From 956479164098c78df0a012d78a674b6fe9b86727 Mon Sep 17 00:00:00 2001
From: Frank <91616163+softhack007@users.noreply.github.com>
Date: Fri, 7 Nov 2025 00:28:40 +0100
Subject: [PATCH] prevent string underflow

if seg.name is empty or shorter than four characters, ``strlen(lastFilename) - 4``  underflows (size_t), so the pointer passed to strcmp lands far before the buffer and triggers undefined behavior.
This patch catches too-short segment names and aborts decoding.
---
 wled00/image_loader.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wled00/image_loader.cpp b/wled00/image_loader.cpp
index 6ad0dc2d..a7bd816e 100644
--- a/wled00/image_loader.cpp
+++ b/wled00/image_loader.cpp
@@ -111,9 +111,10 @@ byte renderImageToSegment(Segment &seg) {
   if (strncmp(lastFilename +1, seg.name, 32) != 0) { // segment name changed, load new image
     strncpy(lastFilename +1, seg.name, 32);
     gifDecodeFailed = false;
-    if (strcmp(lastFilename + strlen(lastFilename) - 4, ".gif") != 0) {
+    size_t fnameLen = strlen(lastFilename);
+    if ((fnameLen < 4) || strcmp(lastFilename + strlen(lastFilename) - 4, ".gif") != 0) { // empty segment name, name too short, or name not ending in .gif
       gifDecodeFailed = true;
-      USER_PRINTF("Unsupported format: %s\n", lastFilename);
+      USER_PRINTF("GIF decoder unsupported file: %s\n", lastFilename);
       return IMAGE_ERROR_UNSUPPORTED_FORMAT;
     }
     if (file) file.close();