The following issues were found

plugins/obs-filters/rnnoise/src/common.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 32 Column: 32 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
/** Copy n elements from src to dst. The 0* term provides compile-time type checking  */
#ifndef OVERRIDE_RNN_COPY
#define RNN_COPY(dst, src, n) (memcpy((dst), (src), (n)*sizeof(*(dst)) + 0*((dst)-(src)) ))
#endif

/** Copy n elements from src to dst, allowing overlapping regions. The 0* term
    provides compile-time type checking */
#ifndef OVERRIDE_RNN_MOVE

Reported by FlawFinder.

plugins/obs-filters/rnnoise/src/kiss_fft.h
1 issues
memalign - On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct
Security

Line: 47 Column: 33 CWE codes: 676
Suggestion: Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient 

              #ifdef USE_SIMD
# include <xmmintrin.h>
# define kiss_fft_scalar __m128
#define KISS_FFT_MALLOC(nbytes) memalign(16,nbytes)
#else
#define KISS_FFT_MALLOC opus_alloc
#endif

#ifdef FIXED_POINT

Reported by FlawFinder.

plugins/obs-filters/scale-filter.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 395 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		obs_property_list_add_string(p, aspects[i], aspects[i]);

	for (size_t i = 0; i < NUM_DOWNSCALES; i++) {
		char str[32];
		snprintf(str, 32, "%dx%d", downscales[i].cx, downscales[i].cy);
		obs_property_list_add_string(p, str, str);
	}

	obs_properties_add_bool(props, S_UNDISTORT, T_UNDISTORT);

Reported by FlawFinder.

plugins/obs-outputs/librtmp/md5.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 37 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              typedef struct {
	MD5_u32plus lo, hi;
	MD5_u32plus a, b, c, d;
	unsigned char buffer[64];
	MD5_u32plus block[16];
} MD5_CTX;

extern void MD5_Init(MD5_CTX *ctx);
extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size);

Reported by FlawFinder.

plugins/obs-outputs/rtmp-helpers.h
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 25 Column: 21 CWE codes: 126 

              static inline AVal *flv_str(AVal *out, const char *str)
{
	out->av_val = (char *)str;
	out->av_len = (int)strlen(str);
	return out;
}

static inline void enc_num_val(char **enc, char *end, const char *name,
			       double val)

Reported by FlawFinder.

plugins/obs-outputs/rtmp-windows.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 64 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	}

	if (net_events.lNetworkEvents & FD_READ) {
		char discard[16384];
		int err_code;
		bool fatal = false;

		for (;;) {
			int ret = recv(stream->rtmp.m_sb.sb_socket, discard,

Reported by FlawFinder.

plugins/obs-qsv11/QSV_Encoder.cpp
1 issues
LoadLibrary - Ensure that the full path to the library is specified, or current directory may be used
Security

Line: 84 Column: 18 CWE codes: 829 20
Suggestion: Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library 

              	bool hasDGPU = false;
	bool isDG1Primary = false;

	HMODULE hDXGI = LoadLibrary(L"dxgi.dll");
	if (hDXGI == NULL) {
		return false;
	}

	typedef HRESULT(WINAPI * LPCREATEDXGIFACTORY)(REFIID riid,

Reported by FlawFinder.

plugins/obs-qsv11/libmfx/include/mfx_dispatcher.h
1 issues
wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 164 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  // Status of loaded dll
    mfxStatus loadStatus;
    // Resgistry subkey name for windows version
    wchar_t subkeyName[MFX_MAX_REGISTRY_KEY_NAME];
    // Storage ID for windows version
    int storageID;

    // Library's module handle
    mfxModuleHandle hModule;

Reported by FlawFinder.

plugins/obs-qsv11/libmfx/include/mfx_dxva2_device.h
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 46 Column: 33 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
#ifdef DXVA2DEVICE_LOG
#include <stdio.h>
#define DXVA2DEVICE_TRACE(expr) printf expr;
#define DXVA2DEVICE_TRACE_OPERATION(expr) expr;
#else
#define DXVA2DEVICE_TRACE(expr)
#define DXVA2DEVICE_TRACE_OPERATION(expr)
#endif

Reported by FlawFinder.

plugins/obs-qsv11/libmfx/include/mfx_load_plugin.h
1 issues
wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  {
        mfxModuleHandle mHmodule;
        CreatePluginPtr_t mCreatePluginPtr;
        wchar_t mPath[MAX_PLUGIN_PATH];
        
    public:
        PluginModule();
        PluginModule(const wchar_t * path);
        PluginModule(const PluginModule & that) ;

Reported by FlawFinder.