The following issues were found
libobs/obs-hotkey-name-map.c
7 issues
Line: 139
CWE codes:
476
static void connect(obs_hotkey_name_map_edge_t *e,
obs_hotkey_name_map_node_t *n)
{
e->node = n;
}
static void reduce_edge(obs_hotkey_name_map_edge_t *e, const char *key,
size_t l, int v)
{
Reported by Cppcheck.
Line: 139
CWE codes:
476
static void connect(obs_hotkey_name_map_edge_t *e,
obs_hotkey_name_map_node_t *n)
{
e->node = n;
}
static void reduce_edge(obs_hotkey_name_map_edge_t *e, const char *key,
size_t l, int v)
{
Reported by Cppcheck.
Line: 66
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct {
uint8_t compressed_len;
char compressed_prefix[NAME_MAP_COMPRESS_LENGTH];
};
};
struct obs_hotkey_name_map_node *node;
};
Reported by FlawFinder.
Line: 101
Column: 3
CWE codes:
120
e->compressed_len = (uint8_t)l;
if (l < NAME_MAP_COMPRESS_LENGTH)
strncpy(e->compressed_prefix, prefix, l);
else
e->prefix = bstrdup_n(prefix, l);
}
static obs_hotkey_name_map_edge_t *add_leaf(obs_hotkey_name_map_node_t *node,
Reported by FlawFinder.
Line: 128
Column: 3
CWE codes:
120
e->prefix_len = (uint8_t)l;
if (get_prefix(e) != str)
strncpy(get_prefix(e), str, l);
else
str[l] = 0;
if (!old_comp && new_comp)
bfree(str);
Reported by FlawFinder.
Line: 239
Column: 33
CWE codes:
126
if (!trie || !key)
return;
insert(NULL, &trie->root, key, strlen(key), v);
}
static bool obs_hotkey_name_map_lookup(obs_hotkey_name_map_t *trie,
const char *key, int *v)
{
Reported by FlawFinder.
Line: 248
Column: 15
CWE codes:
126
if (!trie || !key)
return false;
size_t len = strlen(key);
obs_hotkey_name_map_node_t *n = &trie->root;
size_t i = 0;
for (; i < n->children.num;) {
obs_hotkey_name_map_edge_t *e = &n->children.array[i];
Reported by FlawFinder.
plugins/win-capture/funchook.c
7 issues
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fix_permissions((void *)(hook->func_addr - JMP_32_SIZE),
JMP_64_SIZE + JMP_32_SIZE);
memcpy(hook->unhook_data, func_addr, JMP_64_SIZE);
}
static inline size_t patch_size(struct func_hook *hook)
{
return hook->is_64bit_jump ? JMP_64_SIZE : JMP_32_SIZE;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fix_permissions((void *)hook->func_addr, JMP_64_SIZE);
memcpy(data, (void *)hook->func_addr, JMP_64_SIZE);
memcpy(data, longjmp64, sizeof(longjmp64));
*ptr_loc = hook->hook_addr;
hook->call_addr = (void *)hook->func_addr;
hook->type = HOOKTYPE_FORWARD_OVERWRITE;
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fix_permissions((void *)hook->func_addr, JMP_64_SIZE);
memcpy(data, (void *)hook->func_addr, JMP_64_SIZE);
memcpy(data, longjmp64, sizeof(longjmp64));
*ptr_loc = hook->hook_addr;
hook->call_addr = (void *)hook->func_addr;
hook->type = HOOKTYPE_FORWARD_OVERWRITE;
hook->hooked = true;
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hook->type = HOOKTYPE_FORWARD_OVERWRITE;
hook->hooked = true;
memcpy((void *)hook->func_addr, data, JMP_64_SIZE);
}
static inline void hook_reverse_new(struct func_hook *hook, uint8_t *p)
{
hook->call_addr = (void *)(hook->func_addr + 2);
Reported by FlawFinder.
Line: 236
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = patch_size(hook);
}
memcpy((void *)addr, hook->rehook_data, size);
hook->hooked = true;
return;
}
offset = hook->hook_addr - hook->func_addr - JMP_32_SIZE;
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
fix_permissions((void *)addr, size);
memcpy(hook->rehook_data, (void *)addr, size);
if (hook->type == HOOKTYPE_FORWARD_OVERWRITE)
memcpy((void *)hook->func_addr, hook->unhook_data, size);
hook->hooked = false;
Reported by FlawFinder.
