The following issues were found
libobs/media-io/video-matrices.c
5 issues
Line: 182
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
int full_range = range == VIDEO_RANGE_FULL ? 1 : 0;
memcpy(matrix, format_info[i].matrix[full_range],
sizeof(float) * 16);
if (range == VIDEO_RANGE_FULL) {
if (range_min)
memcpy(range_min, full_min, sizeof(float) * 3);
Reported by FlawFinder.
Line: 187
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (range == VIDEO_RANGE_FULL) {
if (range_min)
memcpy(range_min, full_min, sizeof(float) * 3);
if (range_max)
memcpy(range_max, full_max, sizeof(float) * 3);
return true;
}
Reported by FlawFinder.
Line: 189
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (range_min)
memcpy(range_min, full_min, sizeof(float) * 3);
if (range_max)
memcpy(range_max, full_max, sizeof(float) * 3);
return true;
}
if (range_min)
memcpy(range_min, format_info[i].float_range_min,
Reported by FlawFinder.
Line: 194
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (range_min)
memcpy(range_min, format_info[i].float_range_min,
sizeof(float) * 3);
if (range_max)
memcpy(range_max, format_info[i].float_range_max,
sizeof(float) * 3);
Reported by FlawFinder.
Line: 198
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(float) * 3);
if (range_max)
memcpy(range_max, format_info[i].float_range_max,
sizeof(float) * 3);
return true;
}
return false;
Reported by FlawFinder.
deps/w32-pthreads/pthread_win32_attach_detach_np.c
5 issues
Line: 81
Column: 23
CWE codes:
829
20
Suggestion:
Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library
(void) strncat(QuserExDLLPathBuf,
"\\QUSEREX.DLL",
sizeof(QuserExDLLPathBuf) - strlen(QuserExDLLPathBuf) - 1);
ptw32_h_quserex = LoadLibrary(QuserExDLLPathBuf);
}
#else
/* strncat is secure - this is just to avoid a warning */
if(GetSystemDirectory(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf) / sizeof(TCHAR)) &&
0 == _tcsncat_s(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf) / sizeof(TCHAR), TEXT("\\QUSEREX.DLL"), 12))
Reported by FlawFinder.
Line: 88
Column: 23
CWE codes:
829
20
Suggestion:
Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library
if(GetSystemDirectory(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf) / sizeof(TCHAR)) &&
0 == _tcsncat_s(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf) / sizeof(TCHAR), TEXT("\\QUSEREX.DLL"), 12))
{
ptw32_h_quserex = LoadLibrary(QuserExDLLPathBuf);
}
#endif
if (ptw32_h_quserex != NULL)
{
Reported by FlawFinder.
Line: 50
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BOOL
pthread_win32_process_attach_np ()
{
TCHAR QuserExDLLPathBuf[1024];
BOOL result = TRUE;
result = ptw32_processInitialize ();
#if defined(_UWIN)
Reported by FlawFinder.
Line: 78
Column: 12
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
#if defined(__GNUC__) || _MSC_VER < 1400
if(GetSystemDirectory(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf)))
{
(void) strncat(QuserExDLLPathBuf,
"\\QUSEREX.DLL",
sizeof(QuserExDLLPathBuf) - strlen(QuserExDLLPathBuf) - 1);
ptw32_h_quserex = LoadLibrary(QuserExDLLPathBuf);
}
#else
Reported by FlawFinder.
Line: 80
Column: 48
CWE codes:
126
{
(void) strncat(QuserExDLLPathBuf,
"\\QUSEREX.DLL",
sizeof(QuserExDLLPathBuf) - strlen(QuserExDLLPathBuf) - 1);
ptw32_h_quserex = LoadLibrary(QuserExDLLPathBuf);
}
#else
/* strncat is secure - this is just to avoid a warning */
if(GetSystemDirectory(QuserExDLLPathBuf, sizeof(QuserExDLLPathBuf) / sizeof(TCHAR)) &&
Reported by FlawFinder.
plugins/obs-filters/noise-suppress-filter.c
5 issues
Line: 597
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
size_t size = strlen(sdk_path) + strlen(file) + 1;
char *buffer = (char *)bmalloc(size);
strcpy(buffer, sdk_path);
strcat(buffer, file);
ng->model = buffer;
ng->nvafx_enabled = true;
ng->nvafx_initialized = false;
ng->nvafx_loading = false;
Reported by FlawFinder.
