The following issues were found

libobs/util/config-file.c
5 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 142 Column: 10 CWE codes: 120 20 

              	char *read = str->array;
	char *write = str->array;

	for (; *read; read++, write++) {
		char cur = *read;
		if (cur == '\\') {
			char next = read[1];
			if (next == '\\') {
				read++;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 143 Column: 15 CWE codes: 120 20 

              	char *write = str->array;

	for (; *read; read++, write++) {
		char cur = *read;
		if (cur == '\\') {
			char next = read[1];
			if (next == '\\') {
				read++;
			} else if (next == 'r') {

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 145 Column: 16 CWE codes: 120 20 

              	for (; *read; read++, write++) {
		char cur = *read;
		if (cur == '\\') {
			char next = read[1];
			if (next == '\\') {
				read++;
			} else if (next == 'r') {
				cur = '\r';
				read++;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 157 Column: 7 CWE codes: 120 20 

              			}
		}

		if (read != write)
			*write = cur;
	}

	if (read != write)
		*write = '\0';

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 161 Column: 6 CWE codes: 120 20 

              			*write = cur;
	}

	if (read != write)
		*write = '\0';
}

static void config_add_item(struct darray *items, struct strref *name,
			    struct strref *value)

Reported by FlawFinder.

UI/platform-x11.cpp
5 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 181 Column: 10 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              
	printf("Attempted path: %s\n", output.c_str());

	return (access(output.c_str(), R_OK) == 0);
}

#define INSTALL_DATA_PATH OBS_INSTALL_PREFIX OBS_DATA_PATH "/obs-studio/"

bool GetDataFilePath(const char *data, string &output)

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 188 Column: 20 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
bool GetDataFilePath(const char *data, string &output)
{
	char *data_path = getenv("OBS_DATA_PATH");
	if (data_path != NULL) {
		if (check_path(data, data_path, output))
			return true;
	}

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 209 Column: 16 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
string GetDefaultVideoSavePath()
{
	return string(getenv("HOME"));
}

vector<string> GetPreferredLocales()
{
	setlocale(LC_ALL, "");

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 80 Column: 13 CWE codes: 362 

              		return;
	}

	FILE *fp = fopen("/proc/net/unix", "re");

	if (fp == NULL) {
		return;
	}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 138 Column: 11 CWE codes: 362 

              {
	std::string tmpfile_name =
		"/tmp/obs-studio.lock." + to_string(geteuid());
	int fd = open(tmpfile_name.c_str(), O_RDWR | O_CREAT | O_EXLOCK, 0600);
	if (fd == -1) {
		already_running = true;
		return;
	}

Reported by FlawFinder.

plugins/obs-filters/noise-suppress-filter.c
5 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 597 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              		size_t size = strlen(sdk_path) + strlen(file) + 1;
		char *buffer = (char *)bmalloc(size);

		strcpy(buffer, sdk_path);
		strcat(buffer, file);
		ng->model = buffer;
		ng->nvafx_enabled = true;
		ng->nvafx_initialized = false;
		ng->nvafx_loading = false;

Reported by FlawFinder.

strcat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 598 Column: 3 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused) 

              		char *buffer = (char *)bmalloc(size);

		strcpy(buffer, sdk_path);
		strcat(buffer, file);
		ng->model = buffer;
		ng->nvafx_enabled = true;
		ng->nvafx_initialized = false;
		ng->nvafx_loading = false;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 587 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	ng->context = filter;

#ifdef LIBNVAFX_ENABLED
	char sdk_path[MAX_PATH];

	if (!nvafx_get_sdk_path(sdk_path, sizeof(sdk_path))) {
		ng->nvafx_enabled = false;
		do_log(LOG_ERROR, "NVAFX redist is not installed.");
	} else {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 594 Column: 36 CWE codes: 126 

              		do_log(LOG_ERROR, "NVAFX redist is not installed.");
	} else {
		const char *file = "\\models\\denoiser_48k.trtpkg";
		size_t size = strlen(sdk_path) + strlen(file) + 1;
		char *buffer = (char *)bmalloc(size);

		strcpy(buffer, sdk_path);
		strcat(buffer, file);
		ng->model = buffer;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 594 Column: 17 CWE codes: 126 

              		do_log(LOG_ERROR, "NVAFX redist is not installed.");
	} else {
		const char *file = "\\models\\denoiser_48k.trtpkg";
		size_t size = strlen(sdk_path) + strlen(file) + 1;
		char *buffer = (char *)bmalloc(size);

		strcpy(buffer, sdk_path);
		strcat(buffer, file);
		ng->model = buffer;

