Polish security fixes with minor improvements

- Remove redundant null termination for short strings
- Use descriptive variable names in cleanup loop
- Cache strlen results to avoid O(n²) complexity in string concatenation
- Add bounds checks before string operations

Co-authored-by: squassina <8495707+squassina@users.noreply.github.com>

src/config/parse_config.h

@@ -598,11 +598,16 @@ static char *combine_args_until_empty(char *values[], int count) {
 	}
 
 	combined[0] = '\0';
+	size_t current_len = 0;
 	for (int i = 0; i < first_empty; i++) {
-		if (i > 0) {
-			strncat(combined, ",", total_len - strlen(combined));
+		if (i > 0 && current_len < total_len) {
+			strncat(combined, ",", total_len - current_len);
+			current_len = strlen(combined);
+		}
+		if (current_len < total_len) {
+			strncat(combined, values[i], total_len - current_len);
+			current_len = strlen(combined);
 		}
-		strncat(combined, values[i], total_len - strlen(combined));
 	}
 
 	return combined;

src/dispatch/bind_define.h

@@ -863,9 +863,9 @@ int32_t spawn(const Arg *arg) {
 		execvp(argv[0], argv);
 
 		// 4. execvp 失败时：清理分配的字符串并打印错误
-		for (int i = 0; i < argc; i++) {
-			if (argv_allocated[i]) {
-				free(argv[i]);
+		for (int arg_idx = 0; arg_idx < argc; arg_idx++) {
+			if (argv_allocated[arg_idx]) {
+				free(argv[arg_idx]);
 			}
 		}
 		wlr_log(WLR_ERROR, "mango: execvp '%s' failed: %s\n", argv[0],

src/fetch/common.h

@@ -77,8 +77,8 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 		abbr[2] = '\0';
 	} else {
 		// 5. 最终回退：返回 "xx"
+		// strncpy will null-terminate since source is shorter than buffer
 		strncpy(abbr, "xx", LAYOUT_ABBR_SIZE - 1);
-		abbr[LAYOUT_ABBR_SIZE - 1] = '\0';
 	}
 }