The following issues were found
UI/win-update/win-update.cpp
10 issues
Line: 315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void HexToByteArray(const char *hexStr, size_t hexLen,
vector<uint8_t> &out)
{
char ptr[3];
ptr[2] = 0;
for (size_t i = 0; i < hexLen; i += 2) {
ptr[0] = hexStr[i];
Reported by FlawFinder.
Line: 360
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
GetConfigPathPtr("obs-studio\\updates\\updater.exe");
if (CalculateFileHash(updateFilePath, updateFileHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(updateFileHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 551
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* avoid downloading manifest again */
if (CalculateFileHash(manifestPath, manifestHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(manifestHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 661
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* ----------------------------------- *
* get working dir */
wchar_t cwd[MAX_PATH];
GetModuleFileNameW(nullptr, cwd, _countof(cwd) - 1);
wchar_t *p = wcsrchr(cwd, '\\');
if (p)
*p = 0;
Reported by FlawFinder.
Line: 746
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* avoid downloading json again */
if (CalculateFileHash(whatsnewPath, whatsnewHash)) {
char hashString[BLAKE2_HASH_STR_LENGTH];
HashToString(whatsnewHash, hashString);
string header = "If-None-Match: ";
header += hashString;
extraHeaders.push_back(move(header));
Reported by FlawFinder.
Line: 178
Column: 8
CWE codes:
120
20
DWORD size = GetFileSize(handle, nullptr);
data.resize(size);
DWORD read;
if (!ReadFile(handle, &data[0], size, &read, nullptr))
throw strprintf("Failed to write file '%s': %lu", file,
GetLastError());
return true;
Reported by FlawFinder.
Line: 179
Column: 41
CWE codes:
120
20
data.resize(size);
DWORD read;
if (!ReadFile(handle, &data[0], size, &read, nullptr))
throw strprintf("Failed to write file '%s': %lu", file,
GetLastError());
return true;
Reported by FlawFinder.
Line: 223
Column: 57
CWE codes:
120
20
for (;;) {
DWORD read = 0;
if (!ReadFile(handle, buf.data(), (DWORD)buf.size(), &read,
nullptr))
throw strprintf("Failed to read file '%s': %lu", path,
GetLastError());
if (!read)
Reported by FlawFinder.
Line: 228
Column: 8
CWE codes:
120
20
throw strprintf("Failed to read file '%s': %lu", path,
GetLastError());
if (!read)
break;
if (blake2b_update(&blake2, buf.data(), read) != 0)
return false;
}
Reported by FlawFinder.
Line: 231
Column: 43
CWE codes:
120
20
if (!read)
break;
if (blake2b_update(&blake2, buf.data(), read) != 0)
return false;
}
if (blake2b_final(&blake2, hash, BLAKE2_HASH_LENGTH) != 0)
return false;
Reported by FlawFinder.
libobs-d3d11/d3d11-subsystem.cpp
10 issues
Line: 206
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void gs_device::InitCompiler()
{
char d3dcompiler[40] = {};
int ver = 49;
while (ver > 30) {
sprintf(d3dcompiler, "D3DCompiler_%02d.dll", ver);
Reported by FlawFinder.
Line: 210
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ver = 49;
while (ver > 30) {
sprintf(d3dcompiler, "D3DCompiler_%02d.dll", ver);
HMODULE module = LoadLibraryA(d3dcompiler);
if (module) {
d3dCompile = (pD3DCompile)GetProcAddress(module,
"D3DCompile");
Reported by FlawFinder.
Line: 877
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; factory->EnumAdapters1(i, adapter.Assign()) == S_OK; ++i) {
DXGI_ADAPTER_DESC desc;
char name[512] = "";
hr = adapter->GetDesc(&desc);
if (FAILED(hr))
continue;
Reported by FlawFinder.
Line: 1022
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; factory->EnumAdapters1(i, adapter.Assign()) == S_OK; ++i) {
DXGI_ADAPTER_DESC desc;
char name[512] = "";
hr = adapter->GetDesc(&desc);
if (FAILED(hr))
continue;
Reported by FlawFinder.
