The following issues were found

libavcodec/vc1.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 600 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      } else {                                              \
            DEF;                                              \
            memcpy(&tmp, L   , sizeof(tmp));                  \
            memcpy(L   , N   , sizeof(tmp));                  \
            memcpy(N   , &tmp, sizeof(tmp));                  \
            C = N;                                            \
        }                                                     \
    } while(0)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 601 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          DEF;                                              \
            memcpy(&tmp, L   , sizeof(tmp));                  \
            memcpy(L   , N   , sizeof(tmp));                  \
            memcpy(N   , &tmp, sizeof(tmp));                  \
            C = N;                                            \
        }                                                     \
    } while(0)

    ROTATE(int tmp,             &v->last_use_ic, &v->next_use_ic, v->curr_use_ic, &v->aux_use_ic);

Reported by FlawFinder.

libavcodec/alsdec.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 955 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
        // store previous samples in case that they have to be altered
        if (*bd->store_prev_samples)
            memcpy(bd->prev_raw_samples, raw_samples - sconf->max_order,
                   sizeof(*bd->prev_raw_samples) * sconf->max_order);

        // reconstruct difference signal for prediction (joint-stereo)
        if (bd->js_blocks && bd->raw_other) {
            uint32_t *left, *right;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1003 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    // restore previous samples in case that they have been altered
    if (*bd->store_prev_samples)
        memcpy(raw_samples - sconf->max_order, bd->prev_raw_samples,
               sizeof(*raw_samples) * sconf->max_order);

    return 0;
}

Reported by FlawFinder.

libavcodec/cfhd.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 764 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
            /* Copy last line of coefficients if odd height */
            if (lowpass_height & 1) {
                memcpy(&coeff_data[lowpass_height * lowpass_width],
                       &coeff_data[(lowpass_height - 1) * lowpass_width],
                       lowpass_width * sizeof(*coeff_data));
            }

            s->plane[s->channel_num].band[0][0].read_ok = 1;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1453 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    for (int plane = 0; plane < pdst->planes; plane++) {
        memcpy(pdst->plane[plane].band, psrc->plane[plane].band, sizeof(pdst->plane[plane].band));
        memcpy(pdst->plane[plane].idwt_buf, psrc->plane[plane].idwt_buf,
               pdst->plane[plane].idwt_size * sizeof(int16_t));
    }

    return 0;
}

Reported by FlawFinder.

libavformat/lrcdec.c
2 issues
sscanf - The scanf() family's %s operation, without a limit specification, permits buffer overflows
Security

Line: 185 Column: 20 CWE codes: 120 20
Suggestion: Specify a limit to %s, or use a different input function 

              
                *right_bracket_offset = *comma_offset = '\0';
                if(strcmp(line.str + 1, "offset") ||
                   sscanf(comma_offset + 1, "%"SCNd64, &lrc->ts_offset) != 1) {
                    av_dict_set(&s->metadata, line.str + 1, comma_offset + 1, 0);
                }
                lrc->ts_offset = av_clip64(lrc->ts_offset, INT64_MIN/4, INT64_MAX/4);

                *comma_offset = ':';

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 147 Column: 36 CWE codes: 126 

                  // Metadata items exist in ff_lrc_metadata_conv
    for(metadata_item = ff_lrc_metadata_conv;
        metadata_item->native; metadata_item++) {
        size_t metadata_item_len = strlen(metadata_item->native);
        if(p->buf[offset + metadata_item_len] == ':' &&
           !memcmp(p->buf + offset, metadata_item->native, metadata_item_len)) {
            return 40;
        }
    }

Reported by FlawFinder.

libavcodec/vaapi_encode_h265.c
2 issues
Possible null pointer dereference: hprev
Error

Line: 707 CWE codes: 476 

                      hpic->pic_type       = 0;
    } else {
        av_assert0(prev);
        hpic->last_idr_frame = hprev->last_idr_frame;

        if (pic->type == PICTURE_TYPE_I) {
            hpic->slice_nal_unit = HEVC_NAL_CRA_NUT;
            hpic->slice_type     = HEVC_SLICE_I;
            hpic->pic_type       = 0;

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 108 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return AVERROR(ENOSPC);
    }

    memcpy(data, au->data, au->data_size);
    *data_len = 8 * au->data_size - au->data_bit_padding;

    return 0;
}

Reported by FlawFinder.

libavcodec/cdtoons.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 138 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          if (raw) {
                if (next_line - data < size)
                    return 1;
                memcpy(dest + x, data, size);
                data += size;
            } else {
                uint8_t color = bytestream_get_byte(&data);
                /* ignore transparent runs */
                if (color)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 398 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      c->sprites[i].active = 0;
    }

    memcpy(c->frame->data[1], c->pal, AVPALETTE_SIZE);

    if ((ret = av_frame_ref(data, c->frame)) < 0)
        return ret;

    *got_frame = 1;

Reported by FlawFinder.

doc/examples/filtering_video.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 94 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int init_filters(const char *filters_descr)
{
    char args[512];
    int ret = 0;
    const AVFilter *buffersrc  = avfilter_get_by_name("buffer");
    const AVFilter *buffersink = avfilter_get_by_name("buffersink");
    AVFilterInOut *outputs = avfilter_inout_alloc();
    AVFilterInOut *inputs  = avfilter_inout_alloc();

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 192 Column: 17 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

                          delay = av_rescale_q(frame->pts - last_pts,
                                 time_base, AV_TIME_BASE_Q);
            if (delay > 0 && delay < 1000000)
                usleep(delay);
        }
        last_pts = frame->pts;
    }

    /* Trivial ASCII grayscale display. */

Reported by FlawFinder.

libavformat/matroska.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 128 Column: 7 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  { 0 }
};

const char * const ff_matroska_video_stereo_mode[MATROSKA_VIDEO_STEREOMODE_TYPE_NB] = {
    "mono",
    "left_right",
    "bottom_top",
    "top_bottom",
    "checkerboard_rl",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 146 Column: 7 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  "block_rl",
};

const char * const ff_matroska_video_stereo_plane[MATROSKA_VIDEO_STEREO_PLANE_COUNT] = {
    "left",
    "right",
    "background",
};

Reported by FlawFinder.

libavcodec/v4l2_m2m.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 105 Column: 13 CWE codes: 362 

                  void *log_ctx = s->avctx;
    int ret;

    s->fd = open(s->devname, O_RDWR | O_NONBLOCK, 0);
    if (s->fd < 0)
        return AVERROR(errno);

    ret = v4l2_prepare_contexts(s, 1);
    if (ret < 0)

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 142 Column: 13 CWE codes: 362 

                  int ret;
    struct v4l2_format ofmt, cfmt;

    s->fd = open(s->devname, O_RDWR | O_NONBLOCK, 0);
    if (s->fd < 0)
        return AVERROR(errno);

    ret = v4l2_prepare_contexts(s, 0);
    if (ret < 0)

Reported by FlawFinder.

libavformat/jacosubdec.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 164 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    AVBPrint header;
    AVIOContext *pb = s->pb;
    char line[JSS_MAX_LINESIZE];
    JACOsubContext *jacosub = s->priv_data;
    int shift_set = 0; // only the first shift matters
    int merge_line = 0;
    int i, ret;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 212 Column: 19 CWE codes: 126 

                          continue;

        /* trim command + spaces */
        cmd_len = strlen(cmds[i]);
        if (av_strncasecmp(p, cmds[i], cmd_len) == 0)
            p += cmd_len;
        else
            p++;
        p = jss_skip_whitespace(p);

Reported by FlawFinder.