The following issues were found
libavcodec/iff.c
11 issues
Line: 187
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
avpriv_request_sample(avctx, "overlapping mask");
return AVERROR_PATCHWELCOME;
}
memcpy(pal + (1 << avctx->bits_per_coded_sample), pal, count * 4);
for (i = 0; i < count; i++)
pal[i] &= 0xFFFFFF;
} else if (s->masking == MASK_HAS_TRANSPARENT_COLOR &&
s->transparency < 1 << avctx->bits_per_coded_sample)
pal[s->transparency] &= 0xFFFFFF;
Reported by FlawFinder.
Line: 728
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int length = FFMIN(size - i, width - x);
if (src_end - src < length * 4)
return;
memcpy(dst + y*linesize + x * 4, src, length * 4);
src += length * 4;
x += length;
i += length;
if (x >= width) {
x = 0;
Reported by FlawFinder.
Line: 1561
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (s->compression <= 0xff && (avctx->codec_tag == MKTAG('A', 'N', 'I', 'M'))) {
if (avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(s->pal, s->frame->data[1], 256 * 4);
}
switch (s->compression) {
case 0x0:
if (avctx->codec_tag == MKTAG('A', 'C', 'B', 'M')) {
Reported by FlawFinder.
Line: 1596
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int x;
for (y = 0; y < avctx->height && buf < buf_end; y++) {
uint8_t *row = &frame->data[0][y * frame->linesize[0]];
memcpy(row, buf, FFMIN(raw_width, buf_end - buf));
buf += raw_width;
if (avctx->pix_fmt == AV_PIX_FMT_BGR32) {
for (x = 0; x < avctx->width; x++)
row[4 * x + 3] = row[4 * x + 3] & 0xF0 | (row[4 * x + 3] >> 4);
}
Reported by FlawFinder.
Line: 1606
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (avctx->codec_tag == MKTAG('I', 'L', 'B', 'M') || // interleaved
avctx->codec_tag == MKTAG('A', 'N', 'I', 'M')) {
if (avctx->codec_tag == MKTAG('A', 'N', 'I', 'M'))
memcpy(s->video[0], buf, FFMIN(buf_end - buf, s->video_size));
if (avctx->pix_fmt == AV_PIX_FMT_PAL8 || avctx->pix_fmt == AV_PIX_FMT_GRAY8) {
for (y = 0; y < avctx->height; y++) {
uint8_t *row = &frame->data[0][y * frame->linesize[0]];
memset(row, 0, avctx->width);
for (plane = 0; plane < s->bpp && buf < buf_end; plane++) {
Reported by FlawFinder.
Line: 1641
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avctx->pix_fmt == AV_PIX_FMT_PAL8 || avctx->pix_fmt == AV_PIX_FMT_GRAY8) {
for (y = 0; y < avctx->height && buf_end > buf; y++) {
uint8_t *row = &frame->data[0][y * frame->linesize[0]];
memcpy(row, buf, FFMIN(avctx->width, buf_end - buf));
buf += avctx->width + (avctx->width % 2); // padding if odd
}
} else if (s->ham) { // IFF-PBM: HAM to AV_PIX_FMT_BGR32
for (y = 0; y < avctx->height && buf_end > buf; y++) {
uint8_t *row = &frame->data[0][y * frame->linesize[0]];
Reported by FlawFinder.
Line: 1647
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (s->ham) { // IFF-PBM: HAM to AV_PIX_FMT_BGR32
for (y = 0; y < avctx->height && buf_end > buf; y++) {
uint8_t *row = &frame->data[0][y * frame->linesize[0]];
memcpy(s->ham_buf, buf, FFMIN(avctx->width, buf_end - buf));
buf += avctx->width + (avctx->width & 1); // padding if odd
decode_ham_plane32((uint32_t *)row, s->ham_buf, s->ham_palbuf, s->planesize);
}
} else
return unsupported(avctx);
Reported by FlawFinder.
Line: 1669
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (plane = 0; plane < s->bpp; plane++) {
buf += decode_byterun(s->planebuf, s->planesize, gb);
if (avctx->codec_tag == MKTAG('A', 'N', 'I', 'M')) {
memcpy(video, s->planebuf, s->planesize);
video += s->planesize;
}
decodeplane8(row, s->planebuf, s->planesize, plane);
}
}
Reported by FlawFinder.
Line: 1693
Column: 29
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (plane = 0; plane < s->bpp; plane++) {
buf += decode_byterun(s->planebuf, s->planesize, gb);
if (avctx->codec_tag == MKTAG('A', 'N', 'I', 'M')) {
memcpy(video, s->planebuf, s->planesize);
video += s->planesize;
}
decodeplane8(s->ham_buf, s->planebuf, s->planesize, plane);
}
decode_ham_plane32((uint32_t *)row, s->ham_buf, s->ham_palbuf, s->planesize);
Reported by FlawFinder.
