The following issues were found

libavfilter/af_amerge.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 91 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      }
        inlayout[i] = ctx->inputs[i]->incfg.channel_layouts->channel_layouts[0];
        if (ctx->inputs[i]->incfg.channel_layouts->nb_channel_layouts > 1) {
            char buf[256];
            av_get_channel_layout_string(buf, sizeof(buf), 0, inlayout[i]);
            av_log(ctx, AV_LOG_INFO, "Using \"%s\" for input %d\n", buf, i + 1);
        }
        s->in[i].nb_ch = FF_LAYOUT2COUNT(inlayout[i]);
        if (s->in[i].nb_ch) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 210 Column: 17 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      route_cur = route;
        for (i = 0; i < nb_inputs; i++) {
            for (c = 0; c < in[i].nb_ch; c++) {
                memcpy((*outs) + bps * *(route_cur++), ins[i], bps);
                ins[i] += bps;
            }
        }
        *outs += nb_ch * bps;
    }

Reported by FlawFinder.

libavcodec/gif.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 422 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      const uint8_t *ref = s->last_frame->data[0] + y_start*ref_linesize + x_start;

        for (y = 0; y < height; y++) {
            memcpy(s->tmpl, ptr, width);
            for (x = 0; x < width; x++)
                if (ref[x] == ptr[x])
                    s->tmpl[x] = trans;
            len += ff_lzw_encode(s->lzw, s->tmpl, width);
            ptr += linesize;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 493 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      palette = (uint32_t*)pict->data[1];

        if (!s->palette_loaded) {
            memcpy(s->palette, palette, AVPALETTE_SIZE);
            s->transparent_index = get_palette_transparency_index(palette);
            s->palette_loaded = 1;
        } else if (!memcmp(s->palette, palette, AVPALETTE_SIZE)) {
            palette = NULL;
        }

Reported by FlawFinder.

libavfilter/af_earwax.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 144 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    len = FFMIN(NUMTAPS, in->nb_samples);
    // copy part of new input and process with saved input
    memcpy(taps+NUMTAPS, src, len * sizeof(*taps));
    dst = scalarproduct(taps, taps + len, s->filter[filter_ch], dst);

    // process current input
    if (in->nb_samples >= NUMTAPS) {
        endin = src + in->nb_samples - NUMTAPS;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 153 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      scalarproduct(src, endin, s->filter[filter_ch], dst);

        // save part of input for next round
        memcpy(taps, endin, NUMTAPS * sizeof(*taps));
    } else {
        memmove(taps, taps + in->nb_samples, NUMTAPS * sizeof(*taps));
    }
}

Reported by FlawFinder.

libavfilter/af_ladspa.c
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 471 Column: 33 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                      s->dl_handle = dlopen(s->dl_name, RTLD_LOCAL|RTLD_NOW);
    } else {
        // argument is a shared object name
        char *paths = av_strdup(getenv("LADSPA_PATH"));
        const char *home_path = getenv("HOME");
        const char *separator = ":";

        if (paths) {
            p = paths;

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 472 Column: 33 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  } else {
        // argument is a shared object name
        char *paths = av_strdup(getenv("LADSPA_PATH"));
        const char *home_path = getenv("HOME");
        const char *separator = ":";

        if (paths) {
            p = paths;
            while ((arg = av_strtok(p, separator, &saveptr)) && !s->dl_handle) {

Reported by FlawFinder.

libavfilter/af_pan.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 67 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int parse_channel_name(char **arg, int *rchannel, int *rnamed)
{
    char buf[8];
    int len, i, channel_id = 0;
    int64_t layout, layout0;

    skip_spaces(arg);
    /* try to parse a channel name, e.g. "FL" */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 283 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    AVFilterContext *ctx = link->dst;
    PanContext *pan = ctx->priv;
    char buf[1024], *cur;
    int i, j, k, r;
    double t;

    if (pan->need_renumber) {
        // input channels were given by their name: renumber them

Reported by FlawFinder.

libavfilter/af_silencedetect.c
2 issues
Possible null pointer dereference: insamples
Error

