The following issues were found

deps/w32-pthreads/tests/benchlib.c
3 issues
LoadLibrary - Ensure that the full path to the library is specified, or current directory may be used
Security

Line: 114 Column: 28 CWE codes: 829 20
Suggestion: Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library 

                      /*
         * Load KERNEL32 and try to get address of TryEnterCriticalSection
         */
        ptw32_h_kernel32 = LoadLibrary(TEXT("KERNEL32.DLL"));
        ptw32_try_enter_critical_section = (BOOL (WINAPI *)(LPCRITICAL_SECTION))

#if defined(NEED_UNICODE_CONSTS)
        GetProcAddress(ptw32_h_kernel32,
                       (const TCHAR *)TEXT("TryEnterCriticalSection"));

Reported by FlawFinder.

InitializeCriticalSection - Exceptions can be thrown in low-memory situations
Security

Line: 127 Column: 13 CWE codes:
Suggestion: Use InitializeCriticalSectionAndSpinCount instead 

              
        if (ptw32_try_enter_critical_section != NULL)
          {
            InitializeCriticalSection(&cs);
            if ((*ptw32_try_enter_critical_section)(&cs))
              {
                LeaveCriticalSection(&cs);
              }
            else

Reported by FlawFinder.

InitializeCriticalSection - Exceptions can be thrown in low-memory situations
Security

Line: 150 Column: 4 CWE codes:
Suggestion: Use InitializeCriticalSectionAndSpinCount instead 

              
      if (old_mutex_use == OLD_WIN32CS)
	{
	  InitializeCriticalSection(&mx->cs);
	}
      else if (old_mutex_use == OLD_WIN32MUTEX)
      {
	  mx->mutex = CreateMutex (NULL,
				   FALSE,

Reported by FlawFinder.

deps/w32-pthreads/ptw32_tkAssocCreate.c
3 issues
Memory leak: assoc
Error

Line: 116 CWE codes: 401 

                  }
  sp->keys = (void *) assoc;

  return (0);

}				/* ptw32_tkAssocCreate */

Reported by Cppcheck.

Memory leak: assoc
Error

Line: 116 CWE codes: 401 

                  }
  sp->keys = (void *) assoc;

  return (0);

}				/* ptw32_tkAssocCreate */

Reported by Cppcheck.

Memory leak: assoc
Error

Line: 116 CWE codes: 401 

                  }
  sp->keys = (void *) assoc;

  return (0);

}				/* ptw32_tkAssocCreate */

Reported by Cppcheck.

plugins/obs-outputs/librtmp/rtmp.h
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 249 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      int c_headerSize;
        int c_chunkSize;
        char *c_chunk;
        char c_header[RTMP_MAX_HEADER_SIZE];
    } RTMPChunk;

    typedef struct RTMPPacket
    {
        uint8_t m_headerType;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 271 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      SOCKET sb_socket;
        int sb_size;		/* number of unprocessed bytes in buffer */
        char *sb_start;		/* pointer into sb_pBuffer of next byte to process */
        char sb_buf[RTMP_BUFFER_CACHE_SIZE];	/* data read from socket */
        int sb_timedout;
        void *sb_ssl;
    } RTMPSockBuf;

    void RTMPPacket_Reset(RTMPPacket *p);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 347 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
        uint32_t SWFSize;
        uint8_t SWFHash[RTMP_SWF_HASHLEN];
        char SWFVerificationResponse[RTMP_SWF_HASHLEN+10];
#endif
    } RTMP_LNK;

    /* state for read() wrapper */
    typedef struct RTMP_READ

Reported by FlawFinder.

libobs/obs-module.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 572 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			goto error;                                     \
		}                                                       \
                                                                        \
		memcpy(&data, info, size_var);                          \
		da_push_back(dest, &data);                              \
	} while (false)

#define CHECK_REQUIRED_VAL(type, info, val, func)                       \
	do {                                                            \

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 643 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto error;
	}

	memcpy(&data, info, size);

	/* mark audio-only filters as an async filter categorically */
	if (data.type == OBS_SOURCE_TYPE_FILTER) {
		if ((data.output_flags & OBS_SOURCE_VIDEO) == 0)
			data.output_flags |= OBS_SOURCE_ASYNC;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 88 Column: 13 CWE codes: 126 

              
	if (ext_len == 0) {
		const char *ext = get_module_extension();
		ext_len = strlen(ext);
	}

	dstr_copy(&name, file);
	dstr_resize(&name, name.len - ext_len);
	return name.array;

Reported by FlawFinder.

deps/obs-scripting/obs-scripting-python.c
3 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 1604 Column: 24 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              		os_utf8_to_wcs(python_path, 0, home_path, 1024);
		Py_SetPythonHome(home_path);
#if 0
		dstr_copy(&old_path, getenv("PATH"));
		_putenv("PYTHONPATH=");
		_putenv("PATH=");
#endif
	}
#else

Reported by FlawFinder.

wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 51 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              sys.stderr = stderr_logger()\n";

#if RUNTIME_LINK
static wchar_t home_path[1024] = {0};
#endif

DARRAY(char *) python_paths;
static bool python_loaded = false;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1196 Column: 16 CWE codes: 126 

              	}

	if (start) {
		size_t len = strlen(start);
		if (len)
			memmove(cur_py_log_chunk.array, start, len);
		dstr_resize(&cur_py_log_chunk, len);
	}

Reported by FlawFinder.