Line: 2201
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void device_get_viewport(const gs_device_t *device, struct gs_rect *rect)
{
memcpy(rect, &device->viewport, sizeof(gs_rect));
}
void device_set_scissor_rect(gs_device_t *device, const struct gs_rect *rect)
{
D3D11_RECT d3drect;
Reported by FlawFinder.
Line: 2277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void device_projection_push(gs_device_t *device)
{
mat4float mat;
memcpy(&mat, &device->curProjMatrix, sizeof(matrix4));
device->projStack.push_back(mat);
}
void device_projection_pop(gs_device_t *device)
{
Reported by FlawFinder.
Line: 2287
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
const mat4float &mat = device->projStack.back();
memcpy(&device->curProjMatrix, &mat, sizeof(matrix4));
device->projStack.pop_back();
}
void gs_swapchain_destroy(gs_swapchain_t *swapchain)
{
Reported by FlawFinder.
Line: 2559
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (FAILED(hr))
return;
memcpy(map.pData, data, indexbuffer->num * indexbuffer->indexSize);
indexbuffer->device->context->Unmap(indexbuffer->indexBuffer, 0);
}
void gs_indexbuffer_flush(gs_indexbuffer_t *indexbuffer)
Reported by FlawFinder.
Line: 2688
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
extern "C" EXPORT void device_debug_marker_begin(gs_device_t *,
const char *markername,
const float color[4])
{
D3DCOLOR bgra = D3DCOLOR_ARGB((DWORD)(255.0f * color[3]),
(DWORD)(255.0f * color[0]),
(DWORD)(255.0f * color[1]),
Reported by FlawFinder.
Line: 2696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(DWORD)(255.0f * color[1]),
(DWORD)(255.0f * color[2]));
wchar_t wide[64];
os_utf8_to_wcs(markername, 0, wide, _countof(wide));
D3DPERF_BeginEvent(bgra, wide);
}
Reported by FlawFinder.
deps/libcaption/src/vtt.c
10 issues
Line: 95
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
utf8_char_t* dest = (utf8_char_t*)vtt_block_data(block);
if (data) {
memcpy(dest, data, size);
} else {
memset(dest, 0, size);
}
dest[size] = '\0';
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void parse_timestamps(const utf8_char_t* line, double* start_pts, double* end_pts, char** cue_settings)
{
char start_str[32];
char end_str[32];
char cue_str[1024];
int matches = sscanf(line, " %31s --> %31s%1023[^\n\r]", start_str, end_str, cue_str);
*start_pts = -1;
Reported by FlawFinder.
Line: 157
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void parse_timestamps(const utf8_char_t* line, double* start_pts, double* end_pts, char** cue_settings)
{
char start_str[32];
char end_str[32];
char cue_str[1024];
int matches = sscanf(line, " %31s --> %31s%1023[^\n\r]", start_str, end_str, cue_str);
*start_pts = -1;
*cue_settings = NULL;
Reported by FlawFinder.
Line: 158
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char start_str[32];
char end_str[32];
char cue_str[1024];
int matches = sscanf(line, " %31s --> %31s%1023[^\n\r]", start_str, end_str, cue_str);
*start_pts = -1;
*cue_settings = NULL;
Reported by FlawFinder.
Line: 285
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block->cue_settings = cue_settings;
if (cue_id != NULL) {
block->cue_id = malloc(cue_id_length + 1);
memcpy(block->cue_id, cue_id, cue_id_length);
block->cue_id[cue_id_length] = '\0';
}
}
cue_id = NULL;
Reported by FlawFinder.
Line: 315
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
caption_frame_to_text(frame, data);
cue->timestamp = frame->timestamp;
// vtt requires an extra new line
strcat((char*)data, "\r\n");
return cue;
}
static void _dump(vtt_t* vtt)
{
Reported by FlawFinder.
Line: 160
Column: 19
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
char end_str[32];
char cue_str[1024];
int matches = sscanf(line, " %31s --> %31s%1023[^\n\r]", start_str, end_str, cue_str);
*start_pts = -1;
*cue_settings = NULL;
printf("Matches: %d\n", matches);
Reported by FlawFinder.
