The following issues were found

doc/examples/filtering_audio.c
2 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 111 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  /* buffer audio source: the decoded frames from the decoder will be inserted here. */
    if (!dec_ctx->channel_layout)
        dec_ctx->channel_layout = av_get_default_channel_layout(dec_ctx->channels);
    snprintf(args, sizeof(args),
            "time_base=%d/%d:sample_rate=%d:sample_fmt=%s:channel_layout=0x%"PRIx64,
             time_base.num, time_base.den, dec_ctx->sample_rate,
             av_get_sample_fmt_name(dec_ctx->sample_fmt), dec_ctx->channel_layout);
    ret = avfilter_graph_create_filter(&buffersrc_ctx, abuffersrc, "in",
                                       args, NULL, filter_graph);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 90 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int init_filters(const char *filters_descr)
{
    char args[512];
    int ret = 0;
    const AVFilter *abuffersrc  = avfilter_get_by_name("abuffer");
    const AVFilter *abuffersink = avfilter_get_by_name("abuffersink");
    AVFilterInOut *outputs = avfilter_inout_alloc();
    AVFilterInOut *inputs  = avfilter_inout_alloc();

Reported by FlawFinder.

libavcodec/libkvazaar.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 141 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      avctx->extradata_size = len_out;

        for (chunk = data_out; chunk != NULL; chunk = chunk->next) {
            memcpy(p, chunk->data, chunk->len);
            p += chunk->len;
        }

        ctx->api->chunk_free(data_out);
    }

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 249 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
        for (chunk = data_out; chunk != NULL; chunk = chunk->next) {
            av_assert0(written + chunk->len <= len_out);
            memcpy(avpkt->data + written, chunk->data, chunk->len);
            written += chunk->len;
        }

        avpkt->pts = recon_pic->pts;
        avpkt->dts = recon_pic->dts;

Reported by FlawFinder.

libavcodec/aaccoder.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 580 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    cutoff = bandwidth * 2 * wlen / avctx->sample_rate;

    memcpy(sce->band_alt, sce->band_type, sizeof(sce->band_type));
    ff_init_nextband_map(sce, nextband);
    for (w = 0; w < sce->ics.num_windows; w += sce->ics.group_len[w]) {
        int wstart = w*128;
        for (g = 0; g < sce->ics.num_swb; g++) {
            int noise_sfi;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 716 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    cutoff = bandwidth * 2 * wlen / avctx->sample_rate;

    memcpy(sce->band_alt, sce->band_type, sizeof(sce->band_type));
    for (w = 0; w < sce->ics.num_windows; w += sce->ics.group_len[w]) {
        for (g = 0; g < sce->ics.num_swb; g++) {
            float sfb_energy = 0.0f, threshold = 0.0f, spread = 2.0f;
            float min_energy = -1.0f, max_energy = 0.0f;
            const int start = sce->ics.swb_offset[g];

Reported by FlawFinder.

libavformat/apm.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 172 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return ret;

    /* Use the entire state as extradata. */
    memcpy(par->extradata, buf + 20, APM_EXTRADATA_SIZE);

    avpriv_set_pts_info(st, 64, 1, par->sample_rate);
    st->start_time  = 0;
    st->duration    = extradata.data_size *
                      (8 / par->bits_per_coded_sample) /

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 277 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                   */
    AV_WL32(buf +  0, APM_TAG_VS12); /* magic */
    AV_WL32(buf + 12, 0xFFFFFFFF);   /* unk1  */
    memcpy( buf + 20, par->extradata, APM_EXTRADATA_SIZE);
    AV_WL32(buf + 76, APM_TAG_DATA); /* data */

    avio_write(s->pb, buf, APM_FILE_EXTRADATA_SIZE);
    return 0;
}

Reported by FlawFinder.

libavformat/apngenc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 110 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (!apng->extra_data)
            return AVERROR(ENOMEM);
        apng->extra_data_size = par->extradata_size;
        memcpy(apng->extra_data, par->extradata, par->extradata_size);
    }

    return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 134 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (!apng->extra_data)
            return AVERROR(ENOMEM);
        apng->extra_data_size = side_data_size;
        memcpy(apng->extra_data, side_data, apng->extra_data_size);
    }

    if (apng->frame_number == 0 && !packet) {
        uint8_t *existing_acTL_chunk;
        uint8_t *existing_fcTL_chunk;