plugins/vlc-video/vlc-video-plugin.c
3 issues
There is an unknown macro here somewhere. Configuration is required. If OBS_DECLARE_MODULE is a macro then please configure it.
Error

Line: 8 

              #include <util/platform.h>
#include "vlc-video-plugin.h"

OBS_DECLARE_MODULE()
OBS_MODULE_USE_DEFAULT_LOCALE("vlc-video", "en-US")
MODULE_EXPORT const char *obs_module_description(void)
{
	return "VLC playlist source";
}

Reported by Cppcheck.

wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 151 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
#ifdef _WIN32
	char *path_utf8 = NULL;
	wchar_t path[1024];
	LSTATUS status;
	DWORD size;
	HKEY key;

	memset(path, 0, 1024 * sizeof(wchar_t));

Reported by FlawFinder.

wcscat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 167 Column: 3 CWE codes: 120 

              	status = RegQueryValueExW(key, L"InstallDir", NULL, NULL, (LPBYTE)path,
				  &size);
	if (status == ERROR_SUCCESS) {
		wcscat(path, L"\\libvlc.dll");
		os_wcs_to_utf8_ptr(path, 0, &path_utf8);
		libvlc_module = os_dlopen(path_utf8);
		bfree(path_utf8);
	}

Reported by FlawFinder.

UI/win-update/updater/hash.cpp
3 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 62 Column: 61 CWE codes: 120 20 

              
	for (;;) {
		DWORD read = 0;
		if (!ReadFile(handle, &hashBuffer[0], hashBuffer.size(), &read,
			      nullptr))
			return false;

		if (!read)
			break;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 66 Column: 8 CWE codes: 120 20 

              			      nullptr))
			return false;

		if (!read)
			break;

		if (blake2b_update(&blake2, &hashBuffer[0], read) != 0)
			return false;
	}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 69 Column: 47 CWE codes: 120 20 

              		if (!read)
			break;

		if (blake2b_update(&blake2, &hashBuffer[0], read) != 0)
			return false;
	}

	if (blake2b_final(&blake2, hash, BLAKE2_HASH_LENGTH) != 0)
		return false;

Reported by FlawFinder.

plugins/obs-outputs/librtmp/dh.h
3 issues
failed to expand 'MDH_generate_key', Wrong number of parameters for macro 'MDH_generate_key'.
Error

Line: 297 

                  {
        MP_t q1 = NULL;

        if (!MDH_generate_key(r, dh))
            return 0;

        MP_gethex(q1, Q1024, res);
        assert(res);

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 56 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int MDH_generate_key(RTMP *r, MDH *dh)
{
    unsigned char out[2];
    MP_set(&dh->ctx.P, dh->p);
    MP_set(&dh->ctx.G, dh->g);
    dh->ctx.len = 128;
    mbedtls_dhm_make_public(&dh->ctx, 1024, out, 1, mbedtls_ctr_drbg_random, &r->RTMP_TLS_ctx->ctr_drbg);
    MP_new(dh->pub_key);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 107 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int MDH_generate_key(MDH *dh)
{
    unsigned char out[2];
    MP_set(&dh->ctx.P, dh->p);
    MP_set(&dh->ctx.G, dh->g);
    dh->ctx.len = 128;
    dhm_make_public(&dh->ctx, 1024, out, 1, havege_random, &RTMP_TLS_ctx->hs);
    MP_new(dh->pub_key);

Reported by FlawFinder.

plugins/obs-filters/color-grade-filter.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 81 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			const uint32_t row_index = image_width * (z_y + y);
			for (uint32_t x = 0; x < LUT_WIDTH; ++x) {
				const uint32_t index = row_index + z_x + x;
				memcpy(cursor, &data[pixel_size * index],
				       pixel_size);

				cursor += pixel_size;
			}
		}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 102 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	bool data_found = false;

	char line[256];
	while (fgets(line, sizeof(line), file)) {
		if (sscanf(line, "%f %f %f", red, green, blue) == 3) {
			data_found = true;
			break;
		}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 187 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
		bool data_found = false;

		char line[256];
		unsigned u;
		float f[3];
		while (fgets(line, sizeof(line), file)) {
			if (sscanf(line, "%f %f %f", &red, &green, &blue) ==
			    3) {

Reported by FlawFinder.

plugins/obs-filters/rnnoise/src/denoise.c
3 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 538 Column: 8 CWE codes: 362 

                  fprintf(stderr, "usage: %s <speech> <noise> <count>\n", argv[0]);
    return 1;
  }
  f1 = fopen(argv[1], "r");
  f2 = fopen(argv[2], "r");
  maxCount = atoi(argv[3]);
  for(i=0;i<150;i++) {
    short tmp[FRAME_SIZE];
    fread(tmp, sizeof(short), FRAME_SIZE, f2);

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 539 Column: 8 CWE codes: 362 

                  return 1;
  }
  f1 = fopen(argv[1], "r");
  f2 = fopen(argv[2], "r");
  maxCount = atoi(argv[3]);
  for(i=0;i<150;i++) {
    short tmp[FRAME_SIZE];
    fread(tmp, sizeof(short), FRAME_SIZE, f2);
  }

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 540 Column: 14 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

                }
  f1 = fopen(argv[1], "r");
  f2 = fopen(argv[2], "r");
  maxCount = atoi(argv[3]);
  for(i=0;i<150;i++) {
    short tmp[FRAME_SIZE];
    fread(tmp, sizeof(short), FRAME_SIZE, f2);
  }
  while (1) {

Reported by FlawFinder.