Line: 1836
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (s->compression <= 0xff && (avctx->codec_tag == MKTAG('A', 'N', 'I', 'M'))) {
memcpy(s->video[1], s->video[0], s->video_size);
}
if (s->compression > 0xff) {
if (avctx->pix_fmt == AV_PIX_FMT_PAL8 || avctx->pix_fmt == AV_PIX_FMT_GRAY8) {
buf = s->video[0];
Reported by FlawFinder.
libavformat/librtmp.c
11 issues
Line: 101
Column: 15
CWE codes:
126
RTMP *r = &ctx->rtmp;
int rc = 0, level;
char *filename = s->filename;
int len = strlen(s->filename) + 1;
switch (av_log_get_level()) {
default:
case AV_LOG_FATAL: level = RTMP_LOGCRIT; break;
case AV_LOG_ERROR: level = RTMP_LOGERROR; break;
Reported by FlawFinder.
Line: 115
Column: 31
CWE codes:
126
RTMP_LogSetLevel(level);
RTMP_LogSetCallback(rtmp_log);
if (ctx->app) len += strlen(ctx->app) + sizeof(" app=");
if (ctx->tcurl) len += strlen(ctx->tcurl) + sizeof(" tcUrl=");
if (ctx->pageurl) len += strlen(ctx->pageurl) + sizeof(" pageUrl=");
if (ctx->flashver) len += strlen(ctx->flashver) + sizeof(" flashver=");
if (ctx->conn) {
Reported by FlawFinder.
Line: 116
Column: 31
CWE codes:
126
RTMP_LogSetCallback(rtmp_log);
if (ctx->app) len += strlen(ctx->app) + sizeof(" app=");
if (ctx->tcurl) len += strlen(ctx->tcurl) + sizeof(" tcUrl=");
if (ctx->pageurl) len += strlen(ctx->pageurl) + sizeof(" pageUrl=");
if (ctx->flashver) len += strlen(ctx->flashver) + sizeof(" flashver=");
if (ctx->conn) {
char *sep, *p = ctx->conn;
Reported by FlawFinder.
Line: 117
Column: 31
CWE codes:
126
if (ctx->app) len += strlen(ctx->app) + sizeof(" app=");
if (ctx->tcurl) len += strlen(ctx->tcurl) + sizeof(" tcUrl=");
if (ctx->pageurl) len += strlen(ctx->pageurl) + sizeof(" pageUrl=");
if (ctx->flashver) len += strlen(ctx->flashver) + sizeof(" flashver=");
if (ctx->conn) {
char *sep, *p = ctx->conn;
int options = 0;
Reported by FlawFinder.
Line: 118
Column: 31
CWE codes:
126
if (ctx->app) len += strlen(ctx->app) + sizeof(" app=");
if (ctx->tcurl) len += strlen(ctx->tcurl) + sizeof(" tcUrl=");
if (ctx->pageurl) len += strlen(ctx->pageurl) + sizeof(" pageUrl=");
if (ctx->flashver) len += strlen(ctx->flashver) + sizeof(" flashver=");
if (ctx->conn) {
char *sep, *p = ctx->conn;
int options = 0;
Reported by FlawFinder.
Line: 136
Column: 16
CWE codes:
126
break;
}
len += options * sizeof(" conn=");
len += strlen(ctx->conn);
}
if (ctx->playpath)
len += strlen(ctx->playpath) + sizeof(" playpath=");
if (ctx->live)
Reported by FlawFinder.
Line: 140
Column: 16
CWE codes:
126
}
if (ctx->playpath)
len += strlen(ctx->playpath) + sizeof(" playpath=");
if (ctx->live)
len += sizeof(" live=1");
if (ctx->subscribe)
len += strlen(ctx->subscribe) + sizeof(" subscribe=");
Reported by FlawFinder.
Line: 144
Column: 16
CWE codes:
126
if (ctx->live)
len += sizeof(" live=1");
if (ctx->subscribe)
len += strlen(ctx->subscribe) + sizeof(" subscribe=");
if (ctx->client_buffer_time)
len += strlen(ctx->client_buffer_time) + sizeof(" buffer=");
if (ctx->swfurl || ctx->swfverify) {
Reported by FlawFinder.
Line: 147
Column: 16
CWE codes:
126
len += strlen(ctx->subscribe) + sizeof(" subscribe=");
if (ctx->client_buffer_time)
len += strlen(ctx->client_buffer_time) + sizeof(" buffer=");
if (ctx->swfurl || ctx->swfverify) {
len += sizeof(" swfUrl=");
if (ctx->swfverify)
Reported by FlawFinder.
Line: 153
Column: 20
CWE codes:
126
len += sizeof(" swfUrl=");
if (ctx->swfverify)
len += strlen(ctx->swfverify) + sizeof(" swfVfy=1");
else
len += strlen(ctx->swfurl);
}
if (!(ctx->temp_filename = filename = av_malloc(len)))
Reported by FlawFinder.
libavfilter/af_arnndn.c
11 issues
Line: 647
CWE codes:
476
for (int i = 0; i < n; i++)
xx[i] = x[i];
for (int i = 0; i < overlap; i++) {
xx[i] = x[i] * window[i];
xx[n-i-1] = x[n-i-1] * window[i];
}
xptr = xx;
}
Reported by Cppcheck.
