The following issues were found

plugins/obs-ffmpeg/obs-ffmpeg-logging.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 8 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static DARRAY(struct log_context {
	void *context;
	char str[4096];
	int print_prefix;
} *) active_log_contexts;
static DARRAY(struct log_context *) cached_log_contexts;
pthread_mutex_t log_contexts_mutex = PTHREAD_MUTEX_INITIALIZER;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 64 Column: 57 CWE codes: 126 

              
	char *str = log_context->str;

	av_log_format_line(context, level, format, args, str + strlen(str),
			   (int)(sizeof(log_context->str) - strlen(str)),
			   &log_context->print_prefix);

	int obs_level;
	switch (level) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 65 Column: 40 CWE codes: 126 

              	char *str = log_context->str;

	av_log_format_line(context, level, format, args, str + strlen(str),
			   (int)(sizeof(log_context->str) - strlen(str)),
			   &log_context->print_prefix);

	int obs_level;
	switch (level) {
	case AV_LOG_PANIC:

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 90 Column: 24 CWE codes: 126 

              	if (!log_context->print_prefix)
		return;

	char *str_end = str + strlen(str) - 1;
	while (str < str_end) {
		if (*str_end != '\n')
			break;
		*str_end-- = '\0';
	}

Reported by FlawFinder.

libobs/obs-scene.c
4 issues
Possible null pointer dereference: items
Error

Line: 2991 CWE codes: 476 

              
	/* don't allow groups or sub-items of other groups */
	for (size_t i = count; i > 0; i--) {
		obs_sceneitem_t *item = items[i - 1];
		if (item->parent != scene || item->is_group)
			return NULL;
	}

	obs_scene_t *sub_scene = create_id("group", name);

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2700 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (crop_equal(crop, &item->crop))
		return;

	memcpy(&item->crop, crop, sizeof(*crop));

	if (item->crop.left < 0)
		item->crop.left = 0;
	if (item->crop.right < 0)
		item->crop.right = 0;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2722 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!obs_ptr_valid(crop, "obs_sceneitem_get_crop"))
		return;

	memcpy(crop, &item->crop, sizeof(*crop));
}

void obs_sceneitem_set_scale_filter(obs_sceneitem_t *item,
				    enum obs_scale_type filter)
{

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 3568 Column: 12 CWE codes: 126 

              	if (!item || !data)
		return;
	const char *id = obs_data_get_string(data, "id");
	if (id && strlen(id)) {
		const char *tn = obs_data_get_string(data, "name");
		obs_data_t *s = obs_data_get_obj(data, "transition");
		obs_source_t *t = obs_source_create_private(id, tn, s);
		if (show)
			obs_sceneitem_set_show_transition(item, t);

Reported by FlawFinder.

plugins/obs-ffmpeg/obs-ffmpeg-output.c
4 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 71 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	char out[4096];

	va_start(args, format);
	vsnprintf(out, sizeof(out), format, args);
	va_end(args);

	ffmpeg_output_set_last_error(data, out);

	blog(log_level, "%s", out);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 68 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		      const char *format, ...)
{
	va_list args;
	char out[4096];

	va_start(args, format);
	vsnprintf(out, sizeof(out), format, args);
	va_end(args);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 709 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			int pos_frame = y * frame_rowsize;
			int pos_pic = y * pic_rowsize;

			memcpy(pic->data[plane] + pos_pic,
			       frame->data[plane] + pos_frame, bytes);
		}
	}
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1036 Column: 17 CWE codes: 126 

              					     const char *name)
{
	const char *value = obs_data_get_string(settings, name);
	if (!value || !strlen(value))
		return NULL;
	return value;
}

static int get_audio_mix_count(int audio_mix_mask)

Reported by FlawFinder.

plugins/obs-qsv11/libmfx/src/main.cpp
4 issues
wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 204 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  VectorHandleGuard handleGuard(allocatedHandle);

    MFX_DISP_HANDLE_EX *pHandle;
    wchar_t dllName[MFX_MAX_DLL_PATH] = { 0 };
    MFX::MFXLibraryIterator libIterator;

    // there iterators are used only if the caller specified implicit type like AUTO
    mfxU32 curImplIdx, maxImplIdx;
    // implementation method masked from the input parameter

Reported by FlawFinder.

wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 751 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  PluginDescriptionRecord record;
    record.sName[0] = 0;

    wchar_t wPath[MAX_PLUGIN_PATH];
    int res = ::MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, path, len, wPath, MAX_PLUGIN_PATH-1);

    if (!res)
    {
        DISPATCHER_LOG_ERROR((("MFXVideoUSER_LoadByPath: can't convert UTF-8 path to UTF-16\n")));

Reported by FlawFinder.

