Final refinements for security and performance

- Add explicit null termination for consistency
- Optimize string concatenation to avoid redundant strlen calls
- Track actual characters added to maintain O(n) complexity
- Improve code clarity with better comments

Co-authored-by: squassina <8495707+squassina@users.noreply.github.com>

src/config/parse_config.h

@@ -601,12 +601,21 @@ static char *combine_args_until_empty(char *values[], int count) {
 	size_t current_len = 0;
 	for (int i = 0; i < first_empty; i++) {
 		if (i > 0 && current_len < total_len) {
-			strncat(combined, ",", total_len - current_len);
+			size_t remaining = total_len - current_len;
-			current_len = strlen(combined);
+			size_t to_add = (remaining < 1) ? 0 : 1;
+			if (to_add > 0) {
+				strncat(combined, ",", remaining);
+				current_len += to_add; // We know we added 1 character
+			}
 		}
 		if (current_len < total_len) {
-			strncat(combined, values[i], total_len - current_len);
+			size_t remaining = total_len - current_len;
-			current_len = strlen(combined);
+			size_t val_len = strlen(values[i]);
+			size_t to_add = (val_len < remaining) ? val_len : remaining;
+			if (to_add > 0) {
+				strncat(combined, values[i], remaining);
+				current_len += to_add;
+			}
 		}
 	}
 

src/fetch/common.h

@@ -77,8 +77,9 @@ void get_layout_abbr(char *abbr, const char *full_name) {
 		abbr[2] = '\0';
 	} else {
 		// 5. 最终回退：返回 "xx"
-		// strncpy will null-terminate since source is shorter than buffer
+		// Explicit null termination for consistency
 		strncpy(abbr, "xx", LAYOUT_ABBR_SIZE - 1);
+		abbr[LAYOUT_ABBR_SIZE - 1] = '\0';
 	}
 }