The following issues were found
plugins/obs-ffmpeg/ffmpeg-mux/ffmpeg-mux.c
6 issues
Line: 238
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char out_buffer[4096];
struct dstr out = {0};
vsnprintf(out_buffer, sizeof(out_buffer), format, args);
dstr_copy(&out, out_buffer);
if (global_stream_key && *global_stream_key) {
dstr_replace(&out, global_stream_key, "{stream_key}");
}
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct header *audio_header;
int num_audio_streams;
bool initialized;
char error[4096];
};
static void header_free(struct header *header)
{
free(header->data);
Reported by FlawFinder.
Line: 213
Column: 7
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return false;
}
*i = atoi(str);
return true;
}
static bool get_audio_params(struct audio_params *audio, int *argc,
char ***argv)
Reported by FlawFinder.
Line: 235
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
va_list args)
{
#ifdef DEBUG_FFMPEG
char out_buffer[4096];
struct dstr out = {0};
vsnprintf(out_buffer, sizeof(out_buffer), format, args);
dstr_copy(&out, out_buffer);
if (global_stream_key && *global_stream_key) {
Reported by FlawFinder.
Line: 506
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
header->size = (int)size;
header->data = malloc(size);
memcpy(header->data, data, size);
}
static void ffmpeg_mux_header(struct ffmpeg_mux *ffm, uint8_t *data,
struct ffm_packet_info *info)
{
Reported by FlawFinder.
Line: 841
Column: 16
CWE codes:
126
argv = malloc(argc * sizeof(char *));
for (int i = 0; i < argc; i++) {
size_t len = wcslen(argv_w[i]);
int size;
size = WideCharToMultiByte(CP_UTF8, 0, argv_w[i], (int)len,
NULL, 0, NULL, NULL);
argv[i] = malloc(size + 1);
Reported by FlawFinder.
plugins/obs-qsv11/libmfx/src/mfx_dispatcher_log.cpp
6 issues
Line: 224
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
#if _MSC_VER >= 1400
vsprintf_s(msg_formated, sizeof(msg_formated)/sizeof(msg_formated[0]), msg, argptr);
#else
vsnprintf(msg_formated, sizeof(msg_formated)/sizeof(msg_formated[0]), msg, argptr);
#endif
//TODO: improve this , add opcode handling
printf("%s %s", CODE_TO_STRING(level, LevelStrings), msg_formated);
}
break;
Reported by FlawFinder.
Line: 306
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
#if _MSC_VER >= 1400
vsprintf_s(msg_formated, sizeof (msg_formated) / sizeof (msg_formated[0]), msg, argptr);
#else
vsnprintf(msg_formated, sizeof (msg_formated) / sizeof (msg_formated[0]), msg, argptr);
#endif
EventDataDescCreate(&data_descriptor, msg_formated, (ULONG)(strlen(msg_formated) + 1));
}else
{
EventDataDescCreate(&data_descriptor, NULL, 0);
Reported by FlawFinder.
Line: 418
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (NULL != m_hdl && NULL != msg)
{
fprintf(m_hdl, "%s", CODE_TO_STRING(level, LevelStrings));
vfprintf(m_hdl, msg, argptr);
}
}
#endif
//////////////////////////////////////////////////////////////////////////
Reported by FlawFinder.
Line: 217
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case DL_SINK_PRINTF:
{
char msg_formated[8048] = {0};
if (NULL != msg && level != DL_LOADED_LIBRARY)
{
#if _MSC_VER >= 1400
vsprintf_s(msg_formated, sizeof(msg_formated)/sizeof(msg_formated[0]), msg, argptr);
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return;
}
char msg_formated[1024];
EVENT_DESCRIPTOR descriptor;
EVENT_DATA_DESCRIPTOR data_descriptor;
EventDescZero(&descriptor);
Reported by FlawFinder.