Reported by FlawFinder.

plugins/obs-text/gdiplus/obs-text.cpp
5 issues
There is an unknown macro here somewhere. Configuration is required. If OBS_DECLARE_MODULE is a macro then please configure it.
Error

Line: 894 

              
static ULONG_PTR gdip_token = 0;

OBS_DECLARE_MODULE()
OBS_MODULE_USE_DEFAULT_LOCALE("obs-text", "en-US")
MODULE_EXPORT const char *obs_module_description(void)
{
	return "Windows GDI+ text source";
}

Reported by Cppcheck.

wcscpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 329 Column: 3 CWE codes: 120
Suggestion: Consider using a function version that stops copying at the end of the buffer 

              	lf.lfCharSet = DEFAULT_CHARSET;

	if (!face.empty()) {
		wcscpy(lf.lfFaceName, face.c_str());
		hfont = CreateFontIndirect(&lf);
	}

	if (!hfont) {
		wcscpy(lf.lfFaceName, L"Arial");

Reported by FlawFinder.

wcscpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 334 Column: 3 CWE codes: 120
Suggestion: Consider using a function version that stops copying at the end of the buffer 

              	}

	if (!hfont) {
		wcscpy(lf.lfFaceName, L"Arial");
		hfont = CreateFontIndirect(&lf);
	}

	if (hfont)
		font.reset(new Font(hdc, hfont));

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 640 Column: 15 CWE codes: 126 

              		return str;

	int lines = chatlog_lines;
	size_t len = strlen(str);
	if (!len)
		return str;

	const char *temp = str + len;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1152 Column: 7 CWE codes: 120 20 

              		bool read = obs_data_get_bool(settings, S_USE_FILE);
		const char *path = obs_data_get_string(settings, S_FILE);

		if (read && strcmp(path, "") != 0) {
			if (!os_file_exists(path)) {
				obs_missing_file_t *file =
					obs_missing_file_create(
						path, missing_file_callback,
						OBS_MISSING_FILE_SOURCE,

Reported by FlawFinder.

plugins/text-freetype2/find-font-windows.c
5 issues
MultiByteToWideChar - Requires maximum length in CHARACTERS, not bytes
Security

Line: 160 Column: 14 CWE codes: 120 

              	else if (code_page == 0)
		return NULL;

	utf16_len = MultiByteToWideChar(code_page, 0, (char *)sfnt_name->string,
					sfnt_name->string_len, NULL, 0);
	if (utf16_len) {
		utf16_str = malloc((utf16_len + 1) * sizeof(wchar_t));
		utf16_len = MultiByteToWideChar(code_page, 0,
						(char *)sfnt_name->string,

Reported by FlawFinder.

MultiByteToWideChar - Requires maximum length in CHARACTERS, not bytes
Security

Line: 164 Column: 15 CWE codes: 120 

              					sfnt_name->string_len, NULL, 0);
	if (utf16_len) {
		utf16_str = malloc((utf16_len + 1) * sizeof(wchar_t));
		utf16_len = MultiByteToWideChar(code_page, 0,
						(char *)sfnt_name->string,
						sfnt_name->string_len,
						utf16_str, (int)utf16_len);

		if (utf16_len) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 196 Column: 13 CWE codes: 126 

              		return 0;
	}

	path.len = strlen(path.array);
	dstr_cat(&path, "\\*.*");

	handle = FindFirstFileA(path.array, &wfd);
	if (handle == INVALID_HANDLE_VALUE)
		goto free_string;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 209 Column: 11 CWE codes: 126 

              		checksum = calc_crc32(checksum, &wfd.ftLastWriteTime,
				      sizeof(FILETIME));
		checksum = calc_crc32(checksum, wfd.cFileName,
				      strlen(wfd.cFileName));
	} while (FindNextFileA(handle, &wfd));

