The following issues were found
libavcodec/mpegvideo_xvmc.c
1 issues
Line: 331
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
// copy blocks only if the codec doesn't support pblocks reordering
if (!s->pack_pblocks) {
memcpy(&render->data_blocks[render->next_free_data_block_num*64],
s->pblocks[i], sizeof(*s->pblocks[i]));
}
render->next_free_data_block_num++;
}
}
Reported by FlawFinder.
libavcodec/msp2dec.c
1 issues
Line: 75
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int size = bytestream2_get_byte(&gb);
if (size) {
size = FFMIN(size, bytestream2_get_bytes_left(&gb));
memcpy(p->data[0] + y * p->linesize[0] + x, gb.buffer, FFMIN(size, width - x));
bytestream2_skip(&gb, size);
} else {
int value;
size = bytestream2_get_byte(&gb);
if (!size)
Reported by FlawFinder.
libavcodec/mss1.c
1 issues
Line: 179
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avctx->width, avctx->height);
if (c->corrupted)
return AVERROR_INVALIDDATA;
memcpy(ctx->pic->data[1], c->pal, AVPALETTE_SIZE);
ctx->pic->palette_has_changed = pal_changed;
if ((ret = av_frame_ref(data, ctx->pic)) < 0)
return ret;
Reported by FlawFinder.
libavcodec/mss2.c
1 issues
Line: 365
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AV_WB24(rp, pal[last_symbol]);
} else if (last_symbol == -1 && prev_avail) {
*pp = *(pp - pal_stride);
memcpy(rp, rp - rgb_stride, 3);
}
rp += 3;
} while (++pp < pal_dst + w);
pal_dst += pal_stride;
rgb_dst += rgb_stride;
Reported by FlawFinder.
libavcodec/mss2dsp.c
1 issues
Line: 117
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j = h - 1;
memcpy(plane + plane_stride * j,
plane + plane_stride * (j >> 1),
w);
while ((j -= 2) > 0) {
dst1 = plane + plane_stride * (j + 1);
Reported by FlawFinder.
libavcodec/mss4.c
1 issues
Line: 421
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 3; i++)
for (j = 0; j < 16; j++)
memcpy(picdst[i] + mb_x * 16 + j * ctx->pic->linesize[i],
ctx->imgbuf[i] + j * 16, 16);
return 0;
}
Reported by FlawFinder.
libavcodec/mxpegdec.c
1 issues
Line: 127
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->bitmask_size = bitmask_size;
}
memcpy(s->mxm_bitmask, buf_ptr + 12, bitmask_size);
s->got_mxm_bitmask = 1;
if (!s->has_complete_frame) {
uint8_t completion_check = 0xFF;
for (i = 0; i < bitmask_size; ++i) {
Reported by FlawFinder.
libavcodec/nellymoserdec.c
1 issues
Line: 62
Column: 47
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} NellyMoserDecodeContext;
static void nelly_decode_block(NellyMoserDecodeContext *s,
const unsigned char block[NELLY_BLOCK_LEN],
float audio[NELLY_SAMPLES])
{
int i,j;
float buf[NELLY_FILL_LEN], pows[NELLY_FILL_LEN];
float *aptr, *bptr, *pptr, val, pval;
Reported by FlawFinder.
libavcodec/notchlc.c
1 issues
Line: 126
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reference_pos = (pos >= delta) ? (pos - delta) : (HISTORY_SIZE + pos - delta);
if (pos + match_length < HISTORY_SIZE && reference_pos + match_length < HISTORY_SIZE) {
if (pos >= reference_pos + match_length || reference_pos >= pos + match_length) {
memcpy(history + pos, history + reference_pos, match_length);
pos += match_length;
} else {
while (match_length-- > 0)
history[pos++] = history[reference_pos++];
}
Reported by FlawFinder.
libavcodec/nvdec_hevc.c
1 issues
Line: 289
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->slice_offsets = tmp;
AV_WB24(ctx->bitstream + ctx->bitstream_len, 1);
memcpy(ctx->bitstream + ctx->bitstream_len + 3, buffer, size);
ctx->slice_offsets[ctx->nb_slices] = ctx->bitstream_len ;
ctx->bitstream_len += size + 3;
ctx->nb_slices++;
return 0;
Reported by FlawFinder.