From fd9f94d48aa0fe9bd03280cd4048a90733a3ef5a Mon Sep 17 00:00:00 2001
From: klemek <klemek.dev@proton.me>
Date: Sat, 16 May 2026 17:39:22 +0200
Subject: [PATCH] fix: save_to_file array size bound check

---
 src/state.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/state.c b/src/state.c
index 2f568ba..55a7a68 100644
--- a/src/state.c
+++ b/src/state.c
@@ -184,29 +184,65 @@ static void save_to_file(const Context *context, StateConfig state_config,
 
   snprintf(lines.values[lines.length++], STR_LEN, "tempo=%d",
            (unsigned int)context->tempo.tempo);
+  if (lines.length > ARRAY_SIZE) {
+    log_error("Too many values to save");
+    return;
+  }
   snprintf(lines.values[lines.length++], STR_LEN, "page=%d", context->page);
+  if (lines.length > ARRAY_SIZE) {
+    log_error("Too many values to save");
+    return;
+  }
   snprintf(lines.values[lines.length++], STR_LEN, "selected=%d",
            context->selected);
+  if (lines.length > ARRAY_SIZE) {
+    log_error("Too many values to save");
+    return;
+  }
 
   for (unsigned int i = 0; i < context->state.length; i++) {
     snprintf(lines.values[lines.length++], STR_LEN, "seed_%d=%d", i,
              context->seeds[i]);
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
     snprintf(lines.values[lines.length++], STR_LEN, "state_%d=%d", i,
              context->state.values[i]);
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
   }
 
   for (unsigned int i = 0; i < state_config.group_active_counts.length; i++) {
     snprintf(lines.values[lines.length++], STR_LEN, "active_%d=%d", i,
              context->active[i]);
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
   }
 
   for (unsigned int i = 0; i < state_config.value_count; i++) {
     snprintf(lines.values[lines.length++], STR_LEN, "value_%d_x=%d", i,
              (unsigned int)(context->values[i][0] * MIDI_MAX));
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
     snprintf(lines.values[lines.length++], STR_LEN, "value_%d_y=%d", i,
              (unsigned int)(context->values[i][1] * MIDI_MAX));
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
     snprintf(lines.values[lines.length++], STR_LEN, "value_%d_z=%d", i,
              (unsigned int)(context->values[i][2] * MIDI_MAX));
+    if (lines.length > ARRAY_SIZE) {
+      log_error("Too many values to save");
+      return;
+    }
   }
 
   file_write(state_file, &lines);