From b5700b1e866fe07ecaad42e1eb2350d64781f323 Mon Sep 17 00:00:00 2001 From: David Delarosa Date: Mon, 20 Oct 2025 13:50:43 +0300 Subject: [PATCH] opt: limit scanf string length to 255 --- src/config/parse_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/parse_config.h b/src/config/parse_config.h index 2a3f532..70e6c16 100644 --- a/src/config/parse_config.h +++ b/src/config/parse_config.h @@ -1746,7 +1746,7 @@ void parse_option(Config *config, char *key, char *value) { arg_value[256] = "0\0", arg_value2[256] = "0\0", arg_value3[256] = "0\0", arg_value4[256] = "0\0", arg_value5[256] = "0\0"; - if (sscanf(value, "%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]", + if (sscanf(value, "%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^,],%255[^\n]", mod_str, keysym_str, func_name, arg_value, arg_value2, arg_value3, arg_value4, arg_value5) < 3) { fprintf(stderr, "Error: Invalid bind format: %s\n", value);