Fix string overflow

wled00/FX_fcn.cpp

@@ -448,6 +448,7 @@ void WS2812FX::setSegment(uint8_t n, uint16_t i1, uint16_t i2) {
     unlockRange(seg.start, seg.stop);
     _modeUsesLock = true;
   }
+  _segment_index = n; fill(0); //turn old segment range off
   if (i2 <= i1) //disable segment
   {
     seg.stop = 0; return;

wled00/html_mobile.h

@@ -5,7 +5,7 @@
  * Workflow for creating them from HTML source:
  * 1. Minify HTML (https://htmlcompressor.com/compressor/) (optional)
  * 2. Compress with gzip (https://online-converting.com/archives/convert-to-gzip/)
- * 3. Convert gzip binary to c array (https://littlevgl.com/image-to-c-array) (select RAW as color format)
+ * 3. Convert gzip binary to c array (https://littlevgl.com/image-to-c-array) (select RAW as color format, add .bmp file extension to gzip)
  *    alternative: https://sourceforge.net/projects/bin2header/
  * 4. update length value
 */

wled00/html_settings.h

@@ -23,7 +23,7 @@ const char PAGE_settings[] PROGMEM = R"=====(<!DOCTYPE html>
 
 //wifi settings
 const char PAGE_settings_wifi[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name="viewport" content="width=500">
+<html><head><meta name="viewport" content="width=500"><meta charset="utf-8">
 <title>WiFi Settings</title><script>function H(){window.open("https://github.com/Aircoookie/WLED/wiki/Settings#wifi-settings");}function B(){window.history.back();}function GetV(){var d=document;
 %CSS%%SCSS%</head><body onload="GetV()">
 <form id="form_s" name="Sf" method="post">
@@ -71,8 +71,7 @@ AP IP: <span class="sip"> Not active </span><hr>
 
 //LED settings
 const char PAGE_settings_leds[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name=viewport content="width=500">
-<title>LED Settings</title>
+<html><head><meta name=viewport content="width=500"><meta charset="utf-8"><title>LED Settings</title>
 <script>var f=0,p=0,d=document,laprev=55;function H()
 {window.open("https://github.com/Aircoookie/WLED/wiki/Settings#led-settings");}
 function B()
@@ -196,8 +195,7 @@ Skip first LED: <input type=checkbox name=SL><hr>
 
 //User Interface settings
 const char PAGE_settings_ui[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name="viewport" content="width=500">
-<title>UI Settings</title><script>
+<html><head><meta name="viewport" content="width=500"><meta charset="utf-8"><title>UI Settings</title><script>
 function gId(s){return document.getElementById(s);}function S(){GetV();Ct();}function H(){window.open("https://github.com/Aircoookie/WLED/wiki/Settings#user-interface-settings");}function B(){window.history.back();}function Ct(){if (gId("co").selected){gId("cth").style.display="block";}else{gId("cth").style.display="none";}}function GetV(){var d=document;
 %CSS%%SCSS%</head>
 <body onload="S()">
@@ -251,7 +249,7 @@ Make sure the font you use is installed on your system!<br>
 
 //sync settings
 const char PAGE_settings_sync[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name="viewport" content="width=500"><title>Sync Settings</title>
+<html><head><meta name="viewport" content="width=500"><meta charset="utf-8"><title>Sync Settings</title>
 <script>function H(){window.open("https://github.com/Aircoookie/WLED/wiki/Settings#sync-settings");}function B(){window.open("/settings","_self");}function GetV(){var d=document;
 %CSS%%SCSS%</head>
 <body onload="GetV()">
@@ -323,7 +321,7 @@ Hue status: <span class="hms"> Internal ESP Error! </span><hr>
 
 //time and macro settings
 const char PAGE_settings_time[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name="viewport" content="width=500"><title>Time Settings</title>
+<html><head><meta name="viewport" content="width=500"><meta charset="utf-8"><title>Time Settings</title>
 <script>var d=document;function H(){window.open("https://github.com/Aircoookie/WLED/wiki/Settings#time-settings");}function B(){window.open("/settings","_self");}function S(){BTa();GetV();Cs();FC();}function gId(s){return d.getElementById(s);}function Cs(){gId("cac").style.display="none";gId("coc").style.display="block";gId("ccc").style.display="none";if (gId("ca").selected){gId("cac").style.display="block";}if (gId("cc").selected){gId("coc").style.display="none";gId("ccc").style.display="block";}if (gId("cn").selected){gId("coc").style.display="none";}}
 function BTa(){var ih="<tr><th>Active</th><th>Hour</th><th>Minute</th><th>Macro</th><th>M</th><th>T</th><th>W</th><th>T</th><th>F</th><th>S</th><th>S</th></tr>";for (i=0;i<8;i++){ih+="<tr><td><input name=\"W"+i+"\" id=\"W"+i+"\" type=\"number\" style=\"display:none\"><input id=\"W"+i+"0\" type=\"checkbox\"></td><td><input name=\"H"+i+"\" type=\"number\" min=\"0\" max=\"24\"></td><td><input name=\"N"+i+"\" type=\"number\" min=\"0\" max=\"59\"></td><td><input name=\"T"+i+"\" type=\"number\" min=\"0\" max=\"16\"></td>";for (j=1;j<8;j++) ih+="<td><input id=\"W"+i+j+"\" type=\"checkbox\"></td>";}gId("TMT").innerHTML=ih;}
 function FC(){for(j=0;j<8;j++){for(i=0;i<8;i++)gId("W"+i+j).checked=gId("W"+i).value>>j&1;}}
@@ -416,7 +414,7 @@ Time-Controlled macros:<br>
 
