The following issues were found
libavcodec/speedhq.c
1 issues
Line: 213
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (x = 0; x < 16; x++) {
last_alpha[x] -= block[y * 16 + x];
}
memcpy(dest, last_alpha, 16);
dest += linesize;
}
return 0;
}
Reported by FlawFinder.
libavcodec/sunrast.c
1 issues
Line: 173
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (y = 0; y < h; y++) {
if (buf_end - buf < alen)
break;
memcpy(ptr, buf, len);
ptr += stride;
buf += alen;
}
}
if (avctx->pix_fmt == AV_PIX_FMT_PAL8 && depth < 8) {
Reported by FlawFinder.
libavcodec/targa.c
1 issues
Line: 90
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count -= n;
x += n;
do {
memcpy(dst, tmp, depth);
dst += depth;
} while (--n);
if (x == w) {
x = 0;
dst = line = advance_line(start, line, stride, &y, h, interleave);
Reported by FlawFinder.
libavcodec/tests/motion.c
1 issues
Line: 38
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
#include "libavutil/mem.h"
#include "libavutil/time.h"
#undef printf
#define WIDTH 64
#define HEIGHT 64
static uint8_t img1[WIDTH * HEIGHT];
Reported by FlawFinder.
libavcodec/tests/snowenc.c
1 issues
Line: 25
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef malloc
#undef free
#undef printf
#include "libavutil/lfg.h"
#include "libavutil/mathematics.h"
int main(void){
Reported by FlawFinder.
libavcodec/tmv.c
1 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst = frame->data[0];
frame->palette_has_changed = 1;
memcpy(frame->data[1], ff_cga_palette, 16 * 4);
memset(frame->data[1] + 16 * 4, 0, AVPALETTE_SIZE - 16 * 4);
for (y = 0; y < char_rows; y++) {
for (x = 0; x < char_cols; x++) {
c = *src++;
Reported by FlawFinder.
libavcodec/trace_headers_bsf.c
1 issues
Line: 73
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
TraceHeadersContext *ctx = bsf->priv_data;
CodedBitstreamFragment *frag = &ctx->fragment;
char tmp[256] = { 0 };
int err;
err = ff_bsf_get_packet_ref(bsf, pkt);
if (err < 0)
return err;
Reported by FlawFinder.
libavcodec/truespeech.c
1 issues
Line: 135
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for(i = 0; i < 8; i++){
if(i > 0){
memcpy(tmp, dec->cvector, i * sizeof(*tmp));
for(j = 0; j < i; j++)
dec->cvector[j] += (tmp[i - j - 1] * dec->vector[i] + 0x4000) >> 15;
}
dec->cvector[i] = (8 - dec->vector[i]) >> 3;
}
Reported by FlawFinder.
libavcodec/tscc.c
1 issues
Line: 112
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* make the palette available on the way out */
if (c->avctx->pix_fmt == AV_PIX_FMT_PAL8) {
frame->palette_has_changed = palette_has_changed;
memcpy(frame->data[1], c->pal, AVPALETTE_SIZE);
}
if ((ret = av_frame_ref(data, frame)) < 0)
return ret;
*got_frame = 1;
Reported by FlawFinder.
libavcodec/tta.c
1 issues
Line: 93
Column: 27
CWE codes:
126
static uint64_t tta_check_crc64(uint8_t *pass)
{
uint64_t crc = UINT64_MAX, poly = 0x42F0E1EBA9EA3693U;
uint8_t *end = pass + strlen(pass);
int i;
while (pass < end) {
crc ^= (uint64_t)*pass++ << 56;
for (i = 0; i < 8; i++)
Reported by FlawFinder.