MultiByteToWideChar - Requires maximum length in CHARACTERS, not bytes
Security

Line: 752 Column: 17 CWE codes: 120 

                  record.sName[0] = 0;

    wchar_t wPath[MAX_PLUGIN_PATH];
    int res = ::MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, path, len, wPath, MAX_PLUGIN_PATH-1);

    if (!res)
    {
        DISPATCHER_LOG_ERROR((("MFXVideoUSER_LoadByPath: can't convert UTF-8 path to UTF-16\n")));
        return MFX_ERR_NOT_FOUND;

Reported by FlawFinder.

wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 905 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#else

    wchar_t IntelGFXAPIdllName[MFX_MAX_DLL_PATH] = { 0 };
    mfxI32 adapterNum = -1;

    switch (par.Implementation & 0xf)
    {
    case MFX_IMPL_SOFTWARE:

Reported by FlawFinder.

plugins/obs-outputs/librtmp/rtmp_sys.h
4 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 45 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

              

#ifdef _MSC_VER	/* MSVC */
#define snprintf _snprintf
#define strcasecmp stricmp
#define strncasecmp strnicmp
#define vsnprintf _vsnprintf
#endif

Reported by FlawFinder.

_snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 45 Column: 18 CWE codes: 134
Suggestion: Use a constant for the format specification 

              

#ifdef _MSC_VER	/* MSVC */
#define snprintf _snprintf
#define strcasecmp stricmp
#define strncasecmp strnicmp
#define vsnprintf _vsnprintf
#endif

Reported by FlawFinder.

vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 48 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define snprintf _snprintf
#define strcasecmp stricmp
#define strncasecmp strnicmp
#define vsnprintf _vsnprintf
#endif

#define GetSockError()	WSAGetLastError()
#define SetSockError(e)	WSASetLastError(e)
#define setsockopt(a,b,c,d,e)	(setsockopt)(a,b,c,(const char *)d,(int)e)

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 74 Column: 19 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              #define SetSockError(e)	errno = e
#undef closesocket
#define closesocket(s)	close(s)
#define msleep(n)	usleep(n*1000)
#define SET_RCVTIMEO(tv,s)	struct timeval tv = {s,0}
#ifndef INVALID_SOCKET
#define INVALID_SOCKET -1
#endif
#endif

Reported by FlawFinder.

deps/glad/include/glad/glad_glx.h
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 156 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  int count;       /* if nonzero, at least this many more */
} GLXBufferClobberEventSGIX;
typedef struct {
    char    pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */
    int     networkId;
} GLXHyperpipeNetworkSGIX;
typedef struct {
    char    pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */
    int     channel;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 160 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  int     networkId;
} GLXHyperpipeNetworkSGIX;
typedef struct {
    char    pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */
    int     channel;
    unsigned int participationType;
    int     timeSlice;
} GLXHyperpipeConfigSGIX;
typedef struct {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 166 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  int     timeSlice;
} GLXHyperpipeConfigSGIX;
typedef struct {
    char pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */
    int srcXOrigin, srcYOrigin, srcWidth, srcHeight;
    int destXOrigin, destYOrigin, destWidth, destHeight;
} GLXPipeRect;
typedef struct {
    char pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 171 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  int destXOrigin, destYOrigin, destWidth, destHeight;
} GLXPipeRect;
typedef struct {
    char pipeName[80]; /* Should be [GLX_HYPERPIPE_PIPE_NAME_LENGTH_SGIX] */
    int XOrigin, YOrigin, maxHeight, maxWidth;
} GLXPipeRectLimits;
#define GLX_EXTENSION_NAME "GLX"
#define GLX_PbufferClobber 0
#define GLX_BufferSwapComplete 1

Reported by FlawFinder.