 //security settings and about
 const char PAGE_settings_sec[] PROGMEM = R"=====(<!DOCTYPE html>
-<html><head><meta name="viewport" content="width=500">
+<html><head><meta name="viewport" content="width=500"><meta charset="utf-8">
 <title>Misc Settings</title>
 <script>function H(){window.open("https://github.com/Aircoookie/WLED/wiki/Settings#security-settings");}function B(){window.open("/settings","_self");}function U(){window.open("/update","_self");}function GetV(){var d=document;
 %CSS%%SCSS%</head>

wled00/wled00.ino

@@ -100,7 +100,7 @@
 
 
 //version code in format yymmddb (b = daily build)
-#define VERSION 1911121
+#define VERSION 1911122
 char versionString[] = "0.8.7-dev";
 
 

wled00/wled03_set.ino

@@ -23,16 +23,16 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
   //WIFI SETTINGS
   if (subPage == 1)
   {
-    strcpy(clientSSID,request->arg("CS").c_str());
-    if (request->arg("CP").charAt(0) != '*') strcpy(clientPass, request->arg("CP").c_str());
+    strlcpy(clientSSID,request->arg("CS").c_str(), 33);
+    if (request->arg("CP").charAt(0) != '*') strlcpy(clientPass, request->arg("CP").c_str(), 65);
 
-    strcpy(cmDNS, request->arg("CM").c_str());
+    strlcpy(cmDNS, request->arg("CM").c_str(), 33);
 
     apBehavior = request->arg("AB").toInt();
-    strcpy(apSSID, request->arg("AS").c_str());
+    strlcpy(apSSID, request->arg("AS").c_str(), 33);
     apHide = request->hasArg("AH");
     int passlen = request->arg("AP").length();
-    if (passlen == 0 || (passlen > 7 && request->arg("AP").charAt(0) != '*')) strcpy(apPass, request->arg("AP").c_str());
+    if (passlen == 0 || (passlen > 7 && request->arg("AP").charAt(0) != '*')) strlcpy(apPass, request->arg("AP").c_str(), 65);
     int t = request->arg("AC").toInt(); if (t > 0 && t < 14) apChannel = t;
 
     char k[3]; k[2] = 0;
@@ -129,7 +129,7 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
   {
     int t = request->arg("UI").toInt();
     if (t >= 0 && t < 3) uiConfiguration = t;
-    strcpy(serverDescription, request->arg("DS").c_str());
+    strlcpy(serverDescription, request->arg("DS").c_str(), 33);
     useHSBDefault = request->hasArg("MD");
     useHSB = useHSBDefault;
     currentTheme = request->arg("TH").toInt();
@@ -137,9 +137,9 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
     for(int i=0;i<6;i++)
     {
       k[1] = i+48;
-      strcpy(cssCol[i],request->arg(k).c_str());
+      strlcpy(cssCol[i],request->arg(k).c_str(), 9);
     }
-    strcpy(cssFont,request->arg("CF").c_str());
+    strlcpy(cssFont,request->arg("CF").c_str(), 33);
   }
 
   //SYNC
@@ -173,20 +173,20 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
     if (t >= -255  && t <= 255) arlsOffset = t;
 
     alexaEnabled = request->hasArg("AL");
-    strcpy(alexaInvocationName, request->arg("AI").c_str());
+    strlcpy(alexaInvocationName, request->arg("AI").c_str(), 33);
 
     if (request->hasArg("BK") && !request->arg("BK").equals("Hidden")) {
-      strcpy(blynkApiKey,request->arg("BK").c_str()); initBlynk(blynkApiKey);
+      strlcpy(blynkApiKey, request->arg("BK").c_str(), 36); initBlynk(blynkApiKey);
     }
 
-    strcpy(mqttServer, request->arg("MS").c_str());
+    strlcpy(mqttServer, request->arg("MS").c_str(), 33);
     t = request->arg("MQPORT").toInt();
     if (t > 0) mqttPort = t;
-    strcpy(mqttUser, request->arg("MQUSER").c_str());
-    if (request->arg("MQPASS").charAt(0) != '*') strcpy(mqttPass, request->arg("MQPASS").c_str());
-    strcpy(mqttClientID, request->arg("MQCID").c_str());
-    strcpy(mqttDeviceTopic, request->arg("MD").c_str());
-    strcpy(mqttGroupTopic, request->arg("MG").c_str());
+    strlcpy(mqttUser, request->arg("MQUSER").c_str(), 41);
+    if (request->arg("MQPASS").charAt(0) != '*') strlcpy(mqttPass, request->arg("MQPASS").c_str(), 41);
+    strlcpy(mqttClientID, request->arg("MQCID").c_str(), 41);
+    strlcpy(mqttDeviceTopic, request->arg("MD").c_str(), 33);
+    strlcpy(mqttGroupTopic, request->arg("MG").c_str(), 33);
 
     for (int i=0;i<4;i++){
       String a = "H"+String(i);
@@ -298,7 +298,7 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
       }
       if (!otaLock && request->arg("OP").length() > 0)
       {
-        strcpy(otaPass,request->arg("OP").c_str());
+        strlcpy(otaPass,request->arg("OP").c_str(), 33);
       }
     }
 
@@ -662,7 +662,7 @@ bool handleSet(AsyncWebServerRequest *request, const String& req)
   #ifndef WLED_DISABLE_CRONIXIE
   pos = req.indexOf("NX="); //sets digits to code
   if (pos > 0) {
-    strcpy(cronixieDisplay,req.substring(pos + 3, pos + 9).c_str());
+    strlcpy(cronixieDisplay, req.substring(pos + 3, pos + 9).c_str(), 6);
     setCronixie();
   }