Line: 648
CWE codes:
476
xx[i] = x[i];
for (int i = 0; i < overlap; i++) {
xx[i] = x[i] * window[i];
xx[n-i-1] = x[n-i-1] * window[i];
}
xptr = xx;
}
shift = 0;
Reported by Cppcheck.
Line: 409
Column: 32
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define RNN_MOVE(dst, src, n) (memmove((dst), (src), (n)*sizeof(*(dst)) + 0*((dst)-(src)) ))
#define RNN_CLEAR(dst, n) (memset((dst), 0, (n)*sizeof(*(dst))))
#define RNN_COPY(dst, src, n) (memcpy((dst), (src), (n)*sizeof(*(dst)) + 0*((dst)-(src)) ))
static void forward_transform(DenoiseState *st, AVComplexFloat *out, const float *in)
{
AVComplexFloat x[WINDOW_SIZE];
AVComplexFloat y[WINDOW_SIZE];
Reported by FlawFinder.
Line: 1344
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
compute_gru(s, rnn->model->vad_gru, rnn->vad_gru_state, dense_out);
compute_dense(rnn->model->vad_output, vad, rnn->vad_gru_state);
memcpy(noise_input, dense_out, rnn->model->input_dense_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size,
rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size + rnn->model->vad_gru_size,
input, INPUT_SIZE * sizeof(float));
Reported by FlawFinder.
Line: 1345
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
compute_dense(rnn->model->vad_output, vad, rnn->vad_gru_state);
memcpy(noise_input, dense_out, rnn->model->input_dense_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size,
rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size + rnn->model->vad_gru_size,
input, INPUT_SIZE * sizeof(float));
compute_gru(s, rnn->model->noise_gru, rnn->noise_gru_state, noise_input);
Reported by FlawFinder.
Line: 1347
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(noise_input, dense_out, rnn->model->input_dense_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size,
rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(noise_input + rnn->model->input_dense_size + rnn->model->vad_gru_size,
input, INPUT_SIZE * sizeof(float));
compute_gru(s, rnn->model->noise_gru, rnn->noise_gru_state, noise_input);
memcpy(denoise_input, rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
Reported by FlawFinder.
Line: 1352
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
compute_gru(s, rnn->model->noise_gru, rnn->noise_gru_state, noise_input);
memcpy(denoise_input, rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size,
rnn->noise_gru_state, rnn->model->noise_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size + rnn->model->noise_gru_size,
input, INPUT_SIZE * sizeof(float));
Reported by FlawFinder.
Line: 1353
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
compute_gru(s, rnn->model->noise_gru, rnn->noise_gru_state, noise_input);
memcpy(denoise_input, rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size,
rnn->noise_gru_state, rnn->model->noise_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size + rnn->model->noise_gru_size,
input, INPUT_SIZE * sizeof(float));
compute_gru(s, rnn->model->denoise_gru, rnn->denoise_gru_state, denoise_input);
Reported by FlawFinder.
Line: 1355
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(denoise_input, rnn->vad_gru_state, rnn->model->vad_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size,
rnn->noise_gru_state, rnn->model->noise_gru_size * sizeof(float));
memcpy(denoise_input + rnn->model->vad_gru_size + rnn->model->noise_gru_size,
input, INPUT_SIZE * sizeof(float));
compute_gru(s, rnn->model->denoise_gru, rnn->denoise_gru_state, denoise_input);
compute_dense(rnn->model->denoise_output, gains, rnn->denoise_gru_state);
}
Reported by FlawFinder.
Line: 1401
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
frame_synthesis(s, st, out, X);
memcpy(history, in, FRAME_SIZE * sizeof(*history));
return vad_prob;
}
typedef struct ThreadData {
Reported by FlawFinder.
libavformat/hashenc.c
11 issues
Line: 143
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct HashContext *c = s->priv_data;
int num_hashes = c->per_stream ? s->nb_streams : 1;
for (int i = 0; i < num_hashes; i++) {
char buf[AV_HASH_MAX_SIZE*2+128];
if (c->per_stream) {
AVStream *st = s->streams[i];
snprintf(buf, sizeof(buf) - 200, "%d,%c,%s=", i, get_media_type_char(st->codecpar->codec_type),
av_hash_get_name(c->hashes[i]));
} else {
Reported by FlawFinder.
Line: 240
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
AVCodecParameters *par = st->codecpar;
if (par->extradata) {
struct HashContext *c = s->priv_data;
char buf[AV_HASH_MAX_SIZE*2+1];
avio_printf(s->pb, "#extradata %d, %31d, ", i, par->extradata_size);
av_hash_init(c->hashes[0]);
av_hash_update(c->hashes[0], par->extradata, par->extradata_size);
av_hash_final_hex(c->hashes[0], buf, sizeof(buf));
Reported by FlawFinder.