	FindClose(handle);

free_string:

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 234 Column: 13 CWE codes: 126 

              		return;
	}

	path.len = strlen(path.array);
	dstr_cat(&path, "\\*.*");

	handle = FindFirstFileA(path.array, &wfd);
	if (handle == INVALID_HANDLE_VALUE)
		goto free_string;

Reported by FlawFinder.

libobs/obs-nix.c
5 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 311 Column: 22 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
static void log_desktop_session_info(void)
{
	char *session_ptr = getenv("XDG_SESSION_TYPE");
	if (session_ptr) {
		blog(LOG_INFO, "Session Type: %s", session_ptr);
	}
}
#endif

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 118 Column: 7 CWE codes: 362 

              	struct dstr proc_name;
	struct dstr proc_speed;

	fp = fopen("/proc/cpuinfo", "r");
	if (!fp)
		return;

	dstr_init(&proc_name);
	dstr_init(&proc_speed);

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 141 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			if (!start || *(++start) == '\0')
				continue;

			physical_id = atoi(start);
		}

		if (!strncmp(line, "cpu MHz", 7)) {
			char *start = strchr(line, ':');
			if (!start || *(++start) == '\0')

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 175 Column: 7 CWE codes: 362 

              	FILE *fp;
	struct dstr proc_speed;

	fp = fopen("/var/run/dmesg.boot", "r");
	if (!fp) {
		blog(LOG_INFO, "CPU: Missing /var/run/dmesg.boot !");
		return;
	}

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 274 Column: 7 CWE codes: 362 

              	struct dstr distro;
	struct dstr version;

	fp = fopen("/etc/os-release", "r");
	if (!fp) {
		blog(LOG_INFO, "Distribution: Missing /etc/os-release !");
		return;
	}

Reported by FlawFinder.

deps/libcaption/src/utf8.c
5 issues
Possible null pointer dereference: data
Error

Line: 223 CWE codes: 476 

                      }
    }

    data[*size] = 0;
    return data;
}

#ifndef strnstr
char* strnstr(const char* string1, const char* string2, size_t len)

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 93 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  size_t bytes = utf8_char_length(src);

    if (bytes && dst) {
        memcpy(dst, src, bytes);
        dst[bytes] = '\0';
    }

    return bytes;
}

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 197 Column: 18 CWE codes: 362 

              utf8_char_t* utf8_load_text_file(const char* path, size_t* size)
{
    utf8_char_t* data = NULL;
    FILE* file = fopen(path, "r");

    if (file) {
        fseek(file, 0, SEEK_END);
        size_t file_size = ftell(file);
        fseek(file, 0, SEEK_SET);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 108 Column: 16 CWE codes: 126 

                  utf8_size_t count = 0;

    if (0 == size) {
        size = strlen(data);
    }

    for (i = 0; i < size; ++count, i += bytes) {
        if (0 == (bytes = utf8_char_length(&data[i]))) {
            break;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 232 Column: 15 CWE codes: 126 

              {
    size_t length2;

    length2 = strlen(string2);
    if (!length2) {
        return (char*)string1;
    }

    while (len >= length2) {

Reported by FlawFinder.

libobs/media-io/video-matrices.c
5 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 182 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			continue;

		int full_range = range == VIDEO_RANGE_FULL ? 1 : 0;
		memcpy(matrix, format_info[i].matrix[full_range],
		       sizeof(float) * 16);

		if (range == VIDEO_RANGE_FULL) {
			if (range_min)
				memcpy(range_min, full_min, sizeof(float) * 3);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 187 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
		if (range == VIDEO_RANGE_FULL) {
			if (range_min)
				memcpy(range_min, full_min, sizeof(float) * 3);
			if (range_max)
				memcpy(range_max, full_max, sizeof(float) * 3);
			return true;
		}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 189 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			if (range_min)
				memcpy(range_min, full_min, sizeof(float) * 3);
			if (range_max)
				memcpy(range_max, full_max, sizeof(float) * 3);
			return true;
		}

		if (range_min)
			memcpy(range_min, format_info[i].float_range_min,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 194 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}

		if (range_min)
			memcpy(range_min, format_info[i].float_range_min,
			       sizeof(float) * 3);

		if (range_max)
			memcpy(range_max, format_info[i].float_range_max,
			       sizeof(float) * 3);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 198 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			       sizeof(float) * 3);

		if (range_max)
			memcpy(range_max, format_info[i].float_range_max,
			       sizeof(float) * 3);

		return true;
	}
	return false;