Line: 173
Column: 28
CWE codes:
126
if (matches >= 2) {
*end_pts = parse_timestamp(end_str);
}
if ((matches == 3) && (strlen(cue_str) > 0)) {
int cue_size = strlen(cue_str);
*cue_settings = malloc(cue_size + 1);
strncpy(*cue_settings, cue_str, cue_size);
(*cue_settings)[cue_size] = '\0';
}
Reported by FlawFinder.
Line: 174
Column: 24
CWE codes:
126
*end_pts = parse_timestamp(end_str);
}
if ((matches == 3) && (strlen(cue_str) > 0)) {
int cue_size = strlen(cue_str);
*cue_settings = malloc(cue_size + 1);
strncpy(*cue_settings, cue_str, cue_size);
(*cue_settings)[cue_size] = '\0';
}
}
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
120
if ((matches == 3) && (strlen(cue_str) > 0)) {
int cue_size = strlen(cue_str);
*cue_settings = malloc(cue_size + 1);
strncpy(*cue_settings, cue_str, cue_size);
(*cue_settings)[cue_size] = '\0';
}
}
vtt_t* vtt_parse(const utf8_char_t* data, size_t size)
Reported by FlawFinder.
deps/lzma/liblzma/lzma/lzma_decoder.c
9 issues
Line: 407
CWE codes:
768
+ symbol;
rc_bit(probs[subcoder_index],
offset &= ~match_bit,
offset &= match_bit,
SEQ_LITERAL_MATCHED);
// It seems to be faster to do this
// here instead of putting it to the
Reported by Cppcheck.
Line: 433
CWE codes:
768
offset &= match_bit, \
seq)
d(SEQ_LITERAL_MATCHED0);
len <<= 1;
d(SEQ_LITERAL_MATCHED1);
len <<= 1;
d(SEQ_LITERAL_MATCHED2);
len <<= 1;
Reported by Cppcheck.
Line: 435
CWE codes:
768
d(SEQ_LITERAL_MATCHED0);
len <<= 1;
d(SEQ_LITERAL_MATCHED1);
len <<= 1;
d(SEQ_LITERAL_MATCHED2);
len <<= 1;
d(SEQ_LITERAL_MATCHED3);
len <<= 1;
Reported by Cppcheck.
Line: 437
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED1);
len <<= 1;
d(SEQ_LITERAL_MATCHED2);
len <<= 1;
d(SEQ_LITERAL_MATCHED3);
len <<= 1;
d(SEQ_LITERAL_MATCHED4);
len <<= 1;
Reported by Cppcheck.
Line: 439
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED2);
len <<= 1;
d(SEQ_LITERAL_MATCHED3);
len <<= 1;
d(SEQ_LITERAL_MATCHED4);
len <<= 1;
d(SEQ_LITERAL_MATCHED5);
len <<= 1;
Reported by Cppcheck.
Line: 441
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED3);
len <<= 1;
d(SEQ_LITERAL_MATCHED4);
len <<= 1;
d(SEQ_LITERAL_MATCHED5);
len <<= 1;
d(SEQ_LITERAL_MATCHED6);
len <<= 1;
Reported by Cppcheck.
Line: 443
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED4);
len <<= 1;
d(SEQ_LITERAL_MATCHED5);
len <<= 1;
d(SEQ_LITERAL_MATCHED6);
len <<= 1;
d(SEQ_LITERAL_MATCHED7);
# undef d
Reported by Cppcheck.
Line: 445
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED5);
len <<= 1;
d(SEQ_LITERAL_MATCHED6);
len <<= 1;
d(SEQ_LITERAL_MATCHED7);
# undef d
#endif
}
Reported by Cppcheck.
Line: 447
CWE codes:
768
len <<= 1;
d(SEQ_LITERAL_MATCHED6);
len <<= 1;
d(SEQ_LITERAL_MATCHED7);
# undef d
#endif
}
//update_literal(state);
Reported by Cppcheck.
plugins/obs-qsv11/libmfx/src/mfx_plugin_hive.cpp
9 issues
Line: 119
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(index = 0; ; index++)
{
wchar_t subKeyName[MFX_MAX_REGISTRY_KEY_NAME];
DWORD subKeyNameSize = sizeof(subKeyName) / sizeof(subKeyName[0]);
WinRegKey subKey;
// query next value name
bool enumRes = regKey.EnumKey(index, subKeyName, &subKeyNameSize);
Reported by FlawFinder.