Line: 281
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int framehash_write_packet(struct AVFormatContext *s, AVPacket *pkt)
{
struct HashContext *c = s->priv_data;
char buf[AV_HASH_MAX_SIZE*2+128];
int len;
av_hash_init(c->hashes[0]);
av_hash_update(c->hashes[0], pkt->data, pkt->size);
snprintf(buf, sizeof(buf) - (AV_HASH_MAX_SIZE * 2 + 1), "%d, %10"PRId64", %10"PRId64", %8"PRId64", %8d, ",
Reported by FlawFinder.
Line: 151
Column: 47
CWE codes:
126
} else {
snprintf(buf, sizeof(buf) - 200, "%s=", av_hash_get_name(c->hashes[i]));
}
av_hash_final_hex(c->hashes[i], buf + strlen(buf), sizeof(buf) - strlen(buf));
av_strlcatf(buf, sizeof(buf), "\n");
avio_write(s->pb, buf, strlen(buf));
}
return 0;
Reported by FlawFinder.
Line: 151
Column: 74
CWE codes:
126
} else {
snprintf(buf, sizeof(buf) - 200, "%s=", av_hash_get_name(c->hashes[i]));
}
av_hash_final_hex(c->hashes[i], buf + strlen(buf), sizeof(buf) - strlen(buf));
av_strlcatf(buf, sizeof(buf), "\n");
avio_write(s->pb, buf, strlen(buf));
}
return 0;
Reported by FlawFinder.
Line: 153
Column: 32
CWE codes:
126
}
av_hash_final_hex(c->hashes[i], buf + strlen(buf), sizeof(buf) - strlen(buf));
av_strlcatf(buf, sizeof(buf), "\n");
avio_write(s->pb, buf, strlen(buf));
}
return 0;
}
#endif
Reported by FlawFinder.
Line: 246
Column: 36
CWE codes:
126
av_hash_init(c->hashes[0]);
av_hash_update(c->hashes[0], par->extradata, par->extradata_size);
av_hash_final_hex(c->hashes[0], buf, sizeof(buf));
avio_write(s->pb, buf, strlen(buf));
avio_printf(s->pb, "\n");
}
}
}
Reported by FlawFinder.
Line: 288
Column: 11
CWE codes:
126
snprintf(buf, sizeof(buf) - (AV_HASH_MAX_SIZE * 2 + 1), "%d, %10"PRId64", %10"PRId64", %8"PRId64", %8d, ",
pkt->stream_index, pkt->dts, pkt->pts, pkt->duration, pkt->size);
len = strlen(buf);
av_hash_final_hex(c->hashes[0], buf + len, sizeof(buf) - len);
avio_write(s->pb, buf, strlen(buf));
if (c->format_version > 1 && pkt->side_data_elems) {
int i;
Reported by FlawFinder.
Line: 290
Column: 28
CWE codes:
126
pkt->stream_index, pkt->dts, pkt->pts, pkt->duration, pkt->size);
len = strlen(buf);
av_hash_final_hex(c->hashes[0], buf + len, sizeof(buf) - len);
avio_write(s->pb, buf, strlen(buf));
if (c->format_version > 1 && pkt->side_data_elems) {
int i;
avio_printf(s->pb, ", S=%d", pkt->side_data_elems);
for (i = 0; i < pkt->side_data_elems; i++) {
Reported by FlawFinder.
Line: 306
Column: 19
CWE codes:
126
av_hash_update(c->hashes[0], pkt->side_data[i].data, pkt->side_data[i].size);
snprintf(buf, sizeof(buf) - (AV_HASH_MAX_SIZE * 2 + 1),
", %8"SIZE_SPECIFIER", ", pkt->side_data[i].size);
len = strlen(buf);
av_hash_final_hex(c->hashes[0], buf + len, sizeof(buf) - len);
avio_write(s->pb, buf, strlen(buf));
}
}
Reported by FlawFinder.
libavcodec/sipr16k.c
11 issues
Line: 58
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < 4; i++)
memcpy(out + 3*i, cbs[i] + 3*idx[i], 3*sizeof(float));
memcpy(out + 12, cbs[4] + 4*idx[4], 4*sizeof(float));
}
static void lsf_decode_fp_16k(float* lsf_history, float* isp_new,
Reported by FlawFinder.
Line: 60
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < 4; i++)
memcpy(out + 3*i, cbs[i] + 3*idx[i], 3*sizeof(float));
memcpy(out + 12, cbs[4] + 4*idx[4], 4*sizeof(float));
}
static void lsf_decode_fp_16k(float* lsf_history, float* isp_new,
const int* parm, int ma_pred)
{
Reported by FlawFinder.
Line: 77
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
+ mean_lsf_16k[i];
}
memcpy(lsf_history, isp_q, LP_FILTER_ORDER_16k * sizeof(float));
}
static int dec_delay3_1st(int index)
{
if (index < 390) {
Reported by FlawFinder.
