From a7a7f2f1065016059cc71bee8b468f885daa45c4 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Tue, 12 May 2026 16:10:28 +0000
Subject: [PATCH 1/2] fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI
---
 src/fetch/common.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/fetch/common.h b/src/fetch/common.h
index 57a1a8e6..16349f5f 100644
--- a/src/fetch/common.h
+++ b/src/fetch/common.h
@@ -33,7 +33,7 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 	// 1. 尝试在映射表中查找
 	for (int32_t i = 0; layout_mappings[i].full_name != NULL; i++) {
 		if (strcmp(full_name, layout_mappings[i].full_name) == 0) {
-			strcpy(abbr, layout_mappings[i].abbr);
+			snprintf(abbr, 32, "%s", layout_mappings[i].abbr);
 			return;
 		}
 	}
@@ -73,7 +73,7 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 		abbr[2] = '\0';
 	} else {
 		// 5. 最终回退：返回 "xx"
-		strcpy(abbr, "xx");
+		snprintf(abbr, 32, "xx");
 	}
 }
 

From 8dbdfb21ad59fccbd79be2b436b51d3fc6f5de08 Mon Sep 17 00:00:00 2001
From: OrbisAI Security <mediratta01.pally@gmail.com>
Date: Wed, 13 May 2026 06:15:39 +0530
Subject: [PATCH 2/2] buffer size is now a named constant witha  single source
 of truth

---
 src/ext-protocol/dwl-ipc.h | 2 +-
 src/fetch/common.h         | 4 ++--
 src/mango.c                | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ext-protocol/dwl-ipc.h b/src/ext-protocol/dwl-ipc.h
index ab0bdb8d..8719249d 100644
--- a/src/ext-protocol/dwl-ipc.h
+++ b/src/ext-protocol/dwl-ipc.h
@@ -114,7 +114,7 @@ void dwl_ipc_output_printstatus_to(DwlIpcOutput *ipc_output) {
 	xkb_layout_index_t current;
 	int32_t tagmask, state, numclients, focused_client, tag;
 	const char *title, *appid, *symbol;
-	char kb_layout[32];
+	char kb_layout[KB_LAYOUT_ABBR_SIZE];
 	focused = focustop(monitor);
 	zdwl_ipc_output_v2_send_active(ipc_output->resource, monitor == selmon);
 
diff --git a/src/fetch/common.h b/src/fetch/common.h
index 16349f5f..36803fb6 100644
--- a/src/fetch/common.h
+++ b/src/fetch/common.h
@@ -33,7 +33,7 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 	// 1. 尝试在映射表中查找
 	for (int32_t i = 0; layout_mappings[i].full_name != NULL; i++) {
 		if (strcmp(full_name, layout_mappings[i].full_name) == 0) {
-			snprintf(abbr, 32, "%s", layout_mappings[i].abbr);
+			snprintf(abbr, KB_LAYOUT_ABBR_SIZE, "%s", layout_mappings[i].abbr);
 			return;
 		}
 	}
@@ -73,7 +73,7 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 		abbr[2] = '\0';
 	} else {
 		// 5. 最终回退：返回 "xx"
-		snprintf(abbr, 32, "xx");
+		snprintf(abbr, KB_LAYOUT_ABBR_SIZE, "xx");
 	}
 }
 
diff --git a/src/mango.c b/src/mango.c
index 64f0e71e..fd7cea15 100644
--- a/src/mango.c
+++ b/src/mango.c
@@ -98,6 +98,7 @@
 #define MAX(A, B) ((A) > (B) ? (A) : (B))
 #define MIN(A, B) ((A) < (B) ? (A) : (B))
 #define GEZERO(A) ((A) >= 0 ? (A) : 0)
+#define KB_LAYOUT_ABBR_SIZE 32
 #define CLEANMASK(mask) (mask & ~WLR_MODIFIER_CAPS)
 #define INSIDEMON(A)                                                           \
 	(A->geom.x >= A->mon->m.x && A->geom.y >= A->mon->m.y &&                   \