The following issues were found
libavcodec/opus_rc.h
1 issues
Line: 124
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(opus_rc_tell_frac(rc) - rc_rollback_bits)
#define OPUS_RC_CHECKPOINT_ROLLBACK(rc) \
memcpy(rc, &rc_rollback_ctx, sizeof(OpusRangeCoder)); \
#endif /* AVCODEC_OPUS_RC_H */
Reported by FlawFinder.
libavcodec/pafvideo.c
1 issues
Line: 365
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (frame > 3)
return AVERROR_INVALIDDATA;
if (frame != c->current_frame)
memcpy(c->frame[c->current_frame], c->frame[frame], c->frame_size);
break;
case 4:
/* Run length encoding.*/
dst = c->frame[c->current_frame];
end = dst + c->video_size;
Reported by FlawFinder.
libavcodec/pcm-dvdenc.c
1 issues
Line: 127
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret = ff_get_encode_buffer(avctx, avpkt, pkt_size, 0)) < 0)
return ret;
memcpy(avpkt->data, s->header, 3);
src16 = (const int16_t *)frame->data[0];
src32 = (const int32_t *)frame->data[0];
bytestream2_init_writer(&pb, avpkt->data + 3, avpkt->size - 3);
Reported by FlawFinder.
libavcodec/pcm_rechunk_bsf.c
1 issues
Line: 132
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
s->out_pkt->size = 0;
}
memcpy(s->out_pkt->data + s->out_pkt->size, s->in_pkt->data, drain);
s->out_pkt->size += drain;
drain_packet(s->in_pkt, drain, drain / s->sample_size);
if (!s->in_pkt->size)
av_packet_unref(s->in_pkt);
if (s->out_pkt->size == data_size) {
Reported by FlawFinder.
libavcodec/pcx.c
1 issues
Line: 186
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = pcx_rle_decode(&gb, scanline, bytes_per_scanline, compressed);
if (ret < 0)
goto end;
memcpy(ptr, scanline, w);
}
if (bytestream2_tell(&gb) != palstart) {
av_log(avctx, AV_LOG_WARNING, "image data possibly corrupted\n");
bytestream2_seek(&gb, palstart, SEEK_SET);
Reported by FlawFinder.
libavcodec/pnmdec.c
1 issues
Line: 30
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void samplecpy(uint8_t *dst, const uint8_t *src, int n, int maxval)
{
if (maxval <= 255) {
memcpy(dst, src, n);
} else {
int i;
for (i=0; i<n/2; i++) {
((uint16_t *)dst)[i] = AV_RB16(src+2*i);
}
Reported by FlawFinder.
libavcodec/ppc/mpegaudiodsp_altivec.c
1 issues
Line: 106
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float *out2 = out + 32 * incr;
/* copy to avoid wrap */
memcpy(in + 512, in, 32 * sizeof(*in));
apply_window(in + 16, win , win + 512, suma, sumc, 16);
apply_window(in + 32, win + 48, win + 640, sumb, sumd, 16);
SUM8(MLSS, suma[0], win + 32, in + 48);
Reported by FlawFinder.
libavcodec/proresenc_anatoliy.c
1 issues
Line: 838
Column: 9
CWE codes:
126
return AVERROR(EINVAL);
}
if (strlen(ctx->vendor) != 4) {
av_log(avctx, AV_LOG_ERROR, "vendor ID should be 4 bytes\n");
return AVERROR(EINVAL);
}
if (avctx->profile == FF_PROFILE_UNKNOWN) {
Reported by FlawFinder.
libavcodec/ptx.c
1 issues
Line: 73
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stride = p->linesize[0];
for (y = 0; y < h && buf_end - buf >= w * bytes_per_pixel; y++) {
memcpy(ptr, buf, w*bytes_per_pixel);
ptr += stride;
buf += w*bytes_per_pixel;
}
*got_frame = 1;
Reported by FlawFinder.
libavcodec/qdm2.c
1 issues
Line: 1468
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the tone if it has not yet died out */
if (++tone->time_index < ((1 << (5 - tone->duration)) - 1)) {
memcpy(&q->fft_tones[q->fft_tone_end], tone, sizeof(FFTTone));
q->fft_tone_end = (q->fft_tone_end + 1) % 1000;
}
}
static void qdm2_fft_tone_synthesizer(QDM2Context *q, int sub_packet)
Reported by FlawFinder.