Line: 223
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
, mIsAPIVersionParsed()
{
WIN32_FIND_DATAW find_data;
wchar_t currentModuleName[MAX_PLUGIN_PATH];
GetModuleFileNameW(NULL, currentModuleName, MAX_PLUGIN_PATH);
if (GetLastError() != 0)
{
TRACE_HIVE_ERROR("GetModuleFileName() reported an error: %d\n", GetLastError());
Reported by FlawFinder.
Line: 327
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool MFX::MFXPluginsInFS::ParseFile(FILE * f, PluginDescriptionRecord & descriptionRecord)
{
wchar_t line[MAX_PLUGIN_FILE_LINE];
while(NULL != fgetws(line, sizeof(line) / sizeof(*line), f))
{
wchar_t *delimiter = wcschr(line, L'=');
if (0 == delimiter)
Reported by FlawFinder.
Line: 452
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MFX::MFXDefaultPlugins::MFXDefaultPlugins(mfxVersion currentAPIVersion, MFX_DISP_HANDLE * hdl, int implType)
: MFXPluginStorageBase(currentAPIVersion)
{
wchar_t libModuleName[MAX_PLUGIN_PATH];
GetModuleFileNameW((HMODULE)hdl->hModule, libModuleName, MAX_PLUGIN_PATH);
if (GetLastError() != 0)
{
TRACE_HIVE_ERROR("GetModuleFileName() reported an error: %d\n", GetLastError());
Reported by FlawFinder.
Line: 256
Column: 33
CWE codes:
126
{
continue;
}
if (pluginDirNameLen != wcslen(find_data.cFileName))
{
continue;
}
//converting dirname into guid
PluginDescriptionRecord descriptionRecord;
Reported by FlawFinder.
Line: 356
Column: 10
CWE codes:
126
return false;
}
if (!wcslen(descriptionRecord.sPath))
{
TRACE_HIVE_ERROR("%S : Mandatory key %S not found\n", pluginCfgFileName, pluginFileName);
return false;
}
Reported by FlawFinder.
Line: 420
Column: 41
CWE codes:
126
}
*endQuoteMark = 0;
mfxU32 currentPathLen = (mfxU32)wcslen(descriptionRecord.sPath);
if (currentPathLen + wcslen(startQuoteMark + 1) > sizeof(descriptionRecord.sPath) / sizeof(*descriptionRecord.sPath))
{
TRACE_HIVE_ERROR("buffer of MAX_PLUGIN_PATH characters which is %d, not enough lo store plugin path: %S%S\n"
, MAX_PLUGIN_PATH, descriptionRecord.sPath, startQuoteMark + 1);
return false;
Reported by FlawFinder.
Line: 421
Column: 30
CWE codes:
126
*endQuoteMark = 0;
mfxU32 currentPathLen = (mfxU32)wcslen(descriptionRecord.sPath);
if (currentPathLen + wcslen(startQuoteMark + 1) > sizeof(descriptionRecord.sPath) / sizeof(*descriptionRecord.sPath))
{
TRACE_HIVE_ERROR("buffer of MAX_PLUGIN_PATH characters which is %d, not enough lo store plugin path: %S%S\n"
, MAX_PLUGIN_PATH, descriptionRecord.sPath, startQuoteMark + 1);
return false;
}
Reported by FlawFinder.
Line: 429
Column: 34
CWE codes:
126
}
size_t restrictedCharIdx = wcscspn(startQuoteMark + 1, pluginFileNameRestrictedCharacters);
if (restrictedCharIdx != wcslen(startQuoteMark + 1))
{
TRACE_HIVE_ERROR("plugin filename :%S, contains one of restricted characters: %S\n", startQuoteMark + 1, pluginFileNameRestrictedCharacters);
return false;
}
Reported by FlawFinder.
deps/jansson/src/jansson_private.h
9 issues
Line: 96
Column: 39
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Windows compatibility */
#if defined(_WIN32) || defined(WIN32)
# if defined(_MSC_VER) /* MS compiller */
# if (_MSC_VER < 1900) && !defined(snprintf) /* snprintf not defined yet & not introduced */
# define snprintf _snprintf
# endif
# if (_MSC_VER < 1500) && !defined(vsnprintf) /* vsnprintf not defined yet & not introduced */
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
Reported by FlawFinder.