Line: 110
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < LP_FILTER_ORDER_16k; i++)
filt_mem[0][i] = iir_mem[i] * ff_pow_0_5[i];
memcpy(tmpbuf - LP_FILTER_ORDER_16k, mem_preemph,
LP_FILTER_ORDER_16k*sizeof(*buf));
ff_celp_lp_synthesis_filterf(tmpbuf, filt_mem[1], synth, 30,
LP_FILTER_ORDER_16k);
Reported by FlawFinder.
Line: 116
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_celp_lp_synthesis_filterf(tmpbuf, filt_mem[1], synth, 30,
LP_FILTER_ORDER_16k);
memcpy(synth - LP_FILTER_ORDER_16k, mem_preemph,
LP_FILTER_ORDER_16k * sizeof(*synth));
ff_celp_lp_synthesis_filterf(synth, filt_mem[0], synth, 30,
LP_FILTER_ORDER_16k);
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ff_celp_lp_synthesis_filterf(synth, filt_mem[0], synth, 30,
LP_FILTER_ORDER_16k);
memcpy(out_data + 30 - LP_FILTER_ORDER_16k,
synth + 30 - LP_FILTER_ORDER_16k,
LP_FILTER_ORDER_16k * sizeof(*synth));
ff_celp_lp_synthesis_filterf(out_data + 30, filt_mem[0],
synth + 30, 2 * L_SUBFR_16k - 30,
Reported by FlawFinder.
Line: 131
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
LP_FILTER_ORDER_16k);
memcpy(mem_preemph, out_data + 2*L_SUBFR_16k - LP_FILTER_ORDER_16k,
LP_FILTER_ORDER_16k * sizeof(*synth));
FFSWAP(float *, filt_mem[0], filt_mem[1]);
for (i = 0, s = 0; i < 30; i++, s += 1.0/30)
out_data[i] = tmpbuf[i] + s * (synth[i] - tmpbuf[i]);
Reported by FlawFinder.
Line: 201
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
acelp_lp_decodef(Az[0], Az[1], lsp_new, ctx->lsp_history_16k);
memcpy(ctx->lsp_history_16k, lsp_new, LP_FILTER_ORDER_16k * sizeof(double));
memcpy(synth - LP_FILTER_ORDER_16k, ctx->synth,
LP_FILTER_ORDER_16k * sizeof(*synth));
for (i = 0; i < SUBFRAME_COUNT_16k; i++) {
Reported by FlawFinder.
Line: 203
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ctx->lsp_history_16k, lsp_new, LP_FILTER_ORDER_16k * sizeof(double));
memcpy(synth - LP_FILTER_ORDER_16k, ctx->synth,
LP_FILTER_ORDER_16k * sizeof(*synth));
for (i = 0; i < SUBFRAME_COUNT_16k; i++) {
int i_subfr = i * L_SUBFR_16k;
AMRFixed f;
Reported by FlawFinder.
Line: 260
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
LP_FILTER_ORDER_16k);
}
memcpy(ctx->synth, synth + frame_size - LP_FILTER_ORDER_16k,
LP_FILTER_ORDER_16k * sizeof(*synth));
memmove(ctx->excitation, ctx->excitation + 2 * L_SUBFR_16k,
(L_INTERPOL+PITCH_MAX) * sizeof(float));
Reported by FlawFinder.
libavcodec/pngdec.c
11 issues
Line: 188
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (x = 0; x < width; x++) {
j = x & 7;
if ((dsp_mask << j) & 0x80) {
memcpy(d, s, bpp);
}
d += bpp;
if ((mask << j) & 0x80)
s += bpp;
}
Reported by FlawFinder.
Line: 271
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (filter_type) {
case PNG_FILTER_VALUE_NONE:
memcpy(dst, src, size);
break;
case PNG_FILTER_VALUE_SUB:
for (i = 0; i < bpp; i++)
dst[i] = src[i];
if (bpp == 4) {
Reported by FlawFinder.
Line: 748
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the palette if needed */
if (avctx->pix_fmt == AV_PIX_FMT_PAL8)
memcpy(p->data[1], s->palette, 256 * sizeof(uint32_t));
/* empty row is used if differencing to the first row */
av_fast_padded_mallocz(&s->last_row, &s->last_row_size, s->row_size);
if (!s->last_row)
return AVERROR_INVALIDDATA;
if (s->interlace_type ||
Reported by FlawFinder.
Line: 1092
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!s->background_buf)
return AVERROR(ENOMEM);
memcpy(s->background_buf, src, src_stride * p->height);
for (y = s->last_y_offset; y < s->last_y_offset + s->last_h; y++) {
memset(s->background_buf + src_stride * y +
s->bpp * s->last_x_offset, 0, s->bpp * s->last_w);
}
Reported by FlawFinder.
Line: 1104
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// copy unchanged rectangles from the last frame
for (y = 0; y < s->y_offset; y++)
memcpy(dst + y * dst_stride, src + y * src_stride, p->width * s->bpp);
for (y = s->y_offset; y < s->y_offset + s->cur_h; y++) {
memcpy(dst + y * dst_stride, src + y * src_stride, s->x_offset * s->bpp);
memcpy(dst + y * dst_stride + (s->x_offset + s->cur_w) * s->bpp,
src + y * src_stride + (s->x_offset + s->cur_w) * s->bpp,
(p->width - s->cur_w - s->x_offset) * s->bpp);
Reported by FlawFinder.
