The following issues were found

libavcodec/parser.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 232 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          return AVERROR(ENOMEM);
        }
        pc->buffer = new_buffer;
        memcpy(&pc->buffer[pc->index], *buf, *buf_size);
        pc->index += *buf_size;
        return -1;
    }

    av_assert0(next >= 0 || pc->buffer);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 255 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      }
        pc->buffer = new_buffer;
        if (next > -AV_INPUT_BUFFER_PADDING_SIZE)
            memcpy(&pc->buffer[pc->index], *buf,
                   next + AV_INPUT_BUFFER_PADDING_SIZE);
        pc->index = 0;
        *buf      = pc->buffer;
    }

Reported by FlawFinder.

libavutil/bprint.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 38 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct ff_pad_helper_##name { __VA_ARGS__ }; \
typedef struct name { \
    __VA_ARGS__ \
    char reserved_padding[size - sizeof(struct ff_pad_helper_##name)]; \
} name;

/**
 * Buffer to print data progressively
 *

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 87 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  unsigned len;      /**< length so far */
    unsigned size;     /**< allocated memory */
    unsigned size_max; /**< maximum allocated memory */
    char reserved_internal_buffer[1];
)

/**
 * Convenience macros for special values for av_bprint_init() size_max
 * parameter.

Reported by FlawFinder.

libavutil/buffer.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 162 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if (!newbuf)
        return AVERROR(ENOMEM);

    memcpy(newbuf->data, buf->data, buf->size);

    buffer_replace(pbuf, &newbuf);

    return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 204 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (ret < 0)
            return ret;

        memcpy(new->data, buf->data, FFMIN(size, buf->size));

        buffer_replace(pbuf, &new);
        return 0;
    }

Reported by FlawFinder.

libavutil/camellia.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 321 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if (iv) {
        D2 ^= AV_RB64(iv);
        D1 ^= AV_RB64(iv + 8);
        memcpy(iv, src, 16);
    }
    AV_WB64(dst, D2);
    AV_WB64(dst + 8, D1);
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 404 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                              for (i = 0; i < 16; i++)
                    dst[i] = src[i] ^ iv[i];
                camellia_encrypt(cs, dst, dst);
                memcpy(iv, dst, 16);
            } else {
                camellia_encrypt(cs, dst, src);
            }
        }
        src = src + 16;

Reported by FlawFinder.

libavutil/file.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 61 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  struct stat st;
    av_unused void *ptr;
    off_t off_size;
    char errbuf[128];
    *bufptr = NULL;
    *size = 0;

    if (fd < 0) {
        err = AVERROR(errno);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 136 Column: 5 CWE codes: 120 20 

                      *size = 0;
        return AVERROR(ENOMEM);
    }
    read(fd, *bufptr, *size);
#endif

out:
    close(fd);
    return 0;

Reported by FlawFinder.

libavutil/hash.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 208 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  unsigned rsize = av_hash_get_size(ctx);

    av_hash_final(ctx, buf);
    memcpy(dst, buf, FFMIN(size, rsize));
    if (size > rsize)
        memset(dst + rsize, 0, size - rsize);
}

void av_hash_final_hex(struct AVHashContext *ctx, uint8_t *dst, int size)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 231 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  av_hash_final(ctx, buf);
    av_base64_encode(b64, sizeof(b64), buf, rsize);
    osize = AV_BASE64_SIZE(rsize);
    memcpy(dst, b64, FFMIN(osize, size));
    if (size < osize)
        dst[size - 1] = 0;
}

void av_hash_freep(AVHashContext **ctx)

Reported by FlawFinder.

libavcodec/pcm.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 202 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  case AV_CODEC_ID_PCM_S16LE:
#endif /* HAVE_BIGENDIAN */
    case AV_CODEC_ID_PCM_U8:
        memcpy(dst, samples, n * sample_size);
        break;
#if HAVE_BIGENDIAN
    case AV_CODEC_ID_PCM_S16BE_PLANAR:
#else
    case AV_CODEC_ID_PCM_S16LE_PLANAR:

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 489 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  case AV_CODEC_ID_PCM_S16LE:
#endif /* HAVE_BIGENDIAN */
    case AV_CODEC_ID_PCM_U8:
        memcpy(samples, src, n * sample_size);
        break;
#if HAVE_BIGENDIAN
    case AV_CODEC_ID_PCM_S16BE_PLANAR:
#else
    case AV_CODEC_ID_PCM_S16LE_PLANAR:

Reported by FlawFinder.

libavcodec/dirac_parser.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 164 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (!new_buffer)
            return AVERROR(ENOMEM);
        pc->buffer = new_buffer;
        memcpy(pc->buffer + pc->index, (*buf + pc->sync_offset),
               *buf_size - pc->sync_offset);
        pc->index += *buf_size - pc->sync_offset;
        return -1;
    } else {
        /* Found a possible frame start and a  possible frame end */

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 176 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (!new_buffer)
            return AVERROR(ENOMEM);
        pc->buffer = new_buffer;
        memcpy(pc->buffer + pc->index, *buf, next);
        pc->index += next;

        /* Need to check if we have a valid Parse Unit. We can't go by the
         * sync pattern 'BBCD' alone because arithmetic coding of the residual
         * and motion data can cause the pattern triggering a false start of

Reported by FlawFinder.

libavutil/hwcontext_opencl.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 219 Column: 16 CWE codes: 126 

                      av_free(str);
        return NULL;
    }
    av_assert0(strlen(str) + 1 == size);
    return str;
}

static char *opencl_get_device_string(cl_device_id device_id,
                                      cl_device_info key)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 240 Column: 16 CWE codes: 126 

                      av_free(str);
        return NULL;
    }
    av_assert0(strlen(str) + 1== size);
    return str;
}

static int opencl_check_platform_extension(cl_platform_id platform_id,
                                           const char *name)

Reported by FlawFinder.

libavutil/hwcontext_qsv.c
2 issues
Uninitialized variable: child_data
Error

Line: 700 CWE codes: 908 

              
        dst->width   = src->width;
        dst->height  = src->height;
        dst->data[3] = child_data;

        return 0;
    }

    desc = av_pix_fmt_desc_get(dst->format);

Reported by Cppcheck.

Uninitialized variable: child_data
Error

Line: 723 CWE codes: 908 

                  dummy->format        = child_frames_ctx->format;
    dummy->width         = src->width;
    dummy->height        = src->height;
    dummy->data[3]       = child_data;

    ret = av_hwframe_map(dst, dummy, flags);

fail:
    av_frame_free(&dummy);

Reported by Cppcheck.