_q, lsf_q);
memcpy(p->prev_lsf_r, lsf_r, LP_FILTER_ORDER * sizeof(*lsf_r));
ff_acelp_lsf2lspd(p->lsp[3], lsf_q, LP_FILTER_ORDER);
// interpolate LSP vectors at subframes 1, 2 and 3
for (i = 1; i <= 3; i++)
Reported by FlawFinder.
Line: 423
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pitch_lag_frac + 6 - 6*(pitch_lag_frac > 0),
10, AMR_SUBFRAME_SIZE);
memcpy(p->pitch_vector, p->excitation, AMR_SUBFRAME_SIZE * sizeof(float));
}
/// @}
Reported by FlawFinder.
Line: 849
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static void update_state(AMRContext *p)
{
memcpy(p->prev_lsp_sub4, p->lsp[3], LP_FILTER_ORDER * sizeof(p->lsp[3][0]));
memmove(&p->excitation_buf[0], &p->excitation_buf[AMR_SUBFRAME_SIZE],
(PITCH_DELAY_MAX + LP_FILTER_ORDER + 1) * sizeof(float));
memmove(&p->pitch_gain[0], &p->pitch_gain[1], 4 * sizeof(float));
Reported by FlawFinder.
Line: 883
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *hf = impulse_buffer + LP_FILTER_ORDER; // start of impulse response
hf[0] = 1.0;
memcpy(hf + 1, lpc_n, sizeof(float) * LP_FILTER_ORDER);
p->celpf_ctx.celp_lp_synthesis_filterf(hf, lpc_d, hf,
AMR_TILT_RESPONSE,
LP_FILTER_ORDER);
rh0 = p->celpm_ctx.dot_productf(hf, hf, AMR_TILT_RESPONSE);
Reported by FlawFinder.
Line: 929
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lpc_d[i] = lpc[i] * gamma_d[i];
}
memcpy(pole_out, p->postfilter_mem, sizeof(float) * LP_FILTER_ORDER);
p->celpf_ctx.celp_lp_synthesis_filterf(pole_out + LP_FILTER_ORDER, lpc_d, samples,
AMR_SUBFRAME_SIZE, LP_FILTER_ORDER);
memcpy(p->postfilter_mem, pole_out + AMR_SUBFRAME_SIZE,
sizeof(float) * LP_FILTER_ORDER);
Reported by FlawFinder.