Line: 308
Column: 77
CWE codes:
126
#else
vsnprintf(msg_formated, sizeof (msg_formated) / sizeof (msg_formated[0]), msg, argptr);
#endif
EventDataDescCreate(&data_descriptor, msg_formated, (ULONG)(strlen(msg_formated) + 1));
}else
{
EventDataDescCreate(&data_descriptor, NULL, 0);
}
}else
Reported by FlawFinder.
deps/blake2/src/blake2-impl.h
6 issues
Line: 37
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
#if defined(NATIVE_LITTLE_ENDIAN)
uint32_t w;
memcpy(&w, src, sizeof w);
return w;
#else
const uint8_t *p = ( const uint8_t * )src;
return (( uint32_t )( p[0] ) << 0) |
(( uint32_t )( p[1] ) << 8) |
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
#if defined(NATIVE_LITTLE_ENDIAN)
uint64_t w;
memcpy(&w, src, sizeof w);
return w;
#else
const uint8_t *p = ( const uint8_t * )src;
return (( uint64_t )( p[0] ) << 0) |
(( uint64_t )( p[1] ) << 8) |
Reported by FlawFinder.
Line: 71
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
#if defined(NATIVE_LITTLE_ENDIAN)
uint16_t w;
memcpy(&w, src, sizeof w);
return w;
#else
const uint8_t *p = ( const uint8_t * )src;
return (( uint16_t )( p[0] ) << 0) |
(( uint16_t )( p[1] ) << 8) ;
Reported by FlawFinder.
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static BLAKE2_INLINE void store16( void *dst, uint16_t w )
{
#if defined(NATIVE_LITTLE_ENDIAN)
memcpy(dst, &w, sizeof w);
#else
uint8_t *p = ( uint8_t * )dst;
*p++ = ( uint8_t )w; w >>= 8;
*p++ = ( uint8_t )w;
#endif
Reported by FlawFinder.
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static BLAKE2_INLINE void store32( void *dst, uint32_t w )
{
#if defined(NATIVE_LITTLE_ENDIAN)
memcpy(dst, &w, sizeof w);
#else
uint8_t *p = ( uint8_t * )dst;
p[0] = (uint8_t)(w >> 0);
p[1] = (uint8_t)(w >> 8);
p[2] = (uint8_t)(w >> 16);
Reported by FlawFinder.
Line: 107
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static BLAKE2_INLINE void store64( void *dst, uint64_t w )
{
#if defined(NATIVE_LITTLE_ENDIAN)
memcpy(dst, &w, sizeof w);
#else
uint8_t *p = ( uint8_t * )dst;
p[0] = (uint8_t)(w >> 0);
p[1] = (uint8_t)(w >> 8);
p[2] = (uint8_t)(w >> 16);
Reported by FlawFinder.
UI/platform-windows.cpp
6 issues
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
string GetDefaultVideoSavePath()
{
wchar_t path_utf16[MAX_PATH];
char path_utf8[MAX_PATH] = {};
SHGetFolderPathW(NULL, CSIDL_MYVIDEO, NULL, SHGFP_TYPE_CURRENT,
path_utf16);
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
string GetDefaultVideoSavePath()
{
wchar_t path_utf16[MAX_PATH];
char path_utf8[MAX_PATH] = {};
SHGetFolderPathW(NULL, CSIDL_MYVIDEO, NULL, SHGFP_TYPE_CURRENT,
path_utf16);
os_wcs_to_utf8(path_utf16, wcslen(path_utf16), path_utf8, MAX_PATH);
Reported by FlawFinder.
Line: 101
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (result.size() == num)
break;
char conv[MAX_PATH] = {};
os_wcs_to_utf8(&*start, separator - start, conv, MAX_PATH);
result.emplace_back(conv);
start = separator + 1;
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!portable_mode) {
name = "OBSStudioCore";
} else {
char path[500];
char absPath[512];
*path = 0;
*absPath = 0;
GetConfigPath(path, sizeof(path), "");
os_get_abs_path(path, absPath, sizeof(absPath));
Reported by FlawFinder.
