From faf616cbea4bbe6b72bed64e129c07450634b728 Mon Sep 17 00:00:00 2001 From: Frank Date: Tue, 3 Jan 2023 14:17:42 +0100 Subject: [PATCH] fixing a potential stack corruption .. overlooked this one when reviewing the PR. @blazoncek, @ctjet : three questions on the new code remain, because its not clear to me if its correct. Please check. --- wled00/set.cpp | 9 ++++++--- wled00/xml.cpp | 7 +++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/wled00/set.cpp b/wled00/set.cpp index 6314d7c8..664d008b 100644 --- a/wled00/set.cpp +++ b/wled00/set.cpp @@ -655,9 +655,12 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage) strip.panel.reserve(strip.panels); // pre-allocate memory for (uint8_t i=0; ihasArg(pO)) break; + char pO[8] = { '\0' }; + snprintf_P(pO, 7, PSTR("P%d"), i); + pO[7] = '\0'; + uint8_t l = strlen(pO); + // softhack007: please check if the code below is correct. The first element is pO[0], so maybe you want to modify pO[l-1]? + pO[l] = 'B'; if (!request->hasArg(pO)) break; // softhack007: this line looks suspicious to me .. break() aborts the loop .. maybe you need continue()? pO[l] = 'B'; p.bottomStart = request->arg(pO).toInt(); pO[l] = 'R'; p.rightStart = request->arg(pO).toInt(); pO[l] = 'V'; p.vertical = request->arg(pO).toInt(); diff --git a/wled00/xml.cpp b/wled00/xml.cpp index 21b73ae2..60473658 100644 --- a/wled00/xml.cpp +++ b/wled00/xml.cpp @@ -744,8 +744,11 @@ void getSettingsJS(byte subPage, char* dest) oappend(SET_F("addPanel(")); oappend(itoa(i,n,10)); oappend(SET_F(");")); - char pO[8]; sprintf_P(pO, PSTR("P%d"), i); - uint8_t l = strlen(pO); pO[l+1] = 0; + char pO[8] = { '\0' }; + snprintf_P(pO, 7, PSTR("P%d"), i); + pO[7] = '\0'; + uint8_t l = strlen(pO); + // softhack007: please check if the code below is correct. The first element is pO[0], so maybe you want to modify pO[l-1]? pO[l] = 'B'; sappend('v',pO,strip.panel[i].bottomStart); pO[l] = 'R'; sappend('v',pO,strip.panel[i].rightStart); pO[l] = 'V'; sappend('v',pO,strip.panel[i].vertical);