Line: 282
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(hook->rehook_data, (void *)addr, size);
if (hook->type == HOOKTYPE_FORWARD_OVERWRITE)
memcpy((void *)hook->func_addr, hook->unhook_data, size);
hook->hooked = false;
}
Reported by FlawFinder.
UI/window-basic-main-outputs.cpp
7 issues
Line: 1160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static OBSData GetDataFromJsonFile(const char *jsonFile)
{
char fullPath[512];
obs_data_t *data = nullptr;
int ret = GetProfilePath(fullPath, sizeof(fullPath), jsonFile);
if (ret > 0) {
BPtr<char> jsonData = os_quick_read_utf8_file(fullPath);
Reported by FlawFinder.
Line: 1297
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
astrcmpi(rate_control, "ABR") == 0;
for (int i = 0; i < MAX_AUDIO_MIXES; i++) {
char name[9];
sprintf(name, "adv_aac%d", i);
if (!CreateAACEncoder(aacTrack[i], aacEncoderID[i],
GetAudioBitrate(i), name, i))
throw "Failed to create audio encoder "
Reported by FlawFinder.
Line: 1298
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (int i = 0; i < MAX_AUDIO_MIXES; i++) {
char name[9];
sprintf(name, "adv_aac%d", i);
if (!CreateAACEncoder(aacTrack[i], aacEncoderID[i],
GetAudioBitrate(i), name, i))
throw "Failed to create audio encoder "
"(advanced output)";
Reported by FlawFinder.
Line: 767
Column: 34
CWE codes:
126
type = "rtmp_output";
const char *url = obs_service_get_url(service);
if (url != NULL &&
strncmp(url, FTL_PROTOCOL, strlen(FTL_PROTOCOL)) == 0) {
type = "ftl_output";
} else if (url != NULL && strncmp(url, RTMP_PROTOCOL,
strlen(RTMP_PROTOCOL)) != 0) {
type = "ffmpeg_mpegts_muxer";
}
Reported by FlawFinder.
Line: 770
Column: 9
CWE codes:
126
strncmp(url, FTL_PROTOCOL, strlen(FTL_PROTOCOL)) == 0) {
type = "ftl_output";
} else if (url != NULL && strncmp(url, RTMP_PROTOCOL,
strlen(RTMP_PROTOCOL)) != 0) {
type = "ffmpeg_mpegts_muxer";
}
}
/* XXX: this is messy and disgusting and should be refactored */
Reported by FlawFinder.
Line: 1706
Column: 34
CWE codes:
126
type = "rtmp_output";
const char *url = obs_service_get_url(service);
if (url != NULL &&
strncmp(url, FTL_PROTOCOL, strlen(FTL_PROTOCOL)) == 0) {
type = "ftl_output";
} else if (url != NULL && strncmp(url, RTMP_PROTOCOL,
strlen(RTMP_PROTOCOL)) != 0) {
type = "ffmpeg_mpegts_muxer";
}
Reported by FlawFinder.
Line: 1709
Column: 9
CWE codes:
126
strncmp(url, FTL_PROTOCOL, strlen(FTL_PROTOCOL)) == 0) {
type = "ftl_output";
} else if (url != NULL && strncmp(url, RTMP_PROTOCOL,
strlen(RTMP_PROTOCOL)) != 0) {
type = "ffmpeg_mpegts_muxer";
}
}
/* XXX: this is messy and disgusting and should be refactored */
Reported by FlawFinder.
plugins/win-dshow/virtualcam-module/virtualcam-module.cpp
7 issues
Line: 27
// IUnknown
STDMETHODIMP QueryInterface(REFIID riid, void **p_ptr);
STDMETHODIMP_(ULONG) AddRef();
STDMETHODIMP_(ULONG) Release();
// IClassFactory
STDMETHODIMP CreateInstance(LPUNKNOWN parent, REFIID riid,
void **p_ptr);
Reported by Cppcheck.
