From 67b5e82bbe444033c8e9de24692384b3c2522ab6 Mon Sep 17 00:00:00 2001
From: DreamMaoMao <2523610504@qq.com>
Date: Mon, 20 Oct 2025 19:16:36 +0800
Subject: [PATCH] opt: limit config parse string length to 255

---
 src/config/parse_config.h | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/src/config/parse_config.h b/src/config/parse_config.h
index 8e509cc..e4f00b1 100644
--- a/src/config/parse_config.h
+++ b/src/config/parse_config.h
@@ -1412,14 +1412,6 @@ void parse_option(Config *config, char *key, char *value) {
 		} else {
 			convert_hex_to_rgba(config->overlaycolor, color);
 		}
-	} else if (strcmp(key, "autostart") == 0) {
-		if (sscanf(value, "%[^,],%[^,],%[^,]", config->autostart[0],
-				   config->autostart[1], config->autostart[2]) != 3) {
-			fprintf(stderr, "Error: Invalid autostart format: %s\n", value);
-		}
-		trim_whitespace(config->autostart[0]);
-		trim_whitespace(config->autostart[1]);
-		trim_whitespace(config->autostart[2]);
 	} else if (strcmp(key, "tagrule") == 0) {
 		config->tag_rules =
 			realloc(config->tag_rules,
@@ -1654,7 +1646,7 @@ void parse_option(Config *config, char *key, char *value) {
 					rule->isfullscreen = atoi(val);
 				} else if (strcmp(key, "globalkeybinding") == 0) {
 					char mod_str[256], keysym_str[256];
-					sscanf(val, "%[^-]-%[a-zA-Z]", mod_str, keysym_str);
+					sscanf(val, "%255[^-]-%255[a-zA-Z]", mod_str, keysym_str);
 					trim_whitespace(mod_str);
 					trim_whitespace(keysym_str);
 					rule->globalkeybinding.mod = parse_mod(mod_str);
@@ -1736,7 +1728,7 @@ void parse_option(Config *config, char *key, char *value) {
 	} else if (strncmp(key, "env", 3) == 0) {
 
 		char env_type[256], env_value[256];
-		if (sscanf(value, "%[^,],%[^\n]", env_type, env_value) < 2) {
+		if (sscanf(value, "%255[^,],%255[^\n]", env_type, env_value) < 2) {
 			fprintf(stderr, "Error: Invalid bind format: %s\n", value);
 			return;
 		}
@@ -1812,7 +1804,9 @@ void parse_option(Config *config, char *key, char *value) {
 			arg_value[256] = "0\0", arg_value2[256] = "0\0",
 			arg_value3[256] = "0\0", arg_value4[256] = "0\0",
 			arg_value5[256] = "0\0";
-		if (sscanf(value, "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^\n]",
+		if (sscanf(value,
+				   "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255["
+				   "^,],%255[^\n]",
 				   mod_str, keysym_str, func_name, arg_value, arg_value2,
 				   arg_value3, arg_value4, arg_value5) < 3) {
 			fprintf(stderr, "Error: Invalid bind format: %s\n", value);
@@ -1883,7 +1877,9 @@ void parse_option(Config *config, char *key, char *value) {
 			arg_value[256] = "0\0", arg_value2[256] = "0\0",
 			arg_value3[256] = "0\0", arg_value4[256] = "0\0",
 			arg_value5[256] = "0\0";
-		if (sscanf(value, "%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]",
+		if (sscanf(value,
+				   "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255["
+				   "^,],%255[^\n]",
 				   mod_str, button_str, func_name, arg_value, arg_value2,
 				   arg_value3, arg_value4, arg_value5) < 3) {
 			fprintf(stderr, "Error: Invalid mousebind format: %s\n", value);
@@ -1942,7 +1938,9 @@ void parse_option(Config *config, char *key, char *value) {
 			arg_value[256] = "0\0", arg_value2[256] = "0\0",
 			arg_value3[256] = "0\0", arg_value4[256] = "0\0",
 			arg_value5[256] = "0\0";
-		if (sscanf(value, "%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]",
+		if (sscanf(value,
+				   "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255["
+				   "^,],%255[^\n]",
 				   mod_str, dir_str, func_name, arg_value, arg_value2,
 				   arg_value3, arg_value4, arg_value5) < 3) {
 			fprintf(stderr, "Error: Invalid axisbind format: %s\n", value);
@@ -2004,7 +2002,9 @@ void parse_option(Config *config, char *key, char *value) {
 			arg_value[256] = "0\0", arg_value2[256] = "0\0",
 			arg_value3[256] = "0\0", arg_value4[256] = "0\0",
 			arg_value5[256] = "0\0";
-		if (sscanf(value, "%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]",
+		if (sscanf(value,
+				   "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255["
+				   "^\n]",
 				   fold_str, func_name, arg_value, arg_value2, arg_value3,
 				   arg_value4, arg_value5) < 3) {
 			fprintf(stderr, "Error: Invalid switchbind format: %s\n", value);
@@ -2061,7 +2061,8 @@ void parse_option(Config *config, char *key, char *value) {
 							arg_value3[256] = "0\0", arg_value4[256] = "0\0",
 							arg_value5[256] = "0\0";
 		if (sscanf(value,
-				   "%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]",
+				   "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255["
+				   "^,],%255[^,],%255[^\n]",
 				   mod_str, motion_str, fingers_count_str, func_name, arg_value,
 				   arg_value2, arg_value3, arg_value4, arg_value5) < 4) {
 			fprintf(stderr, "Error: Invalid gesturebind format: %s\n", value);
@@ -2116,7 +2117,7 @@ void parse_option(Config *config, char *key, char *value) {
 
 void parse_config_line(Config *config, const char *line) {
 	char key[256], value[256];
-	if (sscanf(line, "%[^=]=%[^\n]", key, value) != 2) {
+	if (sscanf(line, "%255[^=]=%255[^\n]", key, value) != 2) {
 		// fprintf(stderr, "Error: Invalid line format: %s\n", line);
 		return;
 	}