The following issues were found
libavcodec/mmvideo.c
1 issues
Line: 222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (res < 0)
return res;
memcpy(s->frame->data[1], s->palette, AVPALETTE_SIZE);
if ((res = av_frame_ref(data, s->frame)) < 0)
return res;
*got_frame = 1;
Reported by FlawFinder.
libavcodec/motionpixels.c
1 issues
Line: 300
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mp->bdsp.bswap_buf((uint32_t *) mp->bswapbuf, (const uint32_t *) buf,
buf_size / 4);
if (buf_size & 3)
memcpy(mp->bswapbuf + (buf_size & ~3), buf + (buf_size & ~3), buf_size & 3);
init_get_bits(&gb, mp->bswapbuf, buf_size * 8);
memset(mp->changes_map, 0, avctx->width * avctx->height);
for (i = !(avctx->extradata[1] & 2); i < 2; ++i) {
count1 = get_bits(&gb, 12);
Reported by FlawFinder.
libavcodec/movsub_bsf.c
1 issues
Line: 51
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
AV_WB16(out->data, in->size);
memcpy(out->data + 2, in->data, in->size);
fail:
if (ret < 0)
av_packet_unref(out);
av_packet_free(&in);
Reported by FlawFinder.
libavcodec/mp3_header_decompress_bsf.c
1 issues
Line: 98
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_packet_unref(out);
goto fail;
}
memcpy(out->data + frame_size - buf_size, buf, buf_size + AV_INPUT_BUFFER_PADDING_SIZE);
if(ctx->par_in->channels==2){
uint8_t *p= out->data + frame_size - buf_size;
if(lsf){
FFSWAP(int, p[1], p[2]);
Reported by FlawFinder.
libavcodec/mpeg_er.c
1 issues
Line: 75
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->mb_x = mb_x;
s->mb_y = mb_y;
s->mcsel = 0;
memcpy(s->mv, mv, sizeof(*mv));
ff_init_block_index(s);
ff_update_block_index(s);
s->bdsp.clear_blocks(s->block[0]);
Reported by FlawFinder.
libavcodec/mpegaudiodata.c
1 issues
Line: 145
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
2, 0, 1, 3,
};
const unsigned char * const ff_mpa_alloc_tables[5] =
{ alloc_table_1, alloc_table_1, alloc_table_3, alloc_table_3, alloc_table_4, };
Reported by FlawFinder.
libavcodec/mpegaudiodata.h
1 issues
Line: 45
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const int ff_mpa_sblimit_table[5];
extern const int ff_mpa_quant_steps[17];
extern const int ff_mpa_quant_bits[17];
extern const unsigned char * const ff_mpa_alloc_tables[5];
#define TABLE_4_3_SIZE ((8191 + 16)*4)
#if CONFIG_HARDCODED_TABLES
extern const int8_t ff_table_4_3_exp [TABLE_4_3_SIZE];
extern const uint32_t ff_table_4_3_value[TABLE_4_3_SIZE];
Reported by FlawFinder.
libavcodec/mpegaudiodsp_template.c
1 issues
Line: 137
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
/* copy to avoid wrap */
memcpy(synth_buf + 512, synth_buf, 32 * sizeof(*synth_buf));
samples2 = samples + 31 * incr;
w = window;
w2 = window + 31;
Reported by FlawFinder.
libavcodec/mpegaudiotab.h
1 issues
Line: 100
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-75, -75, -75, -75, -91, -107, -110, -108
};
static const unsigned char nb_scale_factors[4] = { 3, 2, 1, 2 };
#endif /* AVCODEC_MPEGAUDIOTAB_H */
Reported by FlawFinder.
libavcodec/mpegutils.c
1 issues
Line: 185
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
av_freep(&mvs);
return;
}
memcpy(sd->data, mvs, mbcount * sizeof(AVMotionVector));
}
av_freep(&mvs);
}
Reported by FlawFinder.