The following issues were found

libavcodec/pictordec.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 215 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                              palette[i] = ff_cga_palette[ cga_mode45_index[0][i] ];
        } else {
            npal = 16;
            memcpy(palette, ff_cga_palette, npal * 4);
        }
    }
    // fill remaining palette entries
    memset(palette + npal, 0, AVPALETTE_SIZE - npal * 4);
    // skip remaining palette bytes

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 273 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      }
    } else {
        while (y >= 0 && bytestream2_get_bytes_left(&s->g) > 0) {
            memcpy(frame->data[0] + y * frame->linesize[0], s->g.buffer, FFMIN(avctx->width, bytestream2_get_bytes_left(&s->g)));
            bytestream2_skip(&s->g, avctx->width);
            y--;
        }
    }
finish:

Reported by FlawFinder.

libavcodec/pixlet.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 388 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  low   = tmp + 4;
    high  = &low[hsize + 8];

    memcpy(low, dest, size);
    memcpy(high, dest + hsize, size);

    ll = &low[hsize];
    lh = &low[hsize];
    hl = &high[hsize];

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 389 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  high  = &low[hsize + 8];

    memcpy(low, dest, size);
    memcpy(high, dest + hsize, size);

    ll = &low[hsize];
    lh = &low[hsize];
    hl = &high[hsize];
    hh = hl;

Reported by FlawFinder.

libavutil/mips/cpu.c
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 78 Column: 15 CWE codes: 362 

              
static int cpu_flags_cpuinfo(void)
{
    FILE *f = fopen("/proc/cpuinfo", "r");
    char buf[200];
    int flags = 0;

    if (!f)
        return -1;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 79 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int cpu_flags_cpuinfo(void)
{
    FILE *f = fopen("/proc/cpuinfo", "r");
    char buf[200];
    int flags = 0;

    if (!f)
        return -1;

Reported by FlawFinder.

libavutil/ppc/cpu.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 78 Column: 14 CWE codes: 362 

                  // The linux kernel could have the altivec support disabled
    // even if the cpu has it.
    int i, ret = 0;
    int fd = open("/proc/self/auxv", O_RDONLY);
    unsigned long buf[64] = { 0 };
    ssize_t count;

    if (fd < 0)
        return 0;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 85 Column: 21 CWE codes: 120 20 

                  if (fd < 0)
        return 0;

    while ((count = read(fd, buf, sizeof(buf))) > 0) {
        for (i = 0; i < count / sizeof(*buf); i += 2) {
            if (buf[i] == AT_NULL)
                goto out;
            if (buf[i] == AT_HWCAP) {
                if (buf[i + 1] & PPC_FEATURE_HAS_ALTIVEC)

Reported by FlawFinder.

libavutil/random_seed.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 74 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  clock_t init_t = 0;
    static uint64_t i = 0;
    static uint32_t buffer[512] = { 0 };
    unsigned char digest[20];
    uint64_t last_i = i;

    av_assert0(sizeof(tmp) >= av_sha_size);

    if(TEST){

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 56 Column: 11 CWE codes: 120 20 

              
    if (fd == -1)
        return -1;
    err = read(fd, dst, sizeof(*dst));
    close(fd);

    return err;
#else
    return -1;

Reported by FlawFinder.

libavutil/ripemd.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 532 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #else
    if (len >= 64 - j) {
        const uint8_t *end;
        memcpy(&ctx->buffer[j], data, (i = 64 - j));
        ctx->transform(ctx->state, ctx->buffer);
        data += i;
        len  -= i;
        end   = data + (len & ~63);
        len   = len % 64;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 542 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          ctx->transform(ctx->state, data);
        j = 0;
    }
    memcpy(&ctx->buffer[j], data, len);
#endif
}

void av_ripemd_final(AVRIPEMD* ctx, uint8_t *digest)
{

Reported by FlawFinder.

libavutil/samplefmt.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 27 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #include <string.h>

typedef struct SampleFmtInfo {
    char name[8];
    int bits;
    int planar;
    enum AVSampleFormat altform; ///< planar<->packed alternative form
} SampleFmtInfo;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 235 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    if((dst[0] < src[0] ? src[0] - dst[0] : dst[0] - src[0]) >= data_size) {
        for (i = 0; i < planes; i++)
            memcpy(dst[i] + dst_offset, src[i] + src_offset, data_size);
    } else {
        for (i = 0; i < planes; i++)
            memmove(dst[i] + dst_offset, src[i] + src_offset, data_size);
    }

Reported by FlawFinder.

libavutil/sha.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 332 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #else
    if (len >= 64 - j) {
        const uint8_t *end;
        memcpy(&ctx->buffer[j], data, (i = 64 - j));
        ctx->transform(ctx->state, ctx->buffer);
        data += i;
        len  -= i;
        end   = data + (len & ~63);
        len   = len % 64;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 342 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          ctx->transform(ctx->state, data);
        j = 0;
    }
    memcpy(&ctx->buffer[j], data, len);
#endif
}

void av_sha_final(AVSHA* ctx, uint8_t *digest)
{

Reported by FlawFinder.

libavutil/sha512.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 260 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #else
    if (len >= 128 - j) {
        const uint8_t *end;
        memcpy(&ctx->buffer[j], data, (i = 128 - j));
        sha512_transform(ctx->state, ctx->buffer);
        data += i;
        len  -= i;
        end   = data + (len & ~127);
        len   = len % 128;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 270 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          sha512_transform(ctx->state, data);
        j = 0;
    }
    memcpy(&ctx->buffer[j], data, len);
#endif
}

void av_sha512_final(AVSHA512* ctx, uint8_t *digest)
{

Reported by FlawFinder.

libavutil/tea.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 78 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (iv) {
            v0 ^= AV_RB32(iv);
            v1 ^= AV_RB32(iv + 4);
            memcpy(iv, src, 8);
        }
    } else {
        int i;
        uint32_t sum = 0, delta = 0x9E3779B9U;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 113 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                              for (i = 0; i < 8; i++)
                    dst[i] = src[i] ^ iv[i];
                tea_crypt_ecb(ctx, dst, dst, decrypt, NULL);
                memcpy(iv, dst, 8);
            } else {
                tea_crypt_ecb(ctx, dst, src, decrypt, NULL);
            }
            src   += 8;
            dst   += 8;

Reported by FlawFinder.