Line: 598
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
char *buffer = (char *)bmalloc(size);
strcpy(buffer, sdk_path);
strcat(buffer, file);
ng->model = buffer;
ng->nvafx_enabled = true;
ng->nvafx_initialized = false;
ng->nvafx_loading = false;
Reported by FlawFinder.
Line: 587
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ng->context = filter;
#ifdef LIBNVAFX_ENABLED
char sdk_path[MAX_PATH];
if (!nvafx_get_sdk_path(sdk_path, sizeof(sdk_path))) {
ng->nvafx_enabled = false;
do_log(LOG_ERROR, "NVAFX redist is not installed.");
} else {
Reported by FlawFinder.
Line: 594
Column: 36
CWE codes:
126
do_log(LOG_ERROR, "NVAFX redist is not installed.");
} else {
const char *file = "\\models\\denoiser_48k.trtpkg";
size_t size = strlen(sdk_path) + strlen(file) + 1;
char *buffer = (char *)bmalloc(size);
strcpy(buffer, sdk_path);
strcat(buffer, file);
ng->model = buffer;
Reported by FlawFinder.
Line: 594
Column: 17
CWE codes:
126
do_log(LOG_ERROR, "NVAFX redist is not installed.");
} else {
const char *file = "\\models\\denoiser_48k.trtpkg";
size_t size = strlen(sdk_path) + strlen(file) + 1;
char *buffer = (char *)bmalloc(size);
strcpy(buffer, sdk_path);
strcat(buffer, file);
ng->model = buffer;
Reported by FlawFinder.
UI/frontend-plugins/frontend-tools/captions.cpp
5 issues
Line: 245
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void obs_captions::start()
{
if (!captions->handler && valid_lang(lang_id)) {
wchar_t wname[256];
auto pair = handler_types.find(handler_id);
if (pair == handler_types.end()) {
warn("Failed to find handler '%s'", handler_id.c_str());
return;
Reported by FlawFinder.
Line: 307
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool get_locale_name(LANGID id, char *out)
{
wchar_t name[256];
int size = GetLocaleInfoW(id, LOCALE_SENGLISHLANGUAGENAME, name, 256);
if (size <= 0)
return false;
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool valid_lang(LANGID id)
{
ComPtr<ISpObjectToken> token;
wchar_t lang_str[32];
HRESULT hr;
_snwprintf(lang_str, 31, L"language=%x", (int)id);
hr = SpFindBestToken(SPCAT_RECOGNIZERS, lang_str, nullptr, &token);
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void get_valid_locale_names(vector<locale_info> &locales)
{
locale_info cur;
char locale_name[256];
static const LANGID default_locales[] = {
0x0409, 0x0401, 0x0402, 0x0403, 0x0404, 0x0405, 0x0406,
0x0407, 0x0408, 0x040a, 0x040b, 0x040c, 0x040d, 0x040e,
0x040f, 0x0410, 0x0411, 0x0412, 0x0413, 0x0414, 0x0415,
Reported by FlawFinder.