Line: 1106
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (y = 0; y < s->y_offset; y++)
memcpy(dst + y * dst_stride, src + y * src_stride, p->width * s->bpp);
for (y = s->y_offset; y < s->y_offset + s->cur_h; y++) {
memcpy(dst + y * dst_stride, src + y * src_stride, s->x_offset * s->bpp);
memcpy(dst + y * dst_stride + (s->x_offset + s->cur_w) * s->bpp,
src + y * src_stride + (s->x_offset + s->cur_w) * s->bpp,
(p->width - s->cur_w - s->x_offset) * s->bpp);
}
for (y = s->y_offset + s->cur_h; y < p->height; y++)
Reported by FlawFinder.
Line: 1107
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst + y * dst_stride, src + y * src_stride, p->width * s->bpp);
for (y = s->y_offset; y < s->y_offset + s->cur_h; y++) {
memcpy(dst + y * dst_stride, src + y * src_stride, s->x_offset * s->bpp);
memcpy(dst + y * dst_stride + (s->x_offset + s->cur_w) * s->bpp,
src + y * src_stride + (s->x_offset + s->cur_w) * s->bpp,
(p->width - s->cur_w - s->x_offset) * s->bpp);
}
for (y = s->y_offset + s->cur_h; y < p->height; y++)
memcpy(dst + y * dst_stride, src + y * src_stride, p->width * s->bpp);
Reported by FlawFinder.
Line: 1112
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(p->width - s->cur_w - s->x_offset) * s->bpp);
}
for (y = s->y_offset + s->cur_h; y < p->height; y++)
memcpy(dst + y * dst_stride, src + y * src_stride, p->width * s->bpp);
if (s->blend_op == APNG_BLEND_OP_OVER) {
// Perform blending
for (y = s->y_offset; y < s->y_offset + s->cur_h; ++y) {
uint8_t *foreground = dst + dst_stride * y + s->bpp * s->x_offset;
Reported by FlawFinder.
Line: 1149
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
if (foreground_alpha == 0) {
memcpy(foreground, background, s->bpp);
continue;
}
if (avctx->pix_fmt == AV_PIX_FMT_PAL8) {
// TODO: Alpha blending with PAL8 will likely need the entire image converted over to RGBA first
Reported by FlawFinder.
Line: 1173
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
output[b] = output_alpha;
memcpy(foreground, output, s->bpp);
}
}
}
return 0;
Reported by FlawFinder.
libavcodec/dvbsubdec.c
11 issues
Line: 1438
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
fclose(f);
snprintf(command, sizeof(command), "pnmtopng -alpha %s %s > %s.png 2> /dev/null", fname2, fname, filename);
if (system(command) != 0) {
av_log(ctx, AV_LOG_ERROR, "Error running pnmtopng\n");
return;
}
snprintf(command, sizeof(command), "rm %s %s", fname, fname2);
Reported by FlawFinder.
Line: 1444
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
snprintf(command, sizeof(command), "rm %s %s", fname, fname2);
if (system(command) != 0) {
av_log(ctx, AV_LOG_ERROR, "Error removing %s and %s\n", fname, fname2);
return;
}
}
Reported by FlawFinder.
Line: 824
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = AVERROR(ENOMEM);
goto fail;
}
memcpy(rect->data[1], clut_table, (1 << region->depth) * sizeof(*clut_table));
rect->data[0] = av_malloc(region->buf_size);
if (!rect->data[0]) {
ret = AVERROR(ENOMEM);
goto fail;
Reported by FlawFinder.
Line: 832
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
}
memcpy(rect->data[0], region->pbuf, region->buf_size);
if ((clut == &default_clut && ctx->compute_clut < 0) || ctx->compute_clut == 1) {
if (!region->has_computed_clut) {
compute_default_clut(ctx, region->computed_clut, rect, rect->w, rect->h);
region->has_computed_clut = 1;
Reported by FlawFinder.
Line: 840
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
region->has_computed_clut = 1;
}
memcpy(rect->data[1], region->computed_clut, sizeof(region->computed_clut));
}
i++;
}
}
Reported by FlawFinder.
Line: 1081
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!clut)
return AVERROR(ENOMEM);
memcpy(clut, &default_clut, sizeof(*clut));
clut->id = clut_id;
clut->version = -1;
clut->next = ctx->clut_list;
Reported by FlawFinder.
Line: 1393
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int x, y, v;
FILE *f;
char fname[40], fname2[40];
char command[1024];
snprintf(fname, sizeof(fname), "%s.ppm", filename);
f = fopen(fname, "w");
Reported by FlawFinder.
Line: 1394
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int x, y, v;
FILE *f;
char fname[40], fname2[40];
char command[1024];
snprintf(fname, sizeof(fname), "%s.ppm", filename);
f = fopen(fname, "w");
if (!f) {
Reported by FlawFinder.
