The following issues were found
libobs/obs-source.c
16 issues
Line: 2739
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
? dst->linesize[plane]
: src->linesize[plane];
memcpy(dst->data[plane] + pos_dst, src->data[plane] + pos_src, bytes);
}
static inline void copy_frame_data_plane(struct obs_source_frame *dst,
const struct obs_source_frame *src,
uint32_t plane, uint32_t lines)
Reported by FlawFinder.
Line: 2750
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (uint32_t y = 0; y < lines; y++)
copy_frame_data_line(dst, src, plane, y);
} else {
memcpy(dst->data[plane], src->data[plane],
(size_t)dst->linesize[plane] * (size_t)lines);
}
}
static void copy_frame_data(struct obs_source_frame *dst,
Reported by FlawFinder.
Line: 2762
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst->flags = src->flags;
dst->full_range = src->full_range;
dst->timestamp = src->timestamp;
memcpy(dst->color_matrix, src->color_matrix, sizeof(float) * 16);
if (!dst->full_range) {
size_t const size = sizeof(float) * 3;
memcpy(dst->color_range_min, src->color_range_min, size);
memcpy(dst->color_range_max, src->color_range_max, size);
}
Reported by FlawFinder.
Line: 2765
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst->color_matrix, src->color_matrix, sizeof(float) * 16);
if (!dst->full_range) {
size_t const size = sizeof(float) * 3;
memcpy(dst->color_range_min, src->color_range_min, size);
memcpy(dst->color_range_max, src->color_range_max, size);
}
switch (src->format) {
case VIDEO_FORMAT_I420: {
Reported by FlawFinder.
Line: 2766
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dst->full_range) {
size_t const size = sizeof(float) * 3;
memcpy(dst->color_range_min, src->color_range_min, size);
memcpy(dst->color_range_max, src->color_range_max, size);
}
switch (src->format) {
case VIDEO_FORMAT_I420: {
const uint32_t height = dst->height;
Reported by FlawFinder.
Line: 2993
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
new_frame.flip = frame->flip;
new_frame.flags = frame->flags;
memcpy(&new_frame.color_matrix, &frame->color_matrix,
sizeof(frame->color_matrix));
memcpy(&new_frame.color_range_min, &frame->color_range_min,
sizeof(frame->color_range_min));
memcpy(&new_frame.color_range_max, &frame->color_range_max,
sizeof(frame->color_range_max));
Reported by FlawFinder.
Line: 2995
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&new_frame.color_matrix, &frame->color_matrix,
sizeof(frame->color_matrix));
memcpy(&new_frame.color_range_min, &frame->color_range_min,
sizeof(frame->color_range_min));
memcpy(&new_frame.color_range_max, &frame->color_range_max,
sizeof(frame->color_range_max));
obs_source_output_video_internal(source, &new_frame);
Reported by FlawFinder.
Line: 2997
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(frame->color_matrix));
memcpy(&new_frame.color_range_min, &frame->color_range_min,
sizeof(frame->color_range_min));
memcpy(&new_frame.color_range_max, &frame->color_range_max,
sizeof(frame->color_range_max));
obs_source_output_video_internal(source, &new_frame);
}
Reported by FlawFinder.
Line: 3125
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
new_frame.flip = frame->flip;
new_frame.flags = frame->flags;
memcpy(&new_frame.color_matrix, &frame->color_matrix,
sizeof(frame->color_matrix));
memcpy(&new_frame.color_range_min, &frame->color_range_min,
sizeof(frame->color_range_min));
memcpy(&new_frame.color_range_max, &frame->color_range_max,
sizeof(frame->color_range_max));
Reported by FlawFinder.
Line: 3127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&new_frame.color_matrix, &frame->color_matrix,
sizeof(frame->color_matrix));
memcpy(&new_frame.color_range_min, &frame->color_range_min,
sizeof(frame->color_range_min));
memcpy(&new_frame.color_range_max, &frame->color_range_max,
sizeof(frame->color_range_max));
obs_source_preload_video_internal(source, &new_frame);
Reported by FlawFinder.
libobs/util/circlebuf.h
15 issues
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t back_size = data_end_pos - cb->capacity;
size_t loop_size = size - back_size;
memcpy((uint8_t *)cb->data + position, data, loop_size);
memcpy(cb->data, (uint8_t *)data + loop_size, back_size);
} else {
memcpy((uint8_t *)cb->data + position, data, size);
}
}
Reported by FlawFinder.