Line: 259
Column: 24
CWE codes:
126
return;
}
size_t len = (size_t)wcslen(wname);
string lang_name;
lang_name.resize(len);
for (size_t i = 0; i < len; i++)
Reported by FlawFinder.
plugins/win-dshow/shared-memory-queue.c
5 issues
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CloseHandle(vq.handle);
return NULL;
}
memcpy(vq.header, &header, sizeof(header));
for (size_t i = 0; i < 3; i++) {
uint32_t off = offset_frame[i];
vq.ts[i] = (uint64_t *)(((uint8_t *)vq.header) + off);
vq.frame[i] = ((uint8_t *)vq.header) + off + FRAME_HEADER_SIZE;
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CloseHandle(vq.handle);
return NULL;
}
memcpy(pvq, &vq, sizeof(vq));
return pvq;
}
video_queue_t *video_queue_open()
{
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CloseHandle(vq.handle);
return NULL;
}
memcpy(pvq, &vq, sizeof(vq));
return pvq;
}
void video_queue_close(video_queue_t *vq)
{
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t size = linesize[0] * qh->cy;
*vq->ts[idx] = timestamp;
memcpy(vq->frame[idx], data[0], size);
memcpy(vq->frame[idx] + size, data[1], size / 2);
qh->read_idx = inc;
qh->state = SHARED_QUEUE_STATE_READY;
}
Reported by FlawFinder.
Line: 174
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*vq->ts[idx] = timestamp;
memcpy(vq->frame[idx], data[0], size);
memcpy(vq->frame[idx] + size, data[1], size / 2);
qh->read_idx = inc;
qh->state = SHARED_QUEUE_STATE_READY;
}
Reported by FlawFinder.
deps/jansson/src/pack_unpack.c
4 issues
Line: 147
Column: 18
CWE codes:
126
return NULL;
}
length = strlen(str);
if(!utf8_check_string(str, length)) {
set_error(s, "<args>", "Invalid UTF-8 %s", purpose);
return NULL;
}
Reported by FlawFinder.
Line: 179
Column: 22
CWE codes:
126
}
else {
prev_token(s);
length = strlen(str);
}
if(strbuffer_append_bytes(&strbuff, str, length) == -1) {
set_error(s, "<internal>", "Out of memory");
strbuffer_close(&strbuff);
Reported by FlawFinder.
Line: 494
Column: 69
CWE codes:
126
} else {
strbuffer_append_bytes(&unrecognized_keys, ", ", 2);
}
strbuffer_append_bytes(&unrecognized_keys, key, strlen(key));
}
}
} else {
/* No optional keys, we can just compare the number of items */
unpacked = (long)json_object_size(root) - (long)key_set.size;
Reported by FlawFinder.
Line: 512
Column: 73
CWE codes:
126
} else {
strbuffer_append_bytes(&unrecognized_keys, ", ", 2);
}
strbuffer_append_bytes(&unrecognized_keys, key, strlen(key));
}
}
}
set_error(s, "<validation>",
"%li object item(s) left unpacked: %s",
Reported by FlawFinder.
plugins/obs-ffmpeg/obs-ffmpeg-logging.c
4 issues
Line: 8
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DARRAY(struct log_context {
void *context;
char str[4096];
int print_prefix;
} *) active_log_contexts;
static DARRAY(struct log_context *) cached_log_contexts;
pthread_mutex_t log_contexts_mutex = PTHREAD_MUTEX_INITIALIZER;
Reported by FlawFinder.
Line: 64
Column: 57
CWE codes:
126
char *str = log_context->str;
av_log_format_line(context, level, format, args, str + strlen(str),
(int)(sizeof(log_context->str) - strlen(str)),
&log_context->print_prefix);
int obs_level;
switch (level) {
Reported by FlawFinder.
Line: 65
Column: 40
CWE codes:
126
char *str = log_context->str;
av_log_format_line(context, level, format, args, str + strlen(str),
(int)(sizeof(log_context->str) - strlen(str)),
&log_context->print_prefix);
int obs_level;
switch (level) {
case AV_LOG_PANIC:
Reported by FlawFinder.
