add strong ref to resolve race condition

[sandboxcoder]

Description

• there was a narrow window between calling find() and OBSSource (first line in void osn::Source::GetProperties) where a race condition could still happen triggering a use-and-free situation.
• add findAndRef to resolve this crash dump.
• remove the js test it does not trigger the issue. In another PR, I will propose a C++ test that properly spins up parallel threads to validate the fix.

Motivation and Context

This is a follow up to my previous pull request. Copilot alledged there was still a small window where the race condition could still occur.

Hoping to fix this sentry call stack:

obs-browser
+0x057d48
strrchr (strrchr.c:206)

obs-browser
+0x01bbd0
strrchr (string.h:514)
obs-browser
+0x01bbd0
browser_source_get_properties (obs-browser-plugin.cpp:210)
obs64
+0x30de1a
new (new_scalar.cpp:36)
MSVCP140
+0x01248b
mtx_do_lock (mutex.cpp:147)
obs
+0x0572f6
obs_source_properties (obs-source.c:963)
obs64
+0x114036
osn::Source::GetProperties (osn-source.cpp:261)
ucrtbase
+0x01e0fa
free_base
obs64
+0x2a63f5
util::CrashManager::ProcessPreServerCall (util-crashmanager.cpp:1347)
obs64
+0x02be49
std::chrono::steady_clock::now (__msvc_chrono.hpp:658)
obs64
+0x2c013f
ipc::server::client_call_function (ipc-server.cpp:283)

How Has This Been Tested?

I have a WIP branch that adds a C++ test that properly reproduces this issue and verifies it is fixed.

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• The code has been tested.
• All commit messages are properly formatted and commits squashed where appropriate.
• I have included updates to all appropriate documentation.

[Copilot]

Pull request overview

This PR addresses a reported use-after-free crash by ensuring a strong OBS source reference is acquired under the manager lock, closing a race window between lookup and ref acquisition. It also removes a JS concurrency test that was not reliably reproducing the issue.

Changes:

• Added Source::Manager::findAndRef() to atomically look up a source and acquire a strong reference under the manager mutex.
• Updated Source::GetProperties() to use findAndRef() and hold the returned strong reference via OBSSourceAutoRelease.
• Removed the JS test that attempted to reproduce the concurrency crash but did not reliably trigger it.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
tests/osn-tests/src/test_osn_source.ts	Removes the nondeterministic concurrent getProperties/release test case.
obs-studio-server/source/osn-source.hpp	Adds findAndRef() helper and includes <obs.hpp> for OBSSourceAutoRelease.
obs-studio-server/source/osn-source.cpp	Uses findAndRef() in GetProperties() to avoid the race window.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[aleksandr-voitenko]

A note for future improvements.

A smaller scope caveat: this only fixes Source::GetProperties. Other Source RPCs still use raw Manager::find() and dereference after the lock is released. That's fine for now, but it does not eliminate the whole class of release-vs-source-use races.