fix(mcp): use strcpy variants in detect_changes to prevent use-after-free

Your Name · Your Name · commit 77f8a926ff99 · 2026-03-27T12:59:34.000-04:00
detect_changes was using yyjson_mut_arr_add_str / yyjson_mut_obj_add_str
which borrow pointers. The file name came from a stack buffer reused each
fgets() iteration, and node names were freed by cbm_store_free_nodes before
serialization. This caused corrupted output with null bytes embedded in
filenames (e.g. 'CLAUDE.md\0\0\0ings.json').

Switch to yyjson_mut_arr_add_strcpy / yyjson_mut_obj_add_strcpy which copy
the strings into yyjson's internal allocator, making them safe across the
buffer reuse and free boundaries.
diff --git a/src/mcp/mcp.c b/src/mcp/mcp.c
@@ -2602,7 +2602,10 @@ static char *handle_detect_changes(cbm_mcp_server_t *srv, const char *args) {
             continue;
         }
 
-        yyjson_mut_arr_add_str(doc, changed, line);
+        /* Use strcpy variants: line is a stack buffer reused each iteration,
+         * and node strings are freed by cbm_store_free_nodes below.
+         * yyjson_mut_*_add_str only borrows pointers — strcpy makes copies. */
+        yyjson_mut_arr_add_strcpy(doc, changed, line);
         file_count++;
 
         /* Find symbols defined in this file */
@@ -2614,9 +2617,9 @@ static char *handle_detect_changes(cbm_mcp_server_t *srv, const char *args) {
             if (nodes[i].label && strcmp(nodes[i].label, "File") != 0 &&
                 strcmp(nodes[i].label, "Folder") != 0 && strcmp(nodes[i].label, "Project") != 0) {
                 yyjson_mut_val *item = yyjson_mut_obj(doc);
-                yyjson_mut_obj_add_str(doc, item, "name", nodes[i].name ? nodes[i].name : "");
-                yyjson_mut_obj_add_str(doc, item, "label", nodes[i].label);
-                yyjson_mut_obj_add_str(doc, item, "file", line);
+                yyjson_mut_obj_add_strcpy(doc, item, "name", nodes[i].name ? nodes[i].name : "");
+                yyjson_mut_obj_add_strcpy(doc, item, "label", nodes[i].label);
+                yyjson_mut_obj_add_strcpy(doc, item, "file", line);
                 yyjson_mut_arr_add_val(impacted, item);
             }
         }