UI/frontend-plugins/frontend-tools/captions-mssapi-stream.cpp
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 254 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (flag == STATFLAG_DEFAULT) {
		size_t byte_size = (wcslen(stat_name) + 1) * sizeof(wchar_t);
		stg->pwcsName = (wchar_t *)CoTaskMemAlloc(byte_size);
		memcpy(stg->pwcsName, stat_name, byte_size);
	}

	return S_OK;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 283 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	void *wfex = CoTaskMemAlloc(sizeof(format));
	memcpy(wfex, &format, sizeof(format));

	*co_mem_wfex_out = (WAVEFORMATEX *)wfex;
	return S_OK;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 365 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return E_POINTER;

	void *wfex = CoTaskMemAlloc(sizeof(format));
	memcpy(wfex, &format, sizeof(format));

	*format = SPDFID_WaveFormatEx;
	*co_mem_wfex_out = (WAVEFORMATEX *)wfex;
	return S_OK;
}

Reported by FlawFinder.

wcslen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 252 Column: 23 CWE codes: 126 

              	stg->cbSize.QuadPart = (ULONGLONG)buf->size;

	if (flag == STATFLAG_DEFAULT) {
		size_t byte_size = (wcslen(stat_name) + 1) * sizeof(wchar_t);
		stg->pwcsName = (wchar_t *)CoTaskMemAlloc(byte_size);
		memcpy(stg->pwcsName, stat_name, byte_size);
	}

	return S_OK;

Reported by FlawFinder.

plugins/obs-outputs/rtmp-stream.c
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 391 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto retry_send;
	}

	memcpy(stream->write_buf + stream->write_buf_len, data, len);
	stream->write_buf_len += len;

	pthread_mutex_unlock(&stream->write_buf_mutex);

	os_event_signal(stream->buffer_has_data_event);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 912 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	RTMP *rtmp = &stream->rtmp;
	MIB_IPFORWARDROW route;
	uint32_t dest_addr, source_addr;
	char hostname[256];
	HOSTENT *h;

	if (rtmp->Link.hostname.av_len >= sizeof(hostname) - 1)
		return;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 226 Column: 29 CWE codes: 126 

              {
	bool valid = (str && *str);
	val->av_val = valid ? (char *)str : NULL;
	val->av_len = valid ? (int)strlen(str) : 0;
}

static inline void set_rtmp_dstr(AVal *val, struct dstr *str)
{
	bool valid = !dstr_is_empty(str);

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 918 Column: 2 CWE codes: 120 

              	if (rtmp->Link.hostname.av_len >= sizeof(hostname) - 1)
		return;

	strncpy(hostname, rtmp->Link.hostname.av_val, sizeof(hostname));
	hostname[rtmp->Link.hostname.av_len] = 0;

	h = gethostbyname(hostname);
	if (!h)
		return;

Reported by FlawFinder.

deps/blake2/src/blake2b-ref.c
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 146 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                {
    uint8_t block[BLAKE2B_BLOCKBYTES];
    memset( block, 0, BLAKE2B_BLOCKBYTES );
    memcpy( block, key, keylen );
    blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
    secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
  }
  return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 231 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if( inlen > fill )
    {
      S->buflen = 0;
      memcpy( S->buf + left, in, fill ); /* Fill buffer */
      blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
      blake2b_compress( S, S->buf ); /* Compress */
      in += fill; inlen -= fill;
      while(inlen > BLAKE2B_BLOCKBYTES) {
        blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 242 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      inlen -= BLAKE2B_BLOCKBYTES;
      }
    }
    memcpy( S->buf + S->buflen, in, inlen );
    S->buflen += inlen;
  }
  return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 267 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
    store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );

  memcpy( out, buffer, S->outlen );
  secure_zero_memory(buffer, sizeof(buffer));
  return 0;
}

/* inlen, at least, should be uint64_t. Others can be size_t. */

Reported by FlawFinder.

libobs/util/dstr.h
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 236 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (src->len) {
		dstr_ensure_capacity(dst, src->len + 1);
		memcpy(dst->array, src->array, src->len + 1);
		dst->len = src->len;
	}
}

static inline void dstr_reserve(struct dstr *dst, const size_t capacity)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 166 Column: 26 CWE codes: 126 

              static inline void dstr_init_move_array(struct dstr *dst, char *str)
{
	dst->array = str;
	dst->len = (!str) ? 0 : strlen(str);
	dst->capacity = dst->len + 1;
}

static inline void dstr_init_move(struct dstr *dst, struct dstr *src)
{

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 207 Column: 26 CWE codes: 126 

              {
	dstr_free(dst);
	dst->array = str;
	dst->len = (!str) ? 0 : strlen(str);
	dst->capacity = dst->len + 1;
}

static inline void dstr_move(struct dstr *dst, struct dstr *src)
{

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 278 Column: 8 CWE codes: 126 

              	if (!array || !*array)
		return;

	len = strlen(array);
	dstr_ncat(dst, array, len);
}

static inline void dstr_cat_ch(struct dstr *dst, char ch)
{

Reported by FlawFinder.