Line: 304
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
name = "OBSStudioCore";
} else {
char path[500];
char absPath[512];
*path = 0;
*absPath = 0;
GetConfigPath(path, sizeof(path), "");
os_get_abs_path(path, absPath, sizeof(absPath));
name = "OBSStudioPortable";
Reported by FlawFinder.
Line: 75
Column: 29
CWE codes:
126
SHGetFolderPathW(NULL, CSIDL_MYVIDEO, NULL, SHGFP_TYPE_CURRENT,
path_utf16);
os_wcs_to_utf8(path_utf16, wcslen(path_utf16), path_utf8, MAX_PATH);
return string(path_utf8);
}
static vector<string> GetUserPreferredLocales()
{
Reported by FlawFinder.
UI/window-basic-settings.cpp
6 issues
Line: 126
}
};
}
Q_DECLARE_METATYPE(FormatDesc)
Q_DECLARE_METATYPE(CodecDesc)
static inline bool ResTooHigh(uint32_t cx, uint32_t cy)
{
return cx > 16384 || cy > 16384;
Reported by Cppcheck.
Line: 604
&OBSBasicSettings::ToggleDisableAero);
}
#define PROCESS_PRIORITY(val) \
{ \
"Basic.Settings.Advanced.General.ProcessPriority."##val, val \
}
static struct ProcessPriority {
Reported by Cppcheck.
Line: 1168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ui->theme->clear();
QSet<QString> uniqueSet;
string themeDir;
char userThemeDir[512];
int ret = GetConfigPath(userThemeDir, sizeof(userThemeDir),
"obs-studio/themes/");
GetDataFilePath("themes/", themeDir);
/* Check user dir first. */
Reported by FlawFinder.
Line: 1828
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
OBSPropertiesView *view;
if (path) {
char encoderJsonPath[512];
int ret = GetProfilePath(encoderJsonPath,
sizeof(encoderJsonPath), path);
if (ret > 0) {
obs_data_t *data = obs_data_create_from_json_file_safe(
encoderJsonPath, "bak");
Reported by FlawFinder.
Line: 3296
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void WriteJsonData(OBSPropertiesView *view, const char *path)
{
char full_path[512];
if (!view || !WidgetChanged(view))
return;
int ret = GetProfilePath(full_path, sizeof(full_path), path);
Reported by FlawFinder.
Line: 4630
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!settings)
return;
char encoderJsonPath[512];
int ret = GetProfilePath(encoderJsonPath,
sizeof(encoderJsonPath),
"recordEncoder.json");
if (ret > 0) {
obs_data_t *data = obs_data_create_from_json_file_safe(
Reported by FlawFinder.
deps/w32-pthreads/pthread_cond_init.c
6 issues
Line: 145
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
Reported by Cppcheck.
Line: 145
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
Reported by Cppcheck.
Line: 145
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
Reported by Cppcheck.
Line: 146
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
}
Reported by Cppcheck.
Line: 146
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
}
Reported by Cppcheck.
Line: 146
CWE codes:
476
ptw32_mcs_lock_acquire(&ptw32_cond_list_lock, &node);
cv->next = NULL;
cv->prev = ptw32_cond_list_tail;
if (ptw32_cond_list_tail != NULL)
{
ptw32_cond_list_tail->next = cv;
}
Reported by Cppcheck.
plugins/obs-outputs/librtmp/parseurl.c
6 issues
Line: 119
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
unsigned int p2;
p++;
p2 = atoi(p);
if(p2 > 65535)
{
RTMP_Log(RTMP_LOGWARNING, "Invalid port number!");
}
else
Reported by FlawFinder.
Line: 231
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
if (strncmp(ppstart, "mp4:", 4))
{
strcpy(destptr, "mp4:");
destptr += 4;
}
else
{
subExt = 0;
Reported by FlawFinder.