Line: 139
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t loop_size = size - back_size;
memcpy((uint8_t *)cb->data + position, data, loop_size);
memcpy(cb->data, (uint8_t *)data + loop_size, back_size);
} else {
memcpy((uint8_t *)cb->data + position, data, size);
}
}
Reported by FlawFinder.
Line: 141
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((uint8_t *)cb->data + position, data, loop_size);
memcpy(cb->data, (uint8_t *)data + loop_size, back_size);
} else {
memcpy((uint8_t *)cb->data + position, data, size);
}
}
static inline void circlebuf_push_back(struct circlebuf *cb, const void *data,
size_t size)
Reported by FlawFinder.
Line: 158
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t loop_size = size - back_size;
if (back_size)
memcpy((uint8_t *)cb->data + cb->end_pos, data,
back_size);
memcpy(cb->data, (uint8_t *)data + back_size, loop_size);
new_end_pos -= cb->capacity;
} else {
Reported by FlawFinder.
Line: 160
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (back_size)
memcpy((uint8_t *)cb->data + cb->end_pos, data,
back_size);
memcpy(cb->data, (uint8_t *)data + back_size, loop_size);
new_end_pos -= cb->capacity;
} else {
memcpy((uint8_t *)cb->data + cb->end_pos, data, size);
}
Reported by FlawFinder.
Line: 164
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
new_end_pos -= cb->capacity;
} else {
memcpy((uint8_t *)cb->data + cb->end_pos, data, size);
}
cb->end_pos = new_end_pos;
}
Reported by FlawFinder.
Line: 180
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t back_size = size - cb->start_pos;
if (cb->start_pos)
memcpy(cb->data, (uint8_t *)data + back_size,
cb->start_pos);
cb->start_pos = cb->capacity - back_size;
memcpy((uint8_t *)cb->data + cb->start_pos, data, back_size);
} else {
Reported by FlawFinder.
Line: 184
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cb->start_pos);
cb->start_pos = cb->capacity - back_size;
memcpy((uint8_t *)cb->data + cb->start_pos, data, back_size);
} else {
cb->start_pos -= size;
memcpy((uint8_t *)cb->data + cb->start_pos, data, size);
}
}
Reported by FlawFinder.
Line: 187
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((uint8_t *)cb->data + cb->start_pos, data, back_size);
} else {
cb->start_pos -= size;
memcpy((uint8_t *)cb->data + cb->start_pos, data, size);
}
}
static inline void circlebuf_push_back_zero(struct circlebuf *cb, size_t size)
{
Reported by FlawFinder.
Line: 242
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t start_size = cb->capacity - cb->start_pos;
if (start_size < size) {
memcpy(data, (uint8_t *)cb->data + cb->start_pos,
start_size);
memcpy((uint8_t *)data + start_size, cb->data,
size - start_size);
} else {
memcpy(data, (uint8_t *)cb->data + cb->start_pos, size);
Reported by FlawFinder.
deps/jansson/doc/conf.py
14 issues
Line: 44
Column: 1
# General information about the project.
project = u'Jansson'
copyright = u'2009-2016, Petri Lehtinen'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
#
# Jansson documentation build configuration file, created by
# sphinx-quickstart on Sun Sep 5 21:47:20 2010.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
Reported by Pylint.
Line: 14
Column: 1
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
sys.path.insert(0, os.path.abspath('ext'))
Reported by Pylint.
Line: 24
Column: 1
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = ['refcounting']
Reported by Pylint.
Line: 34
Column: 1
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
Reported by Pylint.
Line: 40
Column: 1
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Jansson'
copyright = u'2009-2016, Petri Lehtinen'
Reported by Pylint.
Line: 43
Column: 1
master_doc = 'index'
# General information about the project.
project = u'Jansson'
copyright = u'2009-2016, Petri Lehtinen'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
Reported by Pylint.
Line: 44
Column: 1
# General information about the project.
project = u'Jansson'
copyright = u'2009-2016, Petri Lehtinen'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
Reported by Pylint.
Line: 51
Column: 1
# built documents.
#
# The short X.Y version.
version = '2.9'
# The full version, including alpha/beta/rc tags.
release = version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
Reported by Pylint.