Line: 97
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#if defined(_WIN32) || defined(WIN32)
# if defined(_MSC_VER) /* MS compiller */
# if (_MSC_VER < 1900) && !defined(snprintf) /* snprintf not defined yet & not introduced */
# define snprintf _snprintf
# endif
# if (_MSC_VER < 1500) && !defined(vsnprintf) /* vsnprintf not defined yet & not introduced */
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
Reported by FlawFinder.
Line: 97
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
#if defined(_WIN32) || defined(WIN32)
# if defined(_MSC_VER) /* MS compiller */
# if (_MSC_VER < 1900) && !defined(snprintf) /* snprintf not defined yet & not introduced */
# define snprintf _snprintf
# endif
# if (_MSC_VER < 1500) && !defined(vsnprintf) /* vsnprintf not defined yet & not introduced */
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
Reported by FlawFinder.
Line: 99
Column: 39
CWE codes:
134
Suggestion:
Use a constant for the format specification
# if (_MSC_VER < 1900) && !defined(snprintf) /* snprintf not defined yet & not introduced */
# define snprintf _snprintf
# endif
# if (_MSC_VER < 1500) && !defined(vsnprintf) /* vsnprintf not defined yet & not introduced */
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
# define snprintf _snprintf
# define vsnprintf _vsnprintf
Reported by FlawFinder.
Line: 100
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define snprintf _snprintf
# endif
# if (_MSC_VER < 1500) && !defined(vsnprintf) /* vsnprintf not defined yet & not introduced */
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
# define snprintf _snprintf
# define vsnprintf _vsnprintf
# endif
Reported by FlawFinder.
Line: 103
Column: 22
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
# define snprintf _snprintf
# define vsnprintf _vsnprintf
# endif
#endif
#endif
Reported by FlawFinder.
Line: 103
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
# endif
# else /* Other Windows compiller, old definition */
# define snprintf _snprintf
# define vsnprintf _vsnprintf
# endif
#endif
#endif
Reported by FlawFinder.
Line: 104
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
# endif
# else /* Other Windows compiller, old definition */
# define snprintf _snprintf
# define vsnprintf _vsnprintf
# endif
#endif
#endif
Reported by FlawFinder.
Line: 30
Column: 24
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef __va_copy
#define va_copy __va_copy
#else
#define va_copy(a, b) memcpy(&(a), &(b), sizeof(va_list))
#endif
#endif
typedef struct {
json_t json;
Reported by FlawFinder.
libobs/obs-data.c
9 issues
Line: 298
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
item->data_size = size;
}
strcpy(get_item_name(item), name);
memcpy(get_item_data(item), data, size);
item_data_addref(item);
return item;
}
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
strcpy(get_item_name(item), name);
memcpy(get_item_data(item), data, size);
item_data_addref(item);
return item;
}
Reported by FlawFinder.
Line: 409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
item->default_len + item->autoselect_size);
if (size) {
memcpy(get_item_data(item), data, size);
item_data_addref(item);
}
*p_item = item;
}
Reported by FlawFinder.
Line: 438
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
get_autoselect_data_ptr(item), item->autoselect_size);
if (size) {
memcpy(get_item_default_data(item), data, size);
item_default_data_addref(item);
}
*p_item = item;
}
Reported by FlawFinder.
Line: 464
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
item = obs_data_item_ensure_capacity(item);
if (size) {
memcpy(get_item_autoselect_data(item), data, size);
item_autoselect_data_addref(item);
}
*p_item = item;
}
Reported by FlawFinder.
Line: 76
Column: 21
CWE codes:
126
/* ensures data after the name has alignment (in case of SSE) */
static inline size_t get_name_align_size(const char *name)
{
size_t name_size = strlen(name) + 1;
size_t alignment = base_get_alignment();
size_t total_size;
total_size = sizeof(struct obs_data_item) + (name_size + alignment - 1);
total_size &= ~(alignment - 1);
Reported by FlawFinder.