Line: 243
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
if (strncmp(ppstart, "mp3:", 4))
{
strcpy(destptr, "mp3:");
destptr += 4;
}
else
{
subExt = 0;
Reported by FlawFinder.
Line: 85
Column: 17
CWE codes:
126
return FALSE;
}
end = p + strlen(p);
v6 = strchr(p, ']');
// ques = strchr(p, '?');
slash = strchr(p, '/');
col = strchr((v6 && v6 < slash) ? v6 : p, ':');
Reported by FlawFinder.
Line: 139
Column: 24
CWE codes:
126
//just.. whatever.
app->av_val = p;
app->av_len = (int)strlen(p);
if(app->av_len && p[app->av_len-1] == '/')
app->av_len--;
RTMP_Log(RTMP_LOGDEBUG, "Parsed app : %.*s", app->av_len, p);
Reported by FlawFinder.
Line: 187
Column: 22
CWE codes:
126
(temp=strstr(ppstart, "slist=")) != 0)
{
ppstart = temp+6;
pplen = (int)strlen(ppstart);
temp = strchr(ppstart, '&');
if (temp)
{
pplen = temp-ppstart;
Reported by FlawFinder.
plugins/obs-ffmpeg/obs-ffmpeg-vaapi.c
6 issues
Line: 555
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
char path[32] = "/dev/dri/renderD1";
for (int i = 28;; i++) {
sprintf(path, "/dev/dri/renderD1%d", i);
if (access(path, F_OK) == 0) {
char card[128] = "Card: ";
sprintf(card, "Card%d: %s", i - 28, path);
obs_property_list_add_string(list, card, path);
} else {
break;
Reported by FlawFinder.
Line: 557
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(path, "/dev/dri/renderD1%d", i);
if (access(path, F_OK) == 0) {
char card[128] = "Card: ";
sprintf(card, "Card%d: %s", i - 28, path);
obs_property_list_add_string(list, card, path);
} else {
break;
}
}
Reported by FlawFinder.
Line: 394
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int pos_frame = y * frame_rowsize;
int pos_pic = y * pic_rowsize;
memcpy(pic->data[plane] + pos_pic,
frame->data[plane] + pos_frame, bytes);
}
}
}
Reported by FlawFinder.
Line: 552
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
obs_module_text("VAAPI.Device"),
OBS_COMBO_TYPE_LIST,
OBS_COMBO_FORMAT_STRING);
char path[32] = "/dev/dri/renderD1";
for (int i = 28;; i++) {
sprintf(path, "/dev/dri/renderD1%d", i);
if (access(path, F_OK) == 0) {
char card[128] = "Card: ";
sprintf(card, "Card%d: %s", i - 28, path);
Reported by FlawFinder.
Line: 554
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
OBS_COMBO_FORMAT_STRING);
char path[32] = "/dev/dri/renderD1";
for (int i = 28;; i++) {
sprintf(path, "/dev/dri/renderD1%d", i);
if (access(path, F_OK) == 0) {
char card[128] = "Card: ";
sprintf(card, "Card%d: %s", i - 28, path);
obs_property_list_add_string(list, card, path);
} else {
Reported by FlawFinder.
Line: 556
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (int i = 28;; i++) {
sprintf(path, "/dev/dri/renderD1%d", i);
if (access(path, F_OK) == 0) {
char card[128] = "Card: ";
sprintf(card, "Card%d: %s", i - 28, path);
obs_property_list_add_string(list, card, path);
} else {
break;
}
Reported by FlawFinder.
plugins/obs-outputs/net-if.c
6 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_storage *byte_address)
{
int family = byte_address->ss_family;
char temp_char[INET6_ADDRSTRLEN] = {0};
#ifndef _WIN32
if (family == AF_INET)
inet_ntop(family,
&(((struct sockaddr_in *)byte_address)->sin_addr),
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void netif_push(struct sockaddr *copy_source,
struct netif_saddr_data *saddr_d, const char *adapter)
{
char temp_char[INET6_ADDRSTRLEN] = {0};
struct sockaddr_storage sa = {0};
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
Reported by FlawFinder.