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const wchar_t *file, const wchar_t *model = L"Both",
const wchar_t *type = L"InprocServer32")
{
wchar_t cls_str[CHARS_IN_GUID];
wchar_t temp[MAX_PATH];
HKEY key = nullptr;
HKEY subkey = nullptr;
bool success = false;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const wchar_t *type = L"InprocServer32")
{
wchar_t cls_str[CHARS_IN_GUID];
wchar_t temp[MAX_PATH];
HKEY key = nullptr;
HKEY subkey = nullptr;
bool success = false;
StringFromGUID2(cls, cls_str, CHARS_IN_GUID);
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool UnregServer(const CLSID &cls)
{
wchar_t cls_str[CHARS_IN_GUID];
wchar_t temp[MAX_PATH];
StringFromGUID2(cls, cls_str, CHARS_IN_GUID);
StringCbPrintf(temp, sizeof(temp), L"CLSID\\%s", cls_str);
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool UnregServer(const CLSID &cls)
{
wchar_t cls_str[CHARS_IN_GUID];
wchar_t temp[MAX_PATH];
StringFromGUID2(cls, cls_str, CHARS_IN_GUID);
StringCbPrintf(temp, sizeof(temp), L"CLSID\\%s", cls_str);
return RegDeleteTreeW(HKEY_CLASSES_ROOT, temp) == ERROR_SUCCESS;
Reported by FlawFinder.
Line: 161
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool RegServers(bool reg)
{
wchar_t file[MAX_PATH];
if (!GetModuleFileNameW(dll_inst, file, MAX_PATH)) {
return false;
}
Reported by FlawFinder.
Line: 104
Column: 17
CWE codes:
126
static inline DWORD string_size(const wchar_t *str)
{
return (DWORD)(wcslen(str) + 1) * sizeof(wchar_t);
}
static bool RegServer(const CLSID &cls, const wchar_t *desc,
const wchar_t *file, const wchar_t *model = L"Both",
const wchar_t *type = L"InprocServer32")
Reported by FlawFinder.
libobs/obs-win-crash-handler.c
6 issues
Line: 206
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
status = RegOpenKeyW(HKEY_LOCAL_MACHINE, PROCESSOR_REG_KEY, &key);
if (status == ERROR_SUCCESS) {
wchar_t str[1024];
DWORD size = 1024;
status = RegQueryValueExW(key, L"ProcessorNameString", NULL,
NULL, (LPBYTE)str, &size);
if (status == ERROR_SUCCESS)
Reported by FlawFinder.
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ULONG module_size,
struct exception_handler_data *data)
{
char name_utf8[MAX_PATH];
os_wcs_to_utf8(module_name, 0, name_utf8, MAX_PATH);
if (data->main_trace.instruction_ptr >= module_base &&
data->main_trace.instruction_ptr < module_base + module_size) {
Reported by FlawFinder.
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void write_header(struct exception_handler_data *data)
{
char date_time[80];
time_t now = time(0);
struct tm ts;
ts = *localtime(&now);
strftime(date_time, sizeof(date_time), "%Y-%m-%d, %X", &ts);
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct module_info {
DWORD64 addr;
char name_utf8[MAX_PATH];
};
static BOOL CALLBACK enum_module(PCTSTR module_name, DWORD64 module_base,
ULONG module_size, struct module_info *info)
{
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct module_info module_info = {0};
DWORD64 func_offset;
char sym_name[256];
char *p;
bool success = data->stack_walk64(trace->image_type, data->process,
thread, &trace->frame,
&trace->context, NULL,
Reported by FlawFinder.
Line: 334
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
p = strrchr(module_info.name_utf8, '\\');
p = p ? (p + 1) : module_info.name_utf8;
} else {
strcpy(module_info.name_utf8, "<unknown>");
p = module_info.name_utf8;
}
success = !!data->sym_from_addr(data->process,
trace->frame.AddrPC.Offset,
Reported by FlawFinder.
plugins/obs-outputs/librtmp/parseurl.c
6 issues
Line: 119
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
unsigned int p2;
p++;
p2 = atoi(p);
if(p2 > 65535)
{
RTMP_Log(RTMP_LOGWARNING, "Invalid port number!");
}
else
Reported by FlawFinder.
Line: 231
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
if (strncmp(ppstart, "mp4:", 4))
{
strcpy(destptr, "mp4:");
destptr += 4;
}
else
{
subExt = 0;
Reported by FlawFinder.
Line: 243
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
if (strncmp(ppstart, "mp3:", 4))
{
strcpy(destptr, "mp3:");
destptr += 4;
}
else
{
subExt = 0;
Reported by FlawFinder.
Line: 85
Column: 17
CWE codes:
126
return FALSE;
}
end = p + strlen(p);
v6 = strchr(p, ']');
// ques = strchr(p, '?');
slash = strchr(p, '/');
col = strchr((v6 && v6 < slash) ? v6 : p, ':');
Reported by FlawFinder.
Line: 139
Column: 24
CWE codes:
126
//just.. whatever.
app->av_val = p;
app->av_len = (int)strlen(p);
if(app->av_len && p[app->av_len-1] == '/')
app->av_len--;
RTMP_Log(RTMP_LOGDEBUG, "Parsed app : %.*s", app->av_len, p);
Reported by FlawFinder.
