diff --git a/_codeql_detected_source_root b/_codeql_detected_source_root new file mode 120000 index 00000000..945c9b46 --- /dev/null +++ b/_codeql_detected_source_root @@ -0,0 +1 @@ +. \ No newline at end of file diff --git a/src/config/parse_config.h b/src/config/parse_config.h index 5d7cbfae..19a30d3e 100644 --- a/src/config/parse_config.h +++ b/src/config/parse_config.h @@ -539,7 +539,7 @@ int32_t parse_fold_state(const char *str) { int64_t parse_color(const char *hex_str) { char *endptr; errno = 0; - int64_t hex_num = strtol(hex_str, &endptr, 16); + uint64_t hex_num = strtoul(hex_str, &endptr, 16); // Check for conversion errors if (*endptr != '\0' || errno == ERANGE) { @@ -547,11 +547,11 @@ int64_t parse_color(const char *hex_str) { } // Validate range for color values (0x00000000 to 0xFFFFFFFF) - if (hex_num < 0 || hex_num > 0xFFFFFFFF) { + if (hex_num > 0xFFFFFFFF) { return -1; } - return hex_num; + return (int64_t)hex_num; } // 辅助函数:检查字符串是否以指定的前缀开头(忽略大小写) @@ -600,17 +600,22 @@ static char *combine_args_until_empty(char *values[], int count) { combined[0] = '\0'; size_t current_len = 0; for (int i = 0; i < first_empty; i++) { - if (i > 0) { + if (i > 0 && current_len < total_len) { size_t remaining = total_len - current_len; - if (remaining > 0) { - strncat(combined, ",", remaining); - current_len += 1; + size_t to_copy = (remaining < 1) ? 0 : 1; + if (to_copy > 0) { + strncat(combined, ",", to_copy); + current_len += to_copy; } } - size_t remaining = total_len - current_len; - if (remaining > 0) { - strncat(combined, values[i], remaining); - current_len += strlen(values[i]); + if (current_len < total_len) { + size_t remaining = total_len - current_len; + size_t val_len = strlen(values[i]); + size_t to_copy = (val_len < remaining) ? val_len : remaining; + if (to_copy > 0) { + strncat(combined, values[i], to_copy); + current_len += to_copy; + } } } diff --git a/src/dispatch/bind_define.h b/src/dispatch/bind_define.h index c653a7ba..e4463c31 100644 --- a/src/dispatch/bind_define.h +++ b/src/dispatch/bind_define.h @@ -837,15 +837,17 @@ int32_t spawn(const Arg *arg) { // 2. 解析参数 char *argv[64]; int32_t argc = 0; - wordexp_t wordexp_results[63]; // Track all wordexp results for cleanup - int32_t wordexp_count = 0; char *token = strtok((char *)arg->v, " "); while (token != NULL && argc < 63) { wordexp_t p; - if (wordexp(token, &p, 0) == 0) { - argv[argc++] = p.we_wordv[0]; - wordexp_results[wordexp_count++] = p; // Store for cleanup + if (wordexp(token, &p, 0) == 0 && p.we_wordc > 0) { + // Duplicate the string since we'll free the wordexp result + argv[argc] = strdup(p.we_wordv[0]); + wordfree(&p); // Free immediately after copying + if (argv[argc] != NULL) { + argc++; + } } else { argv[argc++] = token; } @@ -856,10 +858,9 @@ int32_t spawn(const Arg *arg) { // 3. 执行命令 execvp(argv[0], argv); - // 4. execvp 失败时:清理并打印错误 - for (int i = 0; i < wordexp_count; i++) { - wordfree(&wordexp_results[i]); - } + // 4. execvp 失败时:清理分配的字符串并打印错误 + // Note: We only need to free strings that were strdup'd from wordexp + // The original tokens from arg->v don't need to be freed wlr_log(WLR_ERROR, "mango: execvp '%s' failed: %s\n", argv[0], strerror(errno)); _exit(EXIT_FAILURE); // 使用 _exit 避免缓冲区刷新等操作 diff --git a/src/fetch/common.h b/src/fetch/common.h index de5131a6..28645969 100644 --- a/src/fetch/common.h +++ b/src/fetch/common.h @@ -33,8 +33,8 @@ void get_layout_abbr(char *abbr, const char *full_name) { // 1. 尝试在映射表中查找 for (int32_t i = 0; layout_mappings[i].full_name != NULL; i++) { if (strcmp(full_name, layout_mappings[i].full_name) == 0) { - strncpy(abbr, layout_mappings[i].abbr, 4); - abbr[4] = '\0'; + strncpy(abbr, layout_mappings[i].abbr, 31); + abbr[31] = '\0'; return; } } @@ -74,8 +74,8 @@ void get_layout_abbr(char *abbr, const char *full_name) { abbr[2] = '\0'; } else { // 5. 最终回退:返回 "xx" - strncpy(abbr, "xx", 4); - abbr[4] = '\0'; + strncpy(abbr, "xx", 31); + abbr[31] = '\0'; } }