Line: 1398
Column: 9
CWE codes:
362
snprintf(fname, sizeof(fname), "%s.ppm", filename);
f = fopen(fname, "w");
if (!f) {
perror(fname);
return;
}
fprintf(f, "P6\n"
Reported by FlawFinder.
Line: 1420
Column: 9
CWE codes:
362
snprintf(fname2, sizeof(fname2), "%s-a.pgm", filename);
f = fopen(fname2, "w");
if (!f) {
perror(fname2);
return;
}
fprintf(f, "P5\n"
Reported by FlawFinder.
libavfilter/f_ebur128.c
11 issues
Line: 248
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
else return;
va_start(vl, fmt);
vsnprintf(buf, sizeof(buf), fmt, vl);
va_end(vl);
for (i = 0; buf[i]; i++) {
int char_y, mask;
uint8_t *p = pic->data[0] + y*pic->linesize[0] + (x + i*8)*3;
Reported by FlawFinder.
Line: 862
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (ebur128->peak_mode & PEAK_MODE_ ## ptype ## _PEAKS) { \
char key[64]; \
for (ch = 0; ch < nb_channels; ch++) { \
snprintf(key, sizeof(key), \
META_PREFIX AV_STRINGIFY(name) "_peaks_ch%d", ch); \
SET_META(key, ebur128->name##_peaks[ch]); \
} \
} \
} while (0)
Reported by FlawFinder.
Line: 238
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void drawtext(AVFrame *pic, int x, int y, int ftid, const uint8_t *color, const char *fmt, ...)
{
int i;
char buf[128] = {0};
const uint8_t *font;
int font_height;
va_list vl;
if (ftid == FONT16) font = avpriv_vga16_font, font_height = 16;
Reported by FlawFinder.
Line: 258
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (char_y = 0; char_y < font_height; char_y++) {
for (mask = 0x80; mask; mask >>= 1) {
if (font[buf[i] * font_height + char_y] & mask)
memcpy(p, color, 3);
else
memcpy(p, "\x00\x00\x00", 3);
p += 3;
}
p += pic->linesize[0] - 8*3;
Reported by FlawFinder.
Line: 260
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (font[buf[i] * font_height + char_y] & mask)
memcpy(p, color, 3);
else
memcpy(p, "\x00\x00\x00", 3);
p += 3;
}
p += pic->linesize[0] - 8*3;
}
}
Reported by FlawFinder.
Line: 274
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *p = pic->data[0] + y*pic->linesize[0] + x*3;
for (i = 0; i < len; i++) {
memcpy(p, "\x00\xff\x00", 3);
p += step;
}
}
static int config_video_output(AVFilterLink *outlink)
Reported by FlawFinder.
Line: 357
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, INT_MAX, y);
for (x = 0; x < ebur128->graph.w; x++)
memcpy(p + x*3, c, 3);
p += outpicref->linesize[0];
}
/* draw fancy rectangles around the graph and the gauge */
#define DRAW_RECT(r) do { \
Reported by FlawFinder.
Line: 812
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, y_loudness_lu_graph, y);
memmove(p, p + 3, (ebur128->graph.w - 1) * 3);
memcpy(p + (ebur128->graph.w - 1) * 3, c, 3);
p += pic->linesize[0];
}
/* draw the gauge using either momentary or short-term loudness */
p = pic->data[0] + ebur128->gauge.y*pic->linesize[0] + ebur128->gauge.x*3;
Reported by FlawFinder.
Line: 822
Column: 25
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const uint8_t *c = get_graph_color(ebur128, y_loudness_lu_gauge, y);
for (x = 0; x < ebur128->gauge.w; x++)
memcpy(p + x*3, c, 3);
p += pic->linesize[0];
}
/* draw textual info */
if (ebur128->scale == SCALE_TYPE_ABSOLUTE) {
Reported by FlawFinder.
Line: 850
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (ebur128->metadata) { /* happens only once per filter_frame call */
char metabuf[128];
#define META_PREFIX "lavfi.r128."
#define SET_META(name, var) do { \
snprintf(metabuf, sizeof(metabuf), "%.3f", var); \
av_dict_set(&insamples->metadata, name, metabuf, 0); \
Reported by FlawFinder.
libavformat/libssh.c
11 issues
Line: 138
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static av_cold int libssh_open_file(LIBSSHContext *libssh, int flags, const char *file)
{
int access;
if ((flags & AVIO_FLAG_WRITE) && (flags & AVIO_FLAG_READ)) {
access = O_CREAT | O_RDWR;
if (libssh->trunc)
access |= O_TRUNC;
Reported by FlawFinder.
Line: 143
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if ((flags & AVIO_FLAG_WRITE) && (flags & AVIO_FLAG_READ)) {
access = O_CREAT | O_RDWR;
if (libssh->trunc)
access |= O_TRUNC;
} else if (flags & AVIO_FLAG_WRITE) {
access = O_CREAT | O_WRONLY;
if (libssh->trunc)
access |= O_TRUNC;
} else
Reported by FlawFinder.