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr_storage sa = {0};
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in6));
netif_convert_to_string(temp_char, &sa);
netif_saddr_data_push_back(saddr_d, temp_char, adapter);
Reported by FlawFinder.
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in6));
netif_convert_to_string(temp_char, &sa);
netif_saddr_data_push_back(saddr_d, temp_char, adapter);
}
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ifaddrs *ifaddr, *ifa;
unsigned int family, s;
char host[NI_MAXHOST];
if (getifaddrs(&ifaddr) == -1) {
warn("getifaddrs() failed");
return;
}
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
InetNtopA(family, &(((SOCKADDR_IN6 *)byte_address)->sin6_addr),
temp_char, INET6_ADDRSTRLEN);
#endif
strncpy(dest, temp_char, INET6_ADDRSTRLEN);
}
static void netif_push(struct sockaddr *copy_source,
struct netif_saddr_data *saddr_d, const char *adapter)
{
Reported by FlawFinder.
plugins/obs-qsv11/QSV_Encoder_Internal.cpp
6 issues
Line: 362
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int i = 0; i < m_nSurfNum; i++) {
m_pmfxSurfaces[i] = new mfxFrameSurface1;
memset(m_pmfxSurfaces[i], 0, sizeof(mfxFrameSurface1));
memcpy(&(m_pmfxSurfaces[i]->Info),
&(m_mfxEncParams.mfx.FrameInfo),
sizeof(mfxFrameInfo));
m_pmfxSurfaces[i]->Data.MemId = m_mfxResponse.mids[i];
}
} else {
Reported by FlawFinder.
Line: 378
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int i = 0; i < m_nSurfNum; i++) {
m_pmfxSurfaces[i] = new mfxFrameSurface1;
memset(m_pmfxSurfaces[i], 0, sizeof(mfxFrameSurface1));
memcpy(&(m_pmfxSurfaces[i]->Info),
&(m_mfxEncParams.mfx.FrameInfo),
sizeof(mfxFrameInfo));
mfxU8 *pSurface = (mfxU8 *)new mfxU8[surfaceSize];
m_pmfxSurfaces[i]->Data.Y = pSurface;
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// load Y plane
for (i = 0; i < h; i++)
memcpy(ptr + i * pitch, pDataY + i * strideY, w);
// load UV plane
h /= 2;
ptr = pData->UV + pInfo->CropX + (pInfo->CropY / 2) * pitch;
Reported by FlawFinder.
Line: 492
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = pData->UV + pInfo->CropX + (pInfo->CropY / 2) * pitch;
for (i = 0; i < h; i++)
memcpy(ptr + i * pitch, pDataUV + i * strideUV, w);
return MFX_ERR_NONE;
}
int QSV_Encoder_Internal::GetFreeTaskIndex(Task *pTaskPool, mfxU16 nPoolSize)
Reported by FlawFinder.
Line: 534
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MSDK_CHECK_RESULT(sts, MFX_ERR_NONE, sts);
mfxU8 *pTemp = m_outBitstream.Data;
memcpy(&m_outBitstream, &m_pTaskPool[m_nFirstSyncTask].mfxBS,
sizeof(mfxBitstream));
m_pTaskPool[m_nFirstSyncTask].mfxBS.Data = pTemp;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataLength = 0;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataOffset = 0;
Reported by FlawFinder.
Line: 621
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MSDK_CHECK_RESULT(sts, MFX_ERR_NONE, sts);
mfxU8 *pTemp = m_outBitstream.Data;
memcpy(&m_outBitstream, &m_pTaskPool[m_nFirstSyncTask].mfxBS,
sizeof(mfxBitstream));
m_pTaskPool[m_nFirstSyncTask].mfxBS.Data = pTemp;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataLength = 0;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataOffset = 0;
Reported by FlawFinder.