The following issues were found
libavcodec/dca.c
1 issues
Line: 68
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (mrk) {
case DCA_SYNCWORD_CORE_BE:
case DCA_SYNCWORD_SUBSTREAM:
memcpy(dst, src, src_size);
return src_size;
case DCA_SYNCWORD_CORE_LE:
for (i = 0; i < (src_size + 1) >> 1; i++) {
AV_WB16(dst, AV_RL16(src));
src += 2;
Reported by FlawFinder.
libavcodec/dsd.c
1 issues
Line: 129
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
s->pos = pos;
memcpy(s->buf, buf, sizeof(buf));
}
Reported by FlawFinder.
libavcodec/dvbsub_parser.c
1 issues
Line: 114
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pc->in_packet == 0)
return buf_size;
memcpy(pc->packet_buf + pc->packet_index, buf + buf_pos, buf_size - buf_pos);
pc->packet_index += buf_size - buf_pos;
p = pc->packet_buf;
p_end = pc->packet_buf + pc->packet_index;
Reported by FlawFinder.
libavcodec/dvdsub_parser.c
1 issues
Line: 63
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (pc->packet) {
if (pc->packet_index + buf_size <= pc->packet_len) {
memcpy(pc->packet + pc->packet_index, buf, buf_size);
pc->packet_index += buf_size;
if (pc->packet_index >= pc->packet_len) {
*poutbuf = pc->packet;
*poutbuf_size = pc->packet_len;
pc->packet_index = 0;
Reported by FlawFinder.
libavcodec/dxv.c
1 issues
Line: 412
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (nb_elements > 0)
memcpy(&table2[0], table0, 4 * nb_elements);
for (i = 0; i < 1024; i++) {
val0 = table1[i].val1;
val1 = table2[val0];
table2[val0]++;
Reported by FlawFinder.
libavcodec/eac3dec.c
1 issues
Line: 95
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy coeffs from normal bands to extension bands */
bin = s->spx_src_start_freq;
for (i = 0; i < num_copy_sections; i++) {
memcpy(&s->transform_coeffs[ch][bin],
&s->transform_coeffs[ch][s->spx_dst_start_freq],
copy_sizes[i]*sizeof(INTFLOAT));
bin += copy_sizes[i];
}
Reported by FlawFinder.
libavcodec/escape124.c
1 issues
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned y;
if (src)
for (y = 0; y < 8; y++)
memcpy(dest + y * dest_stride, src + y * src_stride,
sizeof(uint16_t) * 8);
else
for (y = 0; y < 8; y++)
memset(dest + y * dest_stride, 0, sizeof(uint16_t) * 8);
}
Reported by FlawFinder.
libavcodec/exif.c
1 issues
Line: 98
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ret = ff_exif_decode_ifd(logctx, gbytes, le, depth + 1, metadata);
} else {
const char *name = exif_get_tag_name(id);
char buf[7];
if (!name) {
name = buf;
snprintf(buf, sizeof(buf), "0x%04X", id);
}
Reported by FlawFinder.
libavcodec/exif.h
1 issues
Line: 39
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define EXIF_TAG_NAME_LENGTH 32
struct exif_tag {
char name[EXIF_TAG_NAME_LENGTH];
uint16_t id;
};
static const struct exif_tag tag_list[] = { // JEITA CP-3451 EXIF specification:
{"GPSVersionID", 0x00}, // <- Table 12 GPS Attribute Information
Reported by FlawFinder.
libavcodec/fft_template.c
1 issues
Line: 303
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else
for(j=0;j<np;j++) s->tmp_buf[revtab32[j]] = z[j];
memcpy(z, s->tmp_buf, np * sizeof(FFTComplex));
}
av_cold void ff_fft_end(FFTContext *s)
{
av_freep(&s->revtab);
Reported by FlawFinder.