Line: 147
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
} else if (flags & AVIO_FLAG_WRITE) {
access = O_CREAT | O_WRONLY;
if (libssh->trunc)
access |= O_TRUNC;
} else
access = O_RDONLY;
/* 0666 = -rw-rw-rw- = read+write for everyone, minus umask */
if (!(libssh->file = sftp_open(libssh->sftp, file, access, 0666))) {
Reported by FlawFinder.
Line: 152
Column: 56
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
access = O_RDONLY;
/* 0666 = -rw-rw-rw- = read+write for everyone, minus umask */
if (!(libssh->file = sftp_open(libssh->sftp, file, access, 0666))) {
av_log(libssh, AV_LOG_ERROR, "Error opening sftp file: %s\n", ssh_get_error(libssh->session));
return AVERROR(EIO);
}
return 0;
Reported by FlawFinder.
Line: 195
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static av_cold int libssh_connect(URLContext *h, const char *url, char *path, size_t path_size)
{
LIBSSHContext *libssh = h->priv_data;
char proto[10], hostname[1024], credencials[1024];
int port = 22, ret;
const char *user = NULL, *pass = NULL;
char *end = NULL;
av_url_split(proto, sizeof(proto),
Reported by FlawFinder.
Line: 233
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
LIBSSHContext *libssh = h->priv_data;
char path[MAX_URL_SIZE];
if ((ret = libssh_connect(h, url, path, sizeof(path))) < 0)
goto fail;
if ((ret = libssh_open_file(libssh, flags, path)) < 0)
Reported by FlawFinder.
Line: 317
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
LIBSSHContext *libssh = h->priv_data;
int ret;
char path[MAX_URL_SIZE];
if ((ret = libssh_connect(h, h->filename, path, sizeof(path))) < 0)
goto fail;
if (!(libssh->dir = sftp_opendir(libssh->sftp, path))) {
Reported by FlawFinder.
Line: 400
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret;
LIBSSHContext *libssh = h->priv_data;
sftp_attributes attr = NULL;
char path[MAX_URL_SIZE];
if ((ret = libssh_connect(h, h->filename, path, sizeof(path))) < 0)
goto cleanup;
if (!(attr = sftp_stat(libssh->sftp, path))) {
Reported by FlawFinder.
Line: 435
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
LIBSSHContext *libssh = h_src->priv_data;
char path_src[MAX_URL_SIZE], path_dst[MAX_URL_SIZE];
char hostname_src[1024], hostname_dst[1024];
char credentials_src[1024], credentials_dst[1024];
int port_src = 22, port_dst = 22;
av_url_split(NULL, 0,
Reported by FlawFinder.
Line: 436
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret;
LIBSSHContext *libssh = h_src->priv_data;
char path_src[MAX_URL_SIZE], path_dst[MAX_URL_SIZE];
char hostname_src[1024], hostname_dst[1024];
char credentials_src[1024], credentials_dst[1024];
int port_src = 22, port_dst = 22;
av_url_split(NULL, 0,
credentials_src, sizeof(credentials_src),
Reported by FlawFinder.
libavcodec/apedec.c
11 issues
Line: 825
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize and zero the coefficients */
if (ctx->fileversion < 3930) {
if (ctx->compression_level == COMPRESSION_LEVEL_FAST) {
memcpy(p->coeffsA[0], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
Reported by FlawFinder.
Line: 827
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->compression_level == COMPRESSION_LEVEL_FAST) {
memcpy(p->coeffsA[0], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
Reported by FlawFinder.
Line: 830
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p->coeffsA[1], initial_coeffs_fast_3320,
sizeof(initial_coeffs_fast_3320));
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
}
} else {
Reported by FlawFinder.
Line: 832
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(p->coeffsA[0], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
memcpy(p->coeffsA[1], initial_coeffs_a_3800,
sizeof(initial_coeffs_a_3800));
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
Reported by FlawFinder.
Line: 836
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(initial_coeffs_a_3800));
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
Reported by FlawFinder.
Line: 837
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
Reported by FlawFinder.
Line: 838
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
Reported by FlawFinder.
Line: 839
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p->coeffsA[0], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p->coeffsA[1], initial_coeffs_3930, sizeof(initial_coeffs_3930));
memcpy(p64->coeffsA[0], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
memcpy(p64->coeffsA[1], initial_coeffs_3930_64bit, sizeof(initial_coeffs_3930_64bit));
}
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
Reported by FlawFinder.
Line: 844
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(p->coeffsB, 0, sizeof(p->coeffsB));
memset(p64->coeffsB, 0, sizeof(p64->coeffsB));
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
memcpy(p->coeffsB[1], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
}
Reported by FlawFinder.
Line: 846
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->fileversion < 3930) {
memcpy(p->coeffsB[0], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
memcpy(p->coeffsB[1], initial_coeffs_b_3800,
sizeof(initial_coeffs_b_3800));
}
p->filterA[0] = p->filterA[1] = 0;
p->filterB[0] = p->filterB[1] = 0;
Reported by FlawFinder.