From 31c1b91a7c215135ec1c4a64e39853db9377fd91 Mon Sep 17 00:00:00 2001
From: Arnavion <me@arnavion.dev>
Date: Sat, 20 Nov 2021 20:49:01 -0800
Subject: [PATCH] Fix parsing key-bindings config to not read past the end of
 the string.

pipe_argv_from_value itself stripped the cmd-to-exec from ctx->value,
so the callers should not be doing that themselves.

Fixes #809
---
 config.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/config.c b/config.c
index 24ed1267..9e290c65 100644
--- a/config.c
+++ b/config.c
@@ -1639,12 +1639,12 @@ argv_compare(char *const *argv1, char *const *argv2)
  *          filled with {'cmd-to-exec', 'arg1', 'arg2', NULL}
  *
  * Returns:
- *  - ssize_t, number of bytes to strip from 'value' to remove the '[]'
+ *  - ssize_t, number of bytes that were stripped from 'value' to remove the '[]'
  *    enclosed cmd and its arguments, including any subsequent
  *    whitespace characters. I.e. if 'value' is "[cmd] BTN_RIGHT", the
  *    return value is 6 (strlen("[cmd] ")).
  *  - cmd: allocated string containing "cmd arg1 arg2...". Caller frees.
- *  - argv: allocatd array containing {"cmd", "arg1", "arg2", NULL}. Caller frees.
+ *  - argv: allocated array containing {"cmd", "arg1", "arg2", NULL}. Caller frees.
  */
 static ssize_t
 pipe_argv_from_value(struct context *ctx, char ***argv)
@@ -1729,8 +1729,6 @@ parse_key_binding_section(struct context *ctx,
     if (pipe_remove_len < 0)
         return false;
 
-    ctx->value += pipe_remove_len;
-
     for (int action = 0; action < action_count; action++) {
         if (action_map[action] == NULL)
             continue;
@@ -2107,8 +2105,6 @@ parse_section_mouse_bindings(struct context *ctx)
     if (pipe_remove_len < 0)
         return false;
 
-    value += pipe_remove_len;
-
     for (enum bind_action_normal action = 0;
          action < BIND_ACTION_COUNT;
          action++)