Add field width to scanf pattern to protect against huge inputs

Ultimately this needs to be replaced with something more serious, but for now, 240 characters ought to be enough for anybody.
author: David Robillard <d@drobilla.net> 2024-09-29 19:31:31 -0400
committer: David Robillard <d@drobilla.net> 2024-10-12 14:07:10 -0400
commit: 476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e (patch)
tree: 24ff5b9bb8cd93cf400e1a7d9fa4c2f8c005d6cc /src/jalv.c
parent: 8c7b645094d026367cecadb05f66a49800dd4235 (diff)
download: jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.tar.gz
jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.tar.bz2
jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/jalv.c b/src/jalv.c
index 24a1008..52856d3 100644
--- a/src/jalv.c
+++ b/src/jalv.c
@@ -778,9 +778,9 @@ jalv_update(Jalv* jalv)
 static bool
 jalv_apply_control_arg(Jalv* jalv, const char* s)
 {
-  char  sym[256];
-  float val = 0.0f;
-  if (sscanf(s, "%[^=]=%f", sym, &val) != 2) {
+  char  sym[256] = {'\0'};
+  float val      = 0.0f;
+  if (sscanf(s, "%240[^=]=%f", sym, &val) != 2) {
     jalv_log(JALV_LOG_WARNING, "Ignoring invalid value `%s'\n", s);
     return false;
   }
author	David Robillard <d@drobilla.net>	2024-09-29 19:31:31 -0400
committer	David Robillard <d@drobilla.net>	2024-10-12 14:07:10 -0400
commit	476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e (patch)
tree	24ff5b9bb8cd93cf400e1a7d9fa4c2f8c005d6cc /src/jalv.c
parent	8c7b645094d026367cecadb05f66a49800dd4235 (diff)
download	jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.tar.gz jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.tar.bz2 jalv-476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e.zip