libobs: Fix corrupted pointers when removing properties

When obs_properties_remove_by_name is called on any obs_properties_t*,
it corrupts the pointers for first_property and last which end up
pointing at either unallocated memory or randomly into the heap memory.
Neither of these is a good thing, and it usually leads to rapid
unscheduled program behavior, also known as crashing and security
issues.

This fixes the issue by first checking if the pointer stored in
props->last is identical to &cur->next, then checking if we are the
only element (cur is also prev element), and if we are then the pointer
is fixed to point back at props->first_property. Additionally fixes
props->first_property which was never updated either.

libobs/obs-properties.c

@@ -330,9 +330,32 @@ void obs_properties_remove_by_name(obs_properties_t *props, const char *name)
 
 	while (cur) {
 		if (strcmp(cur->name, name) == 0) {
+			// Fix props->last pointer.
+			if (props->last == &cur->next) {
+				if (cur == prev) {
+					// If we are the last entry and there
+					// is no previous entry, reset.
+					props->last = &props->first_property;
+				} else {
+					// If we are the last entry and there
+					// is a previous entry, update.
+					props->last = &prev->next;
+				}
+			}
+
+			// Fix props->first_property.
+			if (props->first_property == cur)
+				props->first_property = cur->next;
+
+			// Update the previous element next pointer with our
+			// next pointer. This is an automatic no-op if both
+			// elements alias the same memory.
 			prev->next = cur->next;
-			cur->next = 0;
+
+			// Finally clear our own next pointer and destroy.
+			cur->next = NULL;
 			obs_property_destroy(cur);
+
 			break;
 		}