Line: 755
Column: 47
CWE codes:
126
const char *json = obs_data_get_json(data);
if (json && *json) {
return os_quick_write_utf8_file(file, json, strlen(json),
false);
}
return false;
}
Reported by FlawFinder.
Line: 769
Column: 16
CWE codes:
126
if (json && *json) {
return os_quick_write_utf8_file_safe(
file, json, strlen(json), false, temp_ext, backup_ext);
}
return false;
}
Reported by FlawFinder.
Line: 1120
Column: 35
CWE codes:
126
{
if (!val)
val = "";
set_item_(data, item, name, val, strlen(val) + 1, OBS_DATA_STRING);
}
static inline void obs_set_int(obs_data_t *data, obs_data_item_t **item,
const char *name, long long val,
set_item_t set_item_)
Reported by FlawFinder.
UI/window-basic-main-profiles.cpp
9 issues
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void EnumProfiles(std::function<bool(const char *, const char *)> &&cb)
{
char path[512];
os_glob_t *glob;
int ret = GetConfigPath(path, sizeof(path),
"obs-studio/basic/profiles/*");
if (ret <= 0) {
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool FindSafeProfileDirName(const std::string &profileName,
std::string &dirName)
{
char path[512];
int ret;
if (ProfileExists(profileName.c_str())) {
blog(LOG_WARNING, "Profile '%s' exists", profileName.c_str());
return false;
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool CopyProfile(const char *fromPartial, const char *to)
{
os_glob_t *glob;
char path[514];
char dir[512];
int ret;
ret = GetConfigPath(dir, sizeof(dir), "obs-studio/basic/profiles/");
if (ret <= 0) {
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
os_glob_t *glob;
char path[514];
char dir[512];
int ret;
ret = GetConfigPath(dir, sizeof(dir), "obs-studio/basic/profiles/");
if (ret <= 0) {
blog(LOG_WARNING, "Failed to get profiles config path");
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::string curDir =
config_get_string(App()->GlobalConfig(), "Basic", "ProfileDir");
char baseDir[512];
int ret = GetConfigPath(baseDir, sizeof(baseDir),
"obs-studio/basic/profiles/");
if (ret <= 0) {
blog(LOG_WARNING, "Failed to get profiles config path");
return false;
Reported by FlawFinder.
Line: 337
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void OBSBasic::DeleteProfile(const char *profileName, const char *profileDir)
{
char profilePath[512];
char basePath[512];
int ret = GetConfigPath(basePath, 512, "obs-studio/basic/profiles");
if (ret <= 0) {
blog(LOG_WARNING, "Failed to get profiles config path");
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void OBSBasic::DeleteProfile(const char *profileName, const char *profileDir)
{
char profilePath[512];
char basePath[512];
int ret = GetConfigPath(basePath, 512, "obs-studio/basic/profiles");
if (ret <= 0) {
blog(LOG_WARNING, "Failed to get profiles config path");
return;
Reported by FlawFinder.
Line: 588
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void OBSBasic::on_actionImportProfile_triggered()
{
char path[512];
QString home = QDir::homePath();
int ret = GetConfigPath(path, 512, "obs-studio/basic/profiles/");
if (ret <= 0) {
Reported by FlawFinder.
Line: 631
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void OBSBasic::on_actionExportProfile_triggered()
{
char path[512];
QString home = QDir::homePath();
QString currentProfile = QString::fromUtf8(config_get_string(
App()->GlobalConfig(), "Basic", "ProfileDir"));
Reported by FlawFinder.
libobs/util/cf-lexer.c
8 issues
Line: 456
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
token.lex = lex;
last_token = da_push_back_new(lex->tokens);
memcpy(last_token, &token, sizeof(struct cf_token));
}
cf_token_clear(&token);
token.str.array = lex->write_offset;
Reported by FlawFinder.
Line: 813
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return pp->defines.array + idx;
}
static char space_filler[2] = " ";
static inline void append_space(struct cf_preprocessor *pp,
struct darray *tokens,
const struct cf_token *base)
{
Reported by FlawFinder.
Line: 1343
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NULL, NULL);
cf_def_free(existing);
memcpy(existing, def, sizeof(struct cf_def));
} else {
da_push_back(pp->defines, def);
}
}
Reported by FlawFinder.
