Correctness
The code must be valid. It must not crash, abort, access invalid pointers, leak memory, cause data races or signed integer overflow, or otherwise cause undefined behaviour. Error codes should be checked and, when applicable, forwarded to the caller.
Thread- and library-safety
Our libraries may be called by multiple independent callers in the same process. These calls may happen from any number of threads and the different call sites may not be aware of each other - e.g. a user program may be calling our libraries directly, and use one or more libraries that also call our libraries. The code must behave correctly under such conditions.
Robustness
The code must treat as untrusted any bytestream received from a caller or read from a file, network, etc. It must not misbehave when arbitrary data is sent to it - typically it should print an error message and return AVERROR_INVALIDDATA on encountering invalid input data.
Memory allocation
The code must use the av_malloc() family of functions from libavutil/mem.h to perform all memory allocation, except in special cases (e.g. when interacting with an external library that requires a specific allocator to be used).
All allocations should be checked and AVERROR(ENOMEM) returned on failure. A common mistake is that error paths leak memory - make sure that does not happen.
stdio
Our libraries must not access the stdio streams stdin/stdout/stderr directly (e.g. via printf() family of functions), as that is not library-safe. For logging, use av_log().