Reported by FlawFinder.

libavformat/argo_asf.c
2 issues
strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 365 Column: 9 CWE codes: 120 

                   * basename and lop off the extension (if any).
     */
    if (ctx->name) {
        strncpy(fhdr.name, ctx->name, sizeof(fhdr.name));
    } else {
        const char *start = av_basename(s->url);
        const char *end   = strrchr(start, '.');
        size_t      len;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 374 Column: 19 CWE codes: 126 

                      if (end)
            len = end - start;
        else
            len = strlen(start);

        memcpy(fhdr.name, start, FFMIN(len, sizeof(fhdr.name)));
    }

    chdr.num_blocks    = 0;

Reported by FlawFinder.

libavcodec/libopencore-amr.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 163 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      { 7400, MR74 },  { 7950, MR795 }, { 10200, MR102 }, { 12200, MR122 }
    };
    int i, best = -1, min_diff = 0;
    char log_buf[200];

    for (i = 0; i < 8; i++) {
        if (rates[i].rate == bitrate)
            return rates[i].mode;
        if (best < 0 || abs(rates[i].rate - bitrate) < min_diff) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 255 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          flush_buf = av_mallocz_array(avctx->frame_size, sizeof(*flush_buf));
            if (!flush_buf)
                return AVERROR(ENOMEM);
            memcpy(flush_buf, samples, frame->nb_samples * sizeof(*flush_buf));
            samples = flush_buf;
            if (frame->nb_samples < avctx->frame_size - avctx->initial_padding)
                s->enc_last_frame = -1;
        }
        if ((ret = ff_af_queue_add(&s->afq, frame)) < 0) {

Reported by FlawFinder.

libavcodec/libopenh264enc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 348 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (!avctx->extradata)
            return AVERROR(ENOMEM);
        avctx->extradata_size = size;
        memcpy(avctx->extradata, fbi.sLayerInfo[0].pBsBuf, size);
    }

    props = ff_add_cpb_side_data(avctx);
    if (!props)
        return AVERROR(ENOMEM);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 413 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    size = 0;
    for (layer = first_layer; layer < fbi.iLayerNum; layer++) {
        memcpy(avpkt->data + size, fbi.sLayerInfo[layer].pBsBuf, layer_size[layer]);
        size += layer_size[layer];
    }
    avpkt->pts = frame->pts;
    if (fbi.eFrameType == videoFrameTypeIDR)
        avpkt->flags |= AV_PKT_FLAG_KEY;

Reported by FlawFinder.

libavformat/assdec.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 38 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int ass_probe(const AVProbeData *p)
{
    char buf[13];
    FFTextReader tr;
    ff_text_init_buf(&tr, p->buf, p->buf_size);

    while (ff_text_peek_r8(&tr) == '\r' || ff_text_peek_r8(&tr) == '\n')
        ff_text_r8(&tr);

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 69 Column: 27 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

                       * number (which would be the Layer) or the form "Marked=N" (which is
         * the old SSA field, now replaced by Layer, and will lead to Layer
         * being 0 here). */
        const int layer = atoi(p + 10);

        end    = (hh2*3600LL + mm2*60LL + ss2) * 100LL + ms2;
        *start = (hh1*3600LL + mm1*60LL + ss1) * 100LL + ms1;
        *duration = end - *start;

Reported by FlawFinder.

doc/examples/filtering_video.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 94 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int init_filters(const char *filters_descr)
{
    char args[512];
    int ret = 0;
    const AVFilter *buffersrc  = avfilter_get_by_name("buffer");
    const AVFilter *buffersink = avfilter_get_by_name("buffersink");
    AVFilterInOut *outputs = avfilter_inout_alloc();
    AVFilterInOut *inputs  = avfilter_inout_alloc();

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 192 Column: 17 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

                          delay = av_rescale_q(frame->pts - last_pts,
                                 time_base, AV_TIME_BASE_Q);
            if (delay > 0 && delay < 1000000)
                usleep(delay);
        }
        last_pts = frame->pts;
    }

    /* Trivial ASCII grayscale display. */

Reported by FlawFinder.