Line: 187
Column: 22
CWE codes:
126
(temp=strstr(ppstart, "slist=")) != 0)
{
ppstart = temp+6;
pplen = (int)strlen(ppstart);
temp = strchr(ppstart, '&');
if (temp)
{
pplen = temp-ppstart;
Reported by FlawFinder.
plugins/obs-outputs/net-if.c
6 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_storage *byte_address)
{
int family = byte_address->ss_family;
char temp_char[INET6_ADDRSTRLEN] = {0};
#ifndef _WIN32
if (family == AF_INET)
inet_ntop(family,
&(((struct sockaddr_in *)byte_address)->sin_addr),
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void netif_push(struct sockaddr *copy_source,
struct netif_saddr_data *saddr_d, const char *adapter)
{
char temp_char[INET6_ADDRSTRLEN] = {0};
struct sockaddr_storage sa = {0};
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
Reported by FlawFinder.
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr_storage sa = {0};
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in6));
netif_convert_to_string(temp_char, &sa);
netif_saddr_data_push_back(saddr_d, temp_char, adapter);
Reported by FlawFinder.
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy_source->sa_family == AF_INET)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in));
else if (copy_source->sa_family == AF_INET6)
memcpy(&sa, copy_source, sizeof(struct sockaddr_in6));
netif_convert_to_string(temp_char, &sa);
netif_saddr_data_push_back(saddr_d, temp_char, adapter);
}
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ifaddrs *ifaddr, *ifa;
unsigned int family, s;
char host[NI_MAXHOST];
if (getifaddrs(&ifaddr) == -1) {
warn("getifaddrs() failed");
return;
}
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
InetNtopA(family, &(((SOCKADDR_IN6 *)byte_address)->sin6_addr),
temp_char, INET6_ADDRSTRLEN);
#endif
strncpy(dest, temp_char, INET6_ADDRSTRLEN);
}
static void netif_push(struct sockaddr *copy_source,
struct netif_saddr_data *saddr_d, const char *adapter)
{
Reported by FlawFinder.
UI/win-update/updater/init-hook-files.c
6 issues
Line: 118
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool update_hook_file(bool b64)
{
wchar_t temp[MAX_PATH];
wchar_t src[MAX_PATH];
wchar_t dst[MAX_PATH];
wchar_t src_json[MAX_PATH];
wchar_t dst_json[MAX_PATH];
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool update_hook_file(bool b64)
{
wchar_t temp[MAX_PATH];
wchar_t src[MAX_PATH];
wchar_t dst[MAX_PATH];
wchar_t src_json[MAX_PATH];
wchar_t dst_json[MAX_PATH];
GetCurrentDirectoryW(_countof(src_json), src_json);
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
wchar_t temp[MAX_PATH];
wchar_t src[MAX_PATH];
wchar_t dst[MAX_PATH];
wchar_t src_json[MAX_PATH];
wchar_t dst_json[MAX_PATH];
GetCurrentDirectoryW(_countof(src_json), src_json);
StringCbCat(src_json, sizeof(src_json), HOOK_LOCATION);
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t temp[MAX_PATH];
wchar_t src[MAX_PATH];
wchar_t dst[MAX_PATH];
wchar_t src_json[MAX_PATH];
wchar_t dst_json[MAX_PATH];
GetCurrentDirectoryW(_countof(src_json), src_json);
StringCbCat(src_json, sizeof(src_json), HOOK_LOCATION);
make_filename(src_json, L"obs-vulkan", L".json");
Reported by FlawFinder.
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t src[MAX_PATH];
wchar_t dst[MAX_PATH];
wchar_t src_json[MAX_PATH];
wchar_t dst_json[MAX_PATH];
GetCurrentDirectoryW(_countof(src_json), src_json);
StringCbCat(src_json, sizeof(src_json), HOOK_LOCATION);
make_filename(src_json, L"obs-vulkan", L".json");
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void update_vulkan_registry(bool b64)
{
DWORD flags = b64 ? KEY_WOW64_64KEY : KEY_WOW64_32KEY;
wchar_t path[MAX_PATH];
DWORD temp;
LSTATUS s;
HKEY key;
get_programdata_path(path, L"obs-studio-hook\\");
Reported by FlawFinder.
plugins/obs-qsv11/QSV_Encoder_Internal.cpp
6 issues
Line: 362
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int i = 0; i < m_nSurfNum; i++) {
m_pmfxSurfaces[i] = new mfxFrameSurface1;
memset(m_pmfxSurfaces[i], 0, sizeof(mfxFrameSurface1));
memcpy(&(m_pmfxSurfaces[i]->Info),
&(m_mfxEncParams.mfx.FrameInfo),
sizeof(mfxFrameInfo));
m_pmfxSurfaces[i]->Data.MemId = m_mfxResponse.mids[i];
}
} else {
Reported by FlawFinder.