Line: 87 CWE codes: 476 

                      if (s->start[channel] == INT64_MIN) {
            s->nb_null_samples[channel]++;
            if (s->nb_null_samples[channel] >= nb_samples_notify) {
                s->start[channel] = insamples->pts + av_rescale_q(current_sample / s->channels + 1 - nb_samples_notify * s->independent_channels / s->channels,
                        (AVRational){ 1, s->last_sample_rate }, time_base);
                set_meta(insamples, s->mono ? channel + 1 : 0, "silence_start",
                        av_ts2timestr(s->start[channel], &time_base));
                if (s->mono)
                    av_log(s, AV_LOG_INFO, "channel: %d | ", channel);

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void set_meta(AVFrame *insamples, int channel, const char *key, char *value)
{
    char key2[128];

    if (channel)
        snprintf(key2, sizeof(key2), "lavfi.%s.%d", key, channel);
    else
        snprintf(key2, sizeof(key2), "lavfi.%s", key);

Reported by FlawFinder.

doc/examples/avio_list_dir.c
2 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 80 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                      if (entry->filemode == -1) {
            snprintf(filemode, 4, "???");
        } else {
            snprintf(filemode, 4, "%3"PRIo64, entry->filemode);
        }
        snprintf(uid_and_gid, 20, "%"PRId64"(%"PRId64")", entry->user_id, entry->group_id);
        if (cnt == 0)
            av_log(NULL, AV_LOG_INFO, "%-9s %12s %30s %10s %s %16s %16s %16s\n",
                   "TYPE", "SIZE", "NAME", "UID(GID)", "UGO", "MODIFIED",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 62 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  AVIODirEntry *entry = NULL;
    AVIODirContext *ctx = NULL;
    int cnt, ret;
    char filemode[4], uid_and_gid[20];

    if ((ret = avio_open_dir(&ctx, input_dir, NULL)) < 0) {
        av_log(NULL, AV_LOG_ERROR, "Cannot open directory: %s.\n", av_err2str(ret));
        goto fail;
    }

Reported by FlawFinder.

libavfilter/asrc_flite.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 177 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          av_file_unmap(textbuf, textbuf_size);
            return AVERROR(ENOMEM);
        }
        memcpy(flite->text, textbuf, textbuf_size);
        flite->text[textbuf_size] = 0;
        av_file_unmap(textbuf, textbuf_size);
    }

    if (!flite->text) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 255 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if (!samplesref)
        return AVERROR(ENOMEM);

    memcpy(samplesref->data[0], flite->wave_samples,
           nb_samples * flite->wave->num_channels * 2);
    samplesref->pts = flite->pts;
    samplesref->pkt_pos = -1;
    samplesref->sample_rate = flite->wave->sample_rate;
    flite->pts += nb_samples;

Reported by FlawFinder.

libavcodec/h264_direct.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 137 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  }

    if (h->picture_structure == PICT_FRAME) {
        memcpy(cur->ref_count[1], cur->ref_count[0], sizeof(cur->ref_count[0]));
        memcpy(cur->ref_poc[1],   cur->ref_poc[0],   sizeof(cur->ref_poc[0]));
    }

    if (h->current_slice == 0) {
        cur->mbaff = FRAME_MBAFF(h);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 138 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    if (h->picture_structure == PICT_FRAME) {
        memcpy(cur->ref_count[1], cur->ref_count[0], sizeof(cur->ref_count[0]));
        memcpy(cur->ref_poc[1],   cur->ref_poc[0],   sizeof(cur->ref_poc[0]));
    }

    if (h->current_slice == 0) {
        cur->mbaff = FRAME_MBAFF(h);
    } else {

Reported by FlawFinder.

libavfilter/asrc_sinc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 62 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if (!(frame = ff_get_audio_buffer(outlink, nb_samples)))
        return AVERROR(ENOMEM);

    memcpy(frame->data[0], coeffs + s->pts, nb_samples * sizeof(float));

    frame->pts = s->pts;
    s->pts    += nb_samples;

    return ff_filter_frame(outlink, frame);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 224 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return AVERROR(ENOMEM);
    pi_wraps = &work[work_len + 2];

    memcpy(work, *h, *len * sizeof(*work));

    av_rdft_end(s->rdft);
    av_rdft_end(s->irdft);
    s->rdft = s->irdft = NULL;
    s->rdft  = av_rdft_init(av_log2(work_len), DFT_R2C);

Reported by FlawFinder.