Fix parsing key-bindings config to not read past the end of the string.

pipe_argv_from_value itself stripped the cmd-to-exec from ctx->value, so the callers should not be doing that themselves. Fixes #809
2026-02-18 22:05:25 -05:00 · 2021-11-20 20:49:01 -08:00 · 2021-11-20 20:49:01 -08:00 · 31c1b91a7c
commit 31c1b91a7c
parent 43798685d8
1 changed files with 2 additions and 6 deletions
--- a/config.c
+++ b/config.c
@ -1639,12 +1639,12 @@ argv_compare(char *const *argv1, char *const *argv2)
 *          filled with {'cmd-to-exec', 'arg1', 'arg2', NULL}
 *
 * Returns:
- *  - ssize_t, number of bytes to strip from 'value' to remove the '[]'
+ *  - ssize_t, number of bytes that were stripped from 'value' to remove the '[]'
 *    enclosed cmd and its arguments, including any subsequent
 *    whitespace characters. I.e. if 'value' is "[cmd] BTN_RIGHT", the
 *    return value is 6 (strlen("[cmd] ")).
 *  - cmd: allocated string containing "cmd arg1 arg2...". Caller frees.
- *  - argv: allocatd array containing {"cmd", "arg1", "arg2", NULL}. Caller frees.
+ *  - argv: allocated array containing {"cmd", "arg1", "arg2", NULL}. Caller frees.
 */
 static ssize_t
 pipe_argv_from_value(struct context *ctx, char ***argv)
@ -1729,8 +1729,6 @@ parse_key_binding_section(struct context *ctx,
    if (pipe_remove_len < 0)
        return false;

-    ctx->value += pipe_remove_len;
-
    for (int action = 0; action < action_count; action++) {
        if (action_map[action] == NULL)
            continue;
@ -2107,8 +2105,6 @@ parse_section_mouse_bindings(struct context *ctx)
    if (pipe_remove_len < 0)
        return false;

-    value += pipe_remove_len;
-
    for (enum bind_action_normal action = 0;
         action < BIND_ACTION_COUNT;
         action++)