From 476c2df4ada0b59cbb5e8a1b94a4a88fc6eded1e Mon Sep 17 00:00:00 2001
From: David Robillard <d@drobilla.net>
Date: Sun, 29 Sep 2024 19:31:31 -0400
Subject: Add field width to scanf pattern to protect against huge inputs

Ultimately this needs to be replaced with something more serious, but for now,
240 characters ought to be enough for anybody.
---
 src/jalv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/jalv.c b/src/jalv.c
index 24a1008..52856d3 100644
--- a/src/jalv.c
+++ b/src/jalv.c
@@ -778,9 +778,9 @@ jalv_update(Jalv* jalv)
 static bool
 jalv_apply_control_arg(Jalv* jalv, const char* s)
 {
-  char  sym[256];
-  float val = 0.0f;
-  if (sscanf(s, "%[^=]=%f", sym, &val) != 2) {
+  char  sym[256] = {'\0'};
+  float val      = 0.0f;
+  if (sscanf(s, "%240[^=]=%f", sym, &val) != 2) {
     jalv_log(JALV_LOG_WARNING, "Ignoring invalid value `%s'\n", s);
     return false;
   }
-- 
cgit v1.2.1