Line: 90
Column: 24
CWE codes:
126
if (!log_context->print_prefix)
return;
char *str_end = str + strlen(str) - 1;
while (str < str_end) {
if (*str_end != '\n')
break;
*str_end-- = '\0';
}
Reported by FlawFinder.
plugins/obs-x264/obs-x264.c
4 issues
Line: 359
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct obs_x264 *obsx264 = param;
char str[1024];
vsnprintf(str, 1024, format, args);
info("%s", str);
UNUSED_PARAMETER(level);
}
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void log_x264(void *param, int level, const char *format, va_list args)
{
struct obs_x264 *obsx264 = param;
char str[1024];
vsnprintf(str, 1024, format, args);
info("%s", str);
UNUSED_PARAMETER(level);
Reported by FlawFinder.
Line: 565
Column: 29
CWE codes:
126
}
size_t settings_string_length = 0;
for (size_t i = 0; i < options->count; ++i)
settings_string_length += strlen(options->options[i].name) +
strlen(options->options[i].value) + 5;
size_t buffer_size = settings_string_length + 1;
char *settings_string = bmalloc(settings_string_length + 1);
char *p = settings_string;
size_t remaining_buffer_size = buffer_size;
Reported by FlawFinder.
Line: 566
Column: 8
CWE codes:
126
size_t settings_string_length = 0;
for (size_t i = 0; i < options->count; ++i)
settings_string_length += strlen(options->options[i].name) +
strlen(options->options[i].value) + 5;
size_t buffer_size = settings_string_length + 1;
char *settings_string = bmalloc(settings_string_length + 1);
char *p = settings_string;
size_t remaining_buffer_size = buffer_size;
for (size_t i = 0; i < options->count; ++i) {
Reported by FlawFinder.
plugins/obs-ffmpeg/obs-ffmpeg-output.c
4 issues
Line: 71
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char out[4096];
va_start(args, format);
vsnprintf(out, sizeof(out), format, args);
va_end(args);
ffmpeg_output_set_last_error(data, out);
blog(log_level, "%s", out);
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *format, ...)
{
va_list args;
char out[4096];
va_start(args, format);
vsnprintf(out, sizeof(out), format, args);
va_end(args);
Reported by FlawFinder.
Line: 709
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int pos_frame = y * frame_rowsize;
int pos_pic = y * pic_rowsize;
memcpy(pic->data[plane] + pos_pic,
frame->data[plane] + pos_frame, bytes);
}
}
}
Reported by FlawFinder.
Line: 1036
Column: 17
CWE codes:
126
const char *name)
{
const char *value = obs_data_get_string(settings, name);
if (!value || !strlen(value))
return NULL;
return value;
}
static int get_audio_mix_count(int audio_mix_mask)
Reported by FlawFinder.
deps/jansson/src/hashtable_seed.c
4 issues
Line: 66
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Use unbuffered I/O if we have open(), close() and read(). Otherwise
fall back to fopen() */
char data[sizeof(uint32_t)];
int ok;
#if defined(HAVE_OPEN) && defined(HAVE_CLOSE) && defined(HAVE_READ)
int urandom;
urandom = open("/dev/urandom", O_RDONLY);
Reported by FlawFinder.
Line: 71
Column: 15
CWE codes:
362
#if defined(HAVE_OPEN) && defined(HAVE_CLOSE) && defined(HAVE_READ)
int urandom;
urandom = open("/dev/urandom", O_RDONLY);
if (urandom == -1)
return 1;
ok = read(urandom, data, sizeof(uint32_t)) == sizeof(uint32_t);
close(urandom);
Reported by FlawFinder.
Line: 80
Column: 15
CWE codes:
362
#else
FILE *urandom;
urandom = fopen("/dev/urandom", "rb");
if (!urandom)
return 1;
ok = fread(data, 1, sizeof(uint32_t), urandom) == sizeof(uint32_t);
fclose(urandom);
Reported by FlawFinder.
Line: 75
Column: 10
CWE codes:
120
20
if (urandom == -1)
return 1;
ok = read(urandom, data, sizeof(uint32_t)) == sizeof(uint32_t);
close(urandom);
#else
FILE *urandom;
urandom = fopen("/dev/urandom", "rb");
Reported by FlawFinder.