mirrors/maomaowm
1
0
Fork 0
mirror of https://github.com/DreamMaoMao/maomaowm.git synced 2026-05-02 06:46:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Address code review feedback on security fixes

Browse source 
- Fix buffer size for strncpy to match actual buffer (32 bytes)
- Use strtoul instead of strtol for unsigned color values
- Improve strncat bounds checking with accurate length tracking
- Free wordexp results immediately after use instead of batching
- Add strdup for wordexp strings to avoid use-after-free

Co-authored-by: squassina <8495707+squassina@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-02-18 08:57:08 +00:00
parent 9d2f852ec2
commit d017fc4837
4 changed files with 31 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/fetch/common.h
View file

@ -33,8 +33,8 @@ void get_layout_abbr(char *abbr, const char *full_name) {
// 1. 尝试在映射表中查找
for (int32_t i = 0; layout_mappings[i].full_name != NULL; i++) {
if (strcmp(full_name, layout_mappings[i].full_name) == 0) {
strncpy(abbr, layout_mappings[i].abbr, 4);
abbr[4] = '\0';
strncpy(abbr, layout_mappings[i].abbr, 31);
abbr[31] = '\0';
return;
}
}
@ -74,8 +74,8 @@ void get_layout_abbr(char *abbr, const char *full_name) {
abbr[2] = '\0';
} else {
// 5. 最终回退:返回 "xx"
strncpy(abbr, "xx", 4);
abbr[4] = '\0';
strncpy(abbr, "xx", 31);
abbr[31] = '\0';
}
}