The following issues were found
libavcodec/qdmc.c
1 issues
Line: 678
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s->buffer_offset += s->frame_size;
if (s->buffer_offset >= 32768 - s->frame_size) {
memcpy(s->buffer, &s->buffer[s->nb_channels * s->buffer_offset], 4 * s->frame_size * s->nb_channels);
s->buffer_offset = 0;
}
return 0;
}
Reported by FlawFinder.
libavcodec/ra288.c
1 issues
Line: 223
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decode(ractx, gain, cb_coef);
memcpy(out, &ractx->sp_hist[70 + 36], RA288_BLOCK_SIZE * sizeof(*out));
out += RA288_BLOCK_SIZE;
if ((i & 7) == 3) {
backward_filter(ractx, ractx->sp_hist, ractx->sp_rec, syn_window,
ractx->sp_lpc, syn_bw_tab, 36, 40, 35, 70);
Reported by FlawFinder.
libavcodec/roqaudioenc.c
1 issues
Line: 135
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
if (in && context->input_frames < 8) {
memcpy(&context->frame_buffer[context->buffered_samples * avctx->channels],
in, avctx->frame_size * avctx->channels * sizeof(*in));
context->buffered_samples += avctx->frame_size;
if (context->input_frames == 0)
context->first_pts = frame->pts;
if (context->input_frames < 7) {
Reported by FlawFinder.
libavcodec/roqvideo.c
1 issues
Line: 36
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int rows = sz;
while(rows--) {
memcpy(out, in, sz);
out += outstride;
in += instride;
}
}
Reported by FlawFinder.
libavcodec/roqvideo.h
1 issues
Line: 28
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "avcodec.h"
typedef struct roq_cell {
unsigned char y[4];
unsigned char u, v;
} roq_cell;
typedef struct roq_qcell {
int idx[4];
Reported by FlawFinder.
libavcodec/roqvideoenc.c
1 issues
Line: 164
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Macroblock support functions */
static void unpack_roq_cell(roq_cell *cell, uint8_t u[4*3])
{
memcpy(u , cell->y, 4);
memset(u+4, cell->u, 4);
memset(u+8, cell->v, 4);
}
static void unpack_roq_qcell(uint8_t cb2[], roq_qcell *qcell, uint8_t u[4*4*3])
Reported by FlawFinder.
libavcodec/rpzaenc.c
1 issues
Line: 423
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const BlockInfo *bi, int block_counter)
{
for (int y = 0; y < 4; y++) {
memcpy(dest_pixels, src_pixels, 8);
dest_pixels += bi->rowstride;
src_pixels += bi->rowstride;
}
}
Reported by FlawFinder.
libavcodec/rscc.c
1 issues
Line: 351
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Palette handling */
if (avctx->pix_fmt == AV_PIX_FMT_PAL8) {
frame->palette_has_changed = ff_copy_palette(ctx->palette, avpkt, avctx);
memcpy(frame->data[1], ctx->palette, AVPALETTE_SIZE);
}
// We only return a picture when enough of it is undamaged, this avoids copying nearly broken frames around
if (ctx->valid_pixels < ctx->inflated_size)
ctx->valid_pixels += pixel_size;
if (ctx->valid_pixels >= ctx->inflated_size * (100 - avctx->discard_damaged_percentage) / 100)
Reported by FlawFinder.
libavcodec/smc.c
1 issues
Line: 117
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int color_octet_index = 0;
/* make the palette available */
memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE);
bytestream2_skip(gb, 1);
chunk_size = bytestream2_get_be24(gb);
if (chunk_size != buf_size)
av_log(s->avctx, AV_LOG_WARNING, "MOV chunk size != encoded chunk size (%d != %d); using MOV chunk size\n",
Reported by FlawFinder.
libavcodec/sonic.c
1 issues
Line: 510
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
int *state = window + window_entries;
memcpy(state, window, window_entries * sizeof(*state));
for (i = 0; i < out_entries; i++)
{
int step = (i+1)*channels, k, j;
double xx = 0.0, xy = 0.0;
Reported by FlawFinder.