Reported by FlawFinder.

deps/json11/json11.cpp
5 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void dump(double value, string &out) {
    if (std::isfinite(value)) {
        char buf[32];
        snprintf(buf, sizeof buf, "%.17g", value);
        out += buf;
    } else {
        out += "null";
    }

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 68 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              }

static void dump(int value, string &out) {
    char buf[32];
    snprintf(buf, sizeof buf, "%d", value);
    out += buf;
}

static void dump(bool value, string &out) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 96 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      } else if (ch == '\t') {
            out += "\\t";
        } else if (static_cast<uint8_t>(ch) <= 0x1f) {
            char buf[8];
            snprintf(buf, sizeof buf, "\\u%04x", ch);
            out += buf;
        } else if (static_cast<uint8_t>(ch) == 0xe2 && static_cast<uint8_t>(value[i+1]) == 0x80
                   && static_cast<uint8_t>(value[i+2]) == 0xa8) {
            out += "\\u2028";

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 329 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * Format char c suitable for printing in an error message.
 */
static inline string esc(char c) {
    char buf[12];
    if (static_cast<uint8_t>(c) >= 0x20 && static_cast<uint8_t>(c) <= 0x7f) {
        snprintf(buf, sizeof buf, "'%c' (%d)", c, c);
    } else {
        snprintf(buf, sizeof buf, "(%d)", c);
    }

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 594 Column: 25 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              
        if (str[i] != '.' && str[i] != 'e' && str[i] != 'E'
                && (i - start_pos) <= static_cast<size_t>(std::numeric_limits<int>::digits10)) {
            return std::atoi(str.c_str() + start_pos);
        }

        // Decimal part
        if (str[i] == '.') {
            i++;

Reported by FlawFinder.

libobs-d3d11/d3d11-shader.cpp
5 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 64 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	Compile(outputString.c_str(), file, "vs_4_0", shaderBlob.Assign());

	data.resize(shaderBlob->GetBufferSize());
	memcpy(&data[0], shaderBlob->GetBufferPointer(), data.size());

	hr = device->device->CreateVertexShader(data.data(), data.size(), NULL,
						shader.Assign());
	if (FAILED(hr))
		throw HRError("Failed to create vertex shader", hr);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 103 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	Compile(outputString.c_str(), file, "ps_4_0", shaderBlob.Assign());

	data.resize(shaderBlob->GetBufferSize());
	memcpy(&data[0], shaderBlob->GetBufferPointer(), data.size());

	hr = device->device->CreatePixelShader(data.data(), data.size(), NULL,
					       shader.Assign());
	if (FAILED(hr))
		throw HRError("Failed to create pixel shader", hr);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 306 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (FAILED(hr))
			throw HRError("Could not lock constant buffer", hr);

		memcpy(map.pData, constData.data(), constData.size());
		device->context->Unmap(constants, 0);
	}
}

void gs_shader_destroy(gs_shader_t *shader)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 377 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		param->curValue.resize(size);

	if (size_changed || memcmp(param->curValue.data(), data, size) != 0) {
		memcpy(param->curValue.data(), data, size);
		param->changed = true;
	}
}

void gs_shader_set_bool(gs_sparam_t *param, bool val)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 212 Column: 40 CWE codes: 126 

              	if (!shaderString)
		throw "No shader string specified";

	hr = device->d3dCompile(shaderString, strlen(shaderString), file, NULL,
				NULL, "main", target,
				D3D10_SHADER_OPTIMIZATION_LEVEL1, 0, shader,
				errorsBlob.Assign());
	if (FAILED(hr)) {
		if (errorsBlob != NULL && errorsBlob->GetBufferSize())

Reported by FlawFinder.