Line: 53
Column: 1
# The short X.Y version.
version = '2.9'
# The full version, including alpha/beta/rc tags.
release = version
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
Reported by Pylint.
libobs/util/darray.h
14 issues
Line: 93
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = bmalloc(element_size * capacity);
if (dst->array) {
if (dst->num)
memcpy(ptr, dst->array, element_size * dst->num);
bfree(dst->array);
}
dst->array = ptr;
dst->capacity = capacity;
Reported by FlawFinder.
Line: 116
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = bmalloc(element_size * new_cap);
if (dst->array) {
if (dst->capacity)
memcpy(ptr, dst->array, element_size * dst->capacity);
bfree(dst->array);
}
dst->array = ptr;
dst->capacity = new_cap;
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
darray_free(dst);
} else {
darray_resize(element_size, dst, da->num);
memcpy(dst->array, da->array, element_size * da->num);
}
}
static inline void darray_copy_array(const size_t element_size,
struct darray *dst, const void *array,
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t num)
{
darray_resize(element_size, dst, num);
memcpy(dst->array, array, element_size * dst->num);
}
static inline void darray_move(struct darray *dst, struct darray *src)
{
darray_free(dst);
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void darray_move(struct darray *dst, struct darray *src)
{
darray_free(dst);
memcpy(dst, src, sizeof(struct darray));
src->array = NULL;
src->capacity = 0;
src->num = 0;
}
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct darray *dst, const void *item)
{
darray_ensure_capacity(element_size, dst, ++dst->num);
memcpy(darray_end(element_size, dst), item, element_size);
return dst->num - 1;
}
static inline void *darray_push_back_new(const size_t element_size,
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_num = dst->num;
darray_resize(element_size, dst, dst->num + num);
memcpy(darray_item(element_size, dst, old_num), array,
element_size * num);
return old_num;
}
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memmove(darray_item(element_size, dst, idx + 1), new_item,
move_count * element_size);
memcpy(new_item, item, element_size);
}
static inline void *darray_insert_new(const size_t element_size,
struct darray *dst, const size_t idx)
{
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memmove(darray_item(element_size, dst, idx + num),
darray_item(element_size, dst, idx),
element_size * (old_num - idx));
memcpy(darray_item(element_size, dst, idx), array, element_size * num);
}
static inline void darray_insert_darray(const size_t element_size,
struct darray *dst, const size_t idx,
const struct darray *da)
Reported by FlawFinder.
Line: 420
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p_from = darray_item(element_size, dst, from);
p_to = darray_item(element_size, dst, to);
memcpy(temp, p_from, element_size);
if (to < from)
memmove(darray_item(element_size, dst, to + 1), p_to,
element_size * (from - to));
else
Reported by FlawFinder.
plugins/win-capture/graphics-hook/graphics-hook.c
13 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bool init_pipe(void)
{
char new_name[64];
sprintf(new_name, "%s%lu", PIPE_NAME, GetCurrentProcessId());
const bool success = ipc_pipe_client_open(&pipe, new_name);
if (!success) {
DbgOut("[OBS] Failed to open pipe\n");
}
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
wchar_t name[64];
HWND top = GetAncestor(window, GA_ROOT);
swprintf(name, 64, SHMEM_TEXTURE "_%" PRIu64 "_%u",
(uint64_t)(uintptr_t)top, ++shmem_id_counter);
shmem_file_handle = CreateFileMappingW(INVALID_HANDLE_VALUE, NULL,
PAGE_READWRITE, 0, (DWORD)size,
name);
Reported by FlawFinder.
Line: 721
Column: 3
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
}
for (size_t i = 0; i < NUM_BUFFERS; i++) {
InitializeCriticalSection(&thread_data.mutexes[i]);
}
InitializeCriticalSection(&thread_data.data_mutex);
thread_data.copy_thread =
Reported by FlawFinder.
Line: 724
Column: 2
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
InitializeCriticalSection(&thread_data.mutexes[i]);
}
InitializeCriticalSection(&thread_data.data_mutex);
thread_data.copy_thread =
CreateThread(NULL, 0, copy_thread, NULL, 0, NULL);
if (!thread_data.copy_thread) {
hlog("init_shmem_thread: Failed to create thread: %d",
Reported by FlawFinder.
Line: 44
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static volatile bool stop_loop = false;
static HANDLE dup_hook_mutex = NULL;
static HANDLE capture_thread = NULL;
char system_path[MAX_PATH] = {0};
char process_name[MAX_PATH] = {0};
wchar_t keepalive_name[64] = {0};
HWND dummy_window = NULL;
static unsigned int shmem_id_counter = 0;
Reported by FlawFinder.
