The following issues were found

libavcodec/vp8dsp.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 474 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {                                                                             \
    int i;                                                                    \
    for (i = 0; i < h; i++, dst += dststride, src += srcstride)               \
        memcpy(dst, src, WIDTH);                                              \
}

PUT_PIXELS(16)
PUT_PIXELS(8)
PUT_PIXELS(4)

Reported by FlawFinder.

libavcodec/vp9_superframe_bsf.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 67 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return res;
    ptr = out->data;
    for (n = 0; n < n_in; n++) {
        memcpy(ptr, in[n]->data, in[n]->size);
        ptr += in[n]->size;
    }

#define wloop(mag, wr) \
    do { \

Reported by FlawFinder.

libavcodec/webvttdec.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 54 Column: 32 CWE codes: 126 

              
        for (i = 0; i < FF_ARRAY_ELEMS(webvtt_tag_replace); i++) {
            const char *from = webvtt_tag_replace[i].from;
            const size_t len = strlen(from);
            if (!strncmp(p, from, len)) {
                av_bprintf(buf, "%s", webvtt_tag_replace[i].to);
                p += len;
                again = 1;
                break;

Reported by FlawFinder.

libavcodec/wmaenc.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 120 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  float n            = 2.0 * 32768.0 / window_len;

    for (ch = 0; ch < avctx->channels; ch++) {
        memcpy(s->output, s->frame_out[ch], window_len * sizeof(*s->output));
        s->fdsp->vector_fmul_scalar(s->frame_out[ch], audio[ch], n, len);
        s->fdsp->vector_fmul_reverse(&s->output[window_len], s->frame_out[ch],
                                    win, len);
        s->fdsp->vector_fmul(s->frame_out[ch], s->frame_out[ch], win, len);
        mdct->mdct_calc(mdct, s->coefs[ch], s->output);

Reported by FlawFinder.

libavcodec/xbmdec.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 46 Column: 18 CWE codes: 126 

              
static int parse_str_int(const uint8_t *p, const uint8_t *end, const uint8_t *key)
{
    int keylen = strlen(key);
    const uint8_t *e = end - keylen;

    for(; p < e; p++) {
        if (!memcmp(p, key, keylen))
            break;

Reported by FlawFinder.

libavdevice/alsa.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 276 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
    if (channels > 2 && layout) {
        if (find_reorder_func(s, *codec_id, layout, mode == SND_PCM_STREAM_PLAYBACK) < 0) {
            char name[128];
            av_get_channel_layout_string(name, sizeof(name), channels, layout);
            av_log(ctx, AV_LOG_WARNING, "ALSA channel layout unknown or unimplemented for %s %s.\n",
                   name, mode == SND_PCM_STREAM_PLAYBACK ? "playback" : "capture");
        }
        if (s->reorder_func) {

Reported by FlawFinder.

libavdevice/decklink_common.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 291 Column: 53 CWE codes: 126 

              
    char format_buf[] = "    ";
    if (cctx->format_code)
        memcpy(format_buf, cctx->format_code, FFMIN(strlen(cctx->format_code), sizeof(format_buf)));
    BMDDisplayMode target_mode = (BMDDisplayMode)AV_RB32(format_buf);
    AVRational target_tb = av_make_q(tb_num, tb_den);
    ctx->bmd_mode = bmdModeUnknown;
    while ((ctx->bmd_mode == bmdModeUnknown) && itermode->Next(&mode) == S_OK) {
        BMDTimeValue bmd_tb_num, bmd_tb_den;

Reported by FlawFinder.

libavdevice/decklink_common.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 60 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #elif defined(__APPLE__)
static char *dup_cfstring_to_utf8(CFStringRef w)
{
    char s[256];
    CFStringGetCString(w, s, 255, kCFStringEncodingUTF8);
    return av_strdup(s);
}
#define DECKLINK_STR    const __CFString *
#define DECKLINK_STRDUP dup_cfstring_to_utf8

Reported by FlawFinder.

libavdevice/dshow_common.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 32 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      pbFormat = CoTaskMemAlloc(src->cbFormat);
        if (!pbFormat)
            return E_OUTOFMEMORY;
        memcpy(pbFormat, src->pbFormat, src->cbFormat);
    }

    *dst = *src;
    dst->pUnk = NULL;
    dst->pbFormat = pbFormat;

Reported by FlawFinder.

libavdevice/dshow_filter.c
1 issues
wcscpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 138 Column: 9 CWE codes: 120
Suggestion: Consider using a function version that stops copying at the end of the buffer 

              
    this->info.pGraph = graph;
    if (name)
        wcscpy(this->info.achName, name);

    return S_OK;
}
long ff_dshow_filter_QueryVendorInfo(DShowFilter *this, wchar_t **info)
{

Reported by FlawFinder.