Line: 94
Column: 11
CWE codes:
126
char *str, *temp_dst;
if (!count)
count = strlen(literal);
if (count < 2)
return NULL;
if (literal[0] != literal[count - 1])
return NULL;
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
offset = lex->base_lexer.offset;
cf_pass_any_splices(&offset);
strcpy(lex->write_offset++, " ");
out_token->str.len = 1;
if (*offset == '/') {
while (*++offset && !is_newline(*offset))
cf_pass_any_splices(&offset);
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
120
static inline void cf_lexer_write_strref(struct cf_lexer *lex,
const struct strref *ref)
{
strncpy(lex->write_offset, ref->array, ref->len);
lex->write_offset[ref->len] = 0;
lex->write_offset += ref->len;
}
static bool cf_lexer_is_include(struct cf_lexer *lex)
Reported by FlawFinder.
Line: 443
Column: 29
CWE codes:
126
lexer_start(&lex->base_lexer, str);
cf_token_clear(&token);
lex->reformatted = bmalloc(strlen(str) + 1);
lex->reformatted[0] = 0;
lex->write_offset = lex->reformatted;
while (cf_lexer_nexttoken(lex, &token)) {
if (last_token && is_space_or_tab(*last_token->str.array) &&
Reported by FlawFinder.
Line: 1354
Column: 12
CWE codes:
126
{
struct strref ref;
ref.array = def_name;
ref.len = strlen(def_name);
cf_preprocess_remove_def_strref(pp, &ref);
}
Reported by FlawFinder.
UI/win-update/updater/patch.cpp
8 issues
Line: 81
Column: 8
CWE codes:
120
20
struct bspatch_stream {
void *opaque;
int (*read)(const struct bspatch_stream *stream, void *buffer,
int length);
};
/* ------------------------------------------------------------------------ */
Reported by FlawFinder.
Line: 128
Column: 16
CWE codes:
120
20
while (newpos < newsize) {
/* Read control data */
for (i = 0; i <= 2; i++) {
if (stream->read(stream, buf, 8))
return -1;
ctrl[i] = offtin(buf);
};
/* Sanity-check */
Reported by FlawFinder.
Line: 138
Column: 15
CWE codes:
120
20
return -1;
/* Read diff string */
if (stream->read(stream, newp + newpos, (int)ctrl[0]))
return -1;
/* Add old data to diff string */
for (i = 0; i < ctrl[0]; i++)
if ((oldpos + i >= 0) && (oldpos + i < oldsize))
Reported by FlawFinder.
Line: 155
Column: 15
CWE codes:
120
20
return -1;
/* Read extra string */
if (stream->read(stream, newp + newpos, (int)ctrl[1]))
return -1;
/* Adjust pointers */
newpos += ctrl[1];
oldpos += ctrl[2];
Reported by FlawFinder.
Line: 238
Column: 8
CWE codes:
120
20
/* --------------------------------- *
* read patch header */
DWORD read;
success = !!ReadFile(hPatch, header, sizeof(header), &read, nullptr);
if (success && read == sizeof(header)) {
if (memcmp(header, "JIMSLEY/BSDIFF43", 16))
throw int(-4);
} else {
Reported by FlawFinder.
Line: 239
Column: 56
CWE codes:
120
20
* read patch header */
DWORD read;
success = !!ReadFile(hPatch, header, sizeof(header), &read, nullptr);
if (success && read == sizeof(header)) {
if (memcmp(header, "JIMSLEY/BSDIFF43", 16))
throw int(-4);
} else {
throw int(GetLastError());
Reported by FlawFinder.
Line: 277
Column: 55
CWE codes:
120
20
throw int(-1);
}
if (!ReadFile(hTarget, &oldData[0], targetFileSize, &read, nullptr))
throw int(GetLastError());
if (read != targetFileSize)
throw int(-1);
/* --------------------------------- *
Reported by FlawFinder.
Line: 279
Column: 6
CWE codes:
120
20
if (!ReadFile(hTarget, &oldData[0], targetFileSize, &read, nullptr))
throw int(GetLastError());
if (read != targetFileSize)
throw int(-1);
/* --------------------------------- *
* patch to new file data */
Reported by FlawFinder.