Line: 45
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static HANDLE dup_hook_mutex = NULL;
static HANDLE capture_thread = NULL;
char system_path[MAX_PATH] = {0};
char process_name[MAX_PATH] = {0};
wchar_t keepalive_name[64] = {0};
HWND dummy_window = NULL;
static unsigned int shmem_id_counter = 0;
static void *shmem_info = NULL;
Reported by FlawFinder.
Line: 46
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static HANDLE capture_thread = NULL;
char system_path[MAX_PATH] = {0};
char process_name[MAX_PATH] = {0};
wchar_t keepalive_name[64] = {0};
HWND dummy_window = NULL;
static unsigned int shmem_id_counter = 0;
static void *shmem_info = NULL;
static HANDLE shmem_file_handle = 0;
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool init_pipe(void)
{
char new_name[64];
sprintf(new_name, "%s%lu", PIPE_NAME, GetCurrentProcessId());
const bool success = ipc_pipe_client_open(&pipe, new_name);
if (!success) {
DbgOut("[OBS] Failed to open pipe\n");
Reported by FlawFinder.
Line: 445
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void hlogv(const char *format, va_list args)
{
char message[1024] = "";
int num = _vsprintf_p(message, 1024, format, args);
if (num > 0) {
if (!ipc_pipe_client_write(&pipe, message, (size_t)num + 1)) {
ipc_pipe_client_free(&pipe);
}
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline bool init_shared_info(size_t size, HWND window)
{
wchar_t name[64];
HWND top = GetAncestor(window, GA_ROOT);
swprintf(name, 64, SHMEM_TEXTURE "_%" PRIu64 "_%u",
(uint64_t)(uintptr_t)top, ++shmem_id_counter);
Reported by FlawFinder.
libobs/util/platform-windows.c
12 issues
Line: 39
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool have_clockfreq = false;
static LARGE_INTEGER clock_freq;
static uint32_t winver = 0;
static char win_release_id[MAX_SZ_LEN] = "unavailable";
static inline uint64_t get_clockfreq(void)
{
if (!have_clockfreq) {
QueryPerformanceFrequency(&clock_freq);
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int os_get_path_internal(char *dst, size_t size, const char *name,
int folder)
{
wchar_t path_utf16[MAX_PATH];
SHGetFolderPathW(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path_utf16);
if (os_wcs_to_utf8(path_utf16, 0, dst, size) != 0) {
if (!name || !*name) {
Reported by FlawFinder.
Line: 405
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *os_get_path_ptr_internal(const char *name, int folder)
{
char *ptr;
wchar_t path_utf16[MAX_PATH];
struct dstr path;
SHGetFolderPathW(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path_utf16);
os_wcs_to_utf8_ptr(path_utf16, 0, &ptr);
Reported by FlawFinder.
Line: 441
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char *ptr;
char *slash;
wchar_t path_utf16[MAX_PATH];
struct dstr path;
GetModuleFileNameW(NULL, path_utf16, MAX_PATH);
os_wcs_to_utf8_ptr(path_utf16, 0, &ptr);
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t os_get_abs_path(const char *path, char *abspath, size_t size)
{
wchar_t wpath[MAX_PATH];
wchar_t wabspath[MAX_PATH];
size_t out_len = 0;
size_t len;
if (!abspath)
Reported by FlawFinder.
Line: 482
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t os_get_abs_path(const char *path, char *abspath, size_t size)
{
wchar_t wpath[MAX_PATH];
wchar_t wabspath[MAX_PATH];
size_t out_len = 0;
size_t len;
if (!abspath)
return 0;
Reported by FlawFinder.
Line: 581
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t os_get_free_space(const char *path)
{
ULARGE_INTEGER remainingSpace;
char abs_path[512];
wchar_t w_abs_path[512];
if (os_get_abs_path(path, abs_path, 512) > 0) {
if (os_utf8_to_wcs(abs_path, 0, w_abs_path, 512) > 0) {
BOOL success = GetDiskFreeSpaceExW(
Reported by FlawFinder.
