Copy and Paste Errors Afflict FFmpeg

Posted on



Copy and paste errors are bugs caused by misuse of local reuse of code by simple editor copy and paste commands. As we discussed in a previous post, it’s probably the most common form of code reuse but it’s plagued with potential errors. It is especially problematic if the copied code is edited incorrectly. These bugs are hard to detect, which is where advanced static analysis tools come in and CodeSonar has the capability to detect subtle differences between the copied and pasted code. In our previous post we discussed problems found in Postgres, Open Office, and llvm, we have discovered some copy and paste errors in FFmpeg (a popular open source video conversion and transcoding application.)

The first example is a copy and paste error in a file video.c in FFmpeg:

ffmpeg copy and paste 1

A close up of the error report:

ffmpeg copy and paste 1 - close up

As you can see, the copied code performs identical operations but to the frame_height instead of frame_width variable, except there’s a case where the developer forgot to change it and the frame_x on the same line. CodeSonar has detected copy and pasted code and the fact the changes weren’t consistent in the pasted code. This error was reported to the FFmpeg project as bug report #8339 and has been fixed.

Consider another example in the file ansi.c; the copied code is using bg instead of fg in the original – certainly an error that’s easy to overlook! This was also reported as bug report #8340.

ffmpeg copy and paste 2

A close up:

ffmpeg copy and paste 2 close up


Copying and pasting code is the most common form of re-use in software development but is prone to easily overlooked mistakes. It would be better if developers avoided the practice and refactored code instead, but this is often impractical. Automated detection with static analysis alleviates the problem to some extent, by finding the errors resulting from this practice, before they make it into the final product (as they have in these examples).

Interested in learning more? Read our guide “Advanced Static Analysis for C++”


Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now