Line: 378
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int i = 0; i < m_nSurfNum; i++) {
m_pmfxSurfaces[i] = new mfxFrameSurface1;
memset(m_pmfxSurfaces[i], 0, sizeof(mfxFrameSurface1));
memcpy(&(m_pmfxSurfaces[i]->Info),
&(m_mfxEncParams.mfx.FrameInfo),
sizeof(mfxFrameInfo));
mfxU8 *pSurface = (mfxU8 *)new mfxU8[surfaceSize];
m_pmfxSurfaces[i]->Data.Y = pSurface;
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// load Y plane
for (i = 0; i < h; i++)
memcpy(ptr + i * pitch, pDataY + i * strideY, w);
// load UV plane
h /= 2;
ptr = pData->UV + pInfo->CropX + (pInfo->CropY / 2) * pitch;
Reported by FlawFinder.
Line: 492
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = pData->UV + pInfo->CropX + (pInfo->CropY / 2) * pitch;
for (i = 0; i < h; i++)
memcpy(ptr + i * pitch, pDataUV + i * strideUV, w);
return MFX_ERR_NONE;
}
int QSV_Encoder_Internal::GetFreeTaskIndex(Task *pTaskPool, mfxU16 nPoolSize)
Reported by FlawFinder.
Line: 534
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MSDK_CHECK_RESULT(sts, MFX_ERR_NONE, sts);
mfxU8 *pTemp = m_outBitstream.Data;
memcpy(&m_outBitstream, &m_pTaskPool[m_nFirstSyncTask].mfxBS,
sizeof(mfxBitstream));
m_pTaskPool[m_nFirstSyncTask].mfxBS.Data = pTemp;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataLength = 0;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataOffset = 0;
Reported by FlawFinder.
Line: 621
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MSDK_CHECK_RESULT(sts, MFX_ERR_NONE, sts);
mfxU8 *pTemp = m_outBitstream.Data;
memcpy(&m_outBitstream, &m_pTaskPool[m_nFirstSyncTask].mfxBS,
sizeof(mfxBitstream));
m_pTaskPool[m_nFirstSyncTask].mfxBS.Data = pTemp;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataLength = 0;
m_pTaskPool[m_nFirstSyncTask].mfxBS.DataOffset = 0;
Reported by FlawFinder.
deps/ipc-util/ipc-util/pipe-windows.c
6 issues
Line: 38
Column: 7
CWE codes:
732
goto error;
}
if (!SetSecurityDescriptorDacl(sd, true, NULL, false)) {
goto error;
}
return sd;
Reported by FlawFinder.
Line: 38
Column: 7
CWE codes:
732
goto error;
}
if (!SetSecurityDescriptorDacl(sd, true, NULL, false)) {
goto error;
}
return sd;
Reported by FlawFinder.
Line: 71
Column: 44
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
sa.lpSecurityDescriptor = sd;
sa.bInheritHandle = false;
pipe->handle = CreateNamedPipeA(new_name, access, flags, 1,
IPC_PIPE_BUF_SIZE, IPC_PIPE_BUF_SIZE, 0,
&sa);
free(sd);
return pipe->handle != INVALID_HANDLE_VALUE;
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name)
{
SECURITY_ATTRIBUTES sa;
char new_name[512];
void *sd;
const DWORD access = PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED;
const DWORD flags = PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE |
PIPE_WAIT;
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t new_size = pipe->size + size;
ipc_pipe_internal_ensure_capacity(pipe, new_size);
memcpy(pipe->read_data + pipe->size, bytes, size);
pipe->size = new_size;
}
static inline bool ipc_pipe_internal_io_pending(void)
{
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name)
{
DWORD mode = PIPE_READMODE_MESSAGE;
char new_name[512];
strcpy_s(new_name, sizeof(new_name), "\\\\.\\pipe\\");
strcat_s(new_name, sizeof(new_name), name);
pipe->handle = CreateFileA(new_name, GENERIC_READ | GENERIC_WRITE, 0,
Reported by FlawFinder.