Line: 582
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
ULARGE_INTEGER remainingSpace;
char abs_path[512];
wchar_t w_abs_path[512];
if (os_get_abs_path(path, abs_path, 512) > 0) {
if (os_utf8_to_wcs(abs_path, 0, w_abs_path, 512) > 0) {
BOOL success = GetDiskFreeSpaceExW(
w_abs_path, (PULARGE_INTEGER)&remainingSpace,
Reported by FlawFinder.
Line: 925
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BOOL success;
LPVOID data;
DWORD size;
char utf8_lib[512];
if (!ver_initialized && !initialize_version_functions())
return false;
if (!ver_initialize_success)
return false;
Reported by FlawFinder.
Line: 1043
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
HKEY key;
DWORD size, dw_val;
LSTATUS status;
wchar_t str[MAX_SZ_LEN];
status = RegOpenKeyW(HKEY_LOCAL_MACHINE, WINVER_REG_KEY, &key);
if (status != ERROR_SUCCESS)
return;
Reported by FlawFinder.
libobs/callback/calldata.c
12 issues
Line: 113
CWE codes:
476
*pos += sizeof(size_t);
if (size) {
memcpy(*pos, in, size);
*pos += size;
}
}
static inline void cd_set_first_param(calldata_t *data, const char *name,
Reported by Cppcheck.
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void cd_serialize(uint8_t **pos, void *ptr, size_t size)
{
memcpy(ptr, *pos, size);
*pos += size;
}
static inline size_t cd_serialize_size(uint8_t **pos)
{
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline size_t cd_serialize_size(uint8_t **pos)
{
size_t size = 0;
memcpy(&size, *pos, sizeof(size_t));
*pos += sizeof(size_t);
return size;
}
static inline const char *cd_serialize_string(uint8_t **pos)
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!len)
len = strlen(str) + 1;
memcpy(*pos, &len, sizeof(size_t));
*pos += sizeof(size_t);
memcpy(*pos, str, len);
*pos += len;
}
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(*pos, &len, sizeof(size_t));
*pos += sizeof(size_t);
memcpy(*pos, str, len);
*pos += len;
}
static inline void cd_copy_data(uint8_t **pos, const void *in, size_t size)
{
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void cd_copy_data(uint8_t **pos, const void *in, size_t size)
{
memcpy(*pos, &size, sizeof(size_t));
*pos += sizeof(size_t);
if (size) {
memcpy(*pos, in, size);
*pos += size;
Reported by FlawFinder.
Line: 113
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pos += sizeof(size_t);
if (size) {
memcpy(*pos, in, size);
*pos += size;
}
}
static inline void cd_set_first_param(calldata_t *data, const char *name,
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (data_size != size)
return false;
memcpy(out, pos, size);
return true;
}
void calldata_set_data(calldata_t *data, const char *name, const void *in,
size_t size)
Reported by FlawFinder.
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cd_getparam(data, name, &pos)) {
size_t cur_size;
memcpy(&cur_size, pos, sizeof(size_t));
if (cur_size < size) {
size_t offset = size - cur_size;
size_t bytes = data->size;
Reported by FlawFinder.
Line: 99
Column: 9
CWE codes:
126
static inline void cd_copy_string(uint8_t **pos, const char *str, size_t len)
{
if (!len)
len = strlen(str) + 1;
memcpy(*pos, &len, sizeof(size_t));
*pos += sizeof(size_t);
memcpy(*pos, str, len);
*pos += len;
Reported by FlawFinder.
deps/libcaption/src/caption.c
11 issues
Line: 414
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bytes = sprintf(buf, " timestamp: %f\n row: %02d col: %02d roll-up: %d\n",
frame->timestamp, frame->state.row, frame->state.col, caption_frame_rollup(frame));
total += bytes, buf += bytes;
bytes = sprintf(buf, " 00000000001111111111222222222233\t 00000000001111111111222222222233\n"
" 01234567890123456789012345678901\t 01234567890123456789012345678901\n"
" %s--------------------------------%s\t %s--------------------------------%s\n",
EIA608_CHAR_BOX_DRAWINGS_LIGHT_DOWN_AND_RIGHT, EIA608_CHAR_BOX_DRAWINGS_LIGHT_DOWN_AND_LEFT,
EIA608_CHAR_BOX_DRAWINGS_LIGHT_DOWN_AND_RIGHT, EIA608_CHAR_BOX_DRAWINGS_LIGHT_DOWN_AND_LEFT);
total += bytes;
Reported by FlawFinder.
Line: 423
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
buf += bytes;
for (r = 0; r < SCREEN_ROWS; ++r) {
bytes = sprintf(buf, "%02d%s", r, EIA608_CHAR_VERTICAL_LINE);
total += bytes, buf += bytes;
// front buffer
for (c = 0; c < SCREEN_COLS; ++c) {
caption_frame_cell_t* cell = frame_buffer_cell(&frame->front, r, c);
Reported by FlawFinder.
Line: 433
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
total += bytes, buf += bytes;
}
bytes = sprintf(buf, "%s\t%02d%s", EIA608_CHAR_VERTICAL_LINE, r, EIA608_CHAR_VERTICAL_LINE);
total += bytes, buf += bytes;
// back buffer
for (c = 0; c < SCREEN_COLS; ++c) {
caption_frame_cell_t* cell = frame_buffer_cell(&frame->back, r, c);
Reported by FlawFinder.
Line: 443
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
total += bytes, buf += bytes;
}
bytes = sprintf(buf, "%s\n", EIA608_CHAR_VERTICAL_LINE);
total += bytes, buf += bytes;
}
bytes = sprintf(buf, " %s--------------------------------%s\t %s--------------------------------%s\n",
EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_RIGHT, EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_LEFT,
Reported by FlawFinder.
Line: 447
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
total += bytes, buf += bytes;
}
bytes = sprintf(buf, " %s--------------------------------%s\t %s--------------------------------%s\n",
EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_RIGHT, EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_LEFT,
EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_RIGHT, EIA608_CHAR_BOX_DRAWINGS_LIGHT_UP_AND_LEFT);
total += bytes, buf += bytes;
return total;
}
Reported by FlawFinder.
Line: 124
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; r < SCREEN_ROWS; ++r) {
uint8_t* dst = (uint8_t*)frame_buffer_cell(frame->write, r - 1, 0);
uint8_t* src = (uint8_t*)frame_buffer_cell(frame->write, r - 0, 0);
memcpy(dst, src, sizeof(caption_frame_cell_t) * SCREEN_COLS);
}
frame->state.col = 0;
caption_frame_cell_t* cell = frame_buffer_cell(frame->write, SCREEN_ROWS - 1, 0);
memset(cell, 0, sizeof(caption_frame_cell_t) * SCREEN_COLS);
Reported by FlawFinder.
Line: 146
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
libcaption_stauts_t caption_frame_end(caption_frame_t* frame)
{
memcpy(&frame->front, &frame->back, sizeof(caption_frame_buffer_t));
caption_frame_buffer_clear(&frame->back); // This is required
return LIBCAPTION_READY;
}
libcaption_stauts_t caption_frame_decode_preamble(caption_frame_t* frame, uint16_t cc_data)
Reported by FlawFinder.
Line: 278
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
libcaption_stauts_t caption_frame_decode_text(caption_frame_t* frame, uint16_t cc_data)
{
int chan;
char char1[5], char2[5];
size_t chars = eia608_to_utf8(cc_data, &chan, &char1[0], &char2[0]);
if (eia608_is_westeu(cc_data)) {
// Extended charcters replace the previous charcter for back compatibility
caption_frame_backspace(frame);
Reported by FlawFinder.
Line: 394
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// dont start a new line until we encounter at least one printable character
if (0 < utf8_char_length(chr) && (0 < count || !utf8_char_whitespace(chr))) {
if (0 < crlf) {
memcpy(data, "\r\n\0", 3);
data += 2, size += 2, crlf = 0;
}
s = utf8_char_copy(data, chr);
data += s, size += s, ++count;
Reported by FlawFinder.
Line: 411
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int r, c;
size_t bytes, total = 0;
bytes = sprintf(buf, " timestamp: %f\n row: %02d col: %02d roll-up: %d\n",
frame->timestamp, frame->state.row, frame->state.col, caption_frame_rollup(frame));
total += bytes, buf += bytes;
bytes = sprintf(buf, " 00000000001111111111222222222233\t 00000000001111111111222222222233\n"
" 01234567890123456789012345678901\t 01234567890123456789012345678901\n"
" %s--------------------------------%s\t %s--------------------------------%s\n",
Reported by FlawFinder.
plugins/win-capture/graphics-hook/graphics-hook.h
11 issues
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
char base_path[MAX_PATH];
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, module);
return GetModuleHandleA(base_path);
}
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, module);
return GetModuleHandleA(base_path);
}
static inline uint32_t module_size(HMODULE module)
{
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char base_path[MAX_PATH];
HMODULE module;
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, name);
module = GetModuleHandleA(base_path);
if (module)
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, name);
module = GetModuleHandleA(base_path);
if (module)
return module;
Reported by FlawFinder.
Line: 110
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern HANDLE signal_ready;
extern HANDLE signal_exit;
extern HANDLE tex_mutexes[2];
extern char system_path[MAX_PATH];
extern char process_name[MAX_PATH];
extern wchar_t keepalive_name[64];
extern HWND dummy_window;
extern volatile bool active;
Reported by FlawFinder.
Line: 111
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern HANDLE signal_exit;
extern HANDLE tex_mutexes[2];
extern char system_path[MAX_PATH];
extern char process_name[MAX_PATH];
extern wchar_t keepalive_name[64];
extern HWND dummy_window;
extern volatile bool active;
static inline const char *get_process_name(void)
Reported by FlawFinder.
Line: 112
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern HANDLE tex_mutexes[2];
extern char system_path[MAX_PATH];
extern char process_name[MAX_PATH];
extern wchar_t keepalive_name[64];
extern HWND dummy_window;
extern volatile bool active;
static inline const char *get_process_name(void)
{
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline HMODULE get_system_module(const char *module)
{
char base_path[MAX_PATH];
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, module);
return GetModuleHandleA(base_path);
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline HMODULE load_system_library(const char *name)
{
char base_path[MAX_PATH];
HMODULE module;
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, name);
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
char base_path[MAX_PATH];
strcpy(base_path, system_path);
strcat(base_path, "\\");
strcat(base_path, module);
return GetModuleHandleA(base_path);
}
static inline uint32_t module_size(HMODULE module)
Reported by FlawFinder.
UI/win-update/win-update.cpp
10 issues
Line: 315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void HexToByteArray(const char *hexStr, size_t hexLen,
vector<uint8_t> &out)
{
char ptr[3];
ptr[2] = 0;
for (size_t i = 0; i < hexLen; i += 2) {
ptr[0] = hexStr[i];
Reported by FlawFinder.
Line: 360
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
GetConfigPathPtr("obs-studio\\updates\\updater.exe");
if (CalculateFileHash(updateFilePath, updateFileHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(updateFileHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 551
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* avoid downloading manifest again */
if (CalculateFileHash(manifestPath, manifestHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(manifestHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 661
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* ----------------------------------- *
* get working dir */
wchar_t cwd[MAX_PATH];
GetModuleFileNameW(nullptr, cwd, _countof(cwd) - 1);
wchar_t *p = wcsrchr(cwd, '\\');
if (p)
*p = 0;
Reported by FlawFinder.
Line: 746
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* avoid downloading json again */
if (CalculateFileHash(whatsnewPath, whatsnewHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(whatsnewHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 178
Column: 8
CWE codes:
120
20
DWORD size = GetFileSize(handle, nullptr);
data.resize(size);
DWORD read;
if (!ReadFile(handle, &data[0], size, &read, nullptr))
throw strprintf("Failed to write file '%s': %lu", file,
GetLastError());
return true;
Reported by FlawFinder.
Line: 179
Column: 41
CWE codes:
120
20
data.resize(size);
DWORD read;
if (!ReadFile(handle, &data[0], size, &read, nullptr))
throw strprintf("Failed to write file '%s': %lu", file,
GetLastError());
return true;
Reported by FlawFinder.
Line: 223
Column: 57
CWE codes:
120
20
for (;;) {
DWORD read = 0;
if (!ReadFile(handle, buf.data(), (DWORD)buf.size(), &read,
nullptr))
throw strprintf("Failed to read file '%s': %lu", path,
GetLastError());
if (!read)
Reported by FlawFinder.
Line: 228
Column: 8
CWE codes:
120
20
throw strprintf("Failed to read file '%s': %lu", path,
GetLastError());
if (!read)
break;
if (blake2b_update(&blake2, buf.data(), read) != 0)
return false;
}
Reported by FlawFinder.
Line: 231
Column: 43
CWE codes:
120
20
if (!read)
break;
if (blake2b_update(&blake2, buf.data(), read) != 0)
return false;
}
if (blake2b_final(&blake2, hash, BLAKE2_HASH_LENGTH) != 0)
return false;
Reported by FlawFinder.