Jan/WLED_MM_Infinity
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

prevent string underflow

Browse Source 
if seg.name is empty or shorter than four characters, ``strlen(lastFilename) - 4``  underflows (size_t), so the pointer passed to strcmp lands far before the buffer and triggers undefined behavior.
This patch catches too-short segment names and aborts decoding.
This commit is contained in:
Frank
2025-11-07 00:28:40 +01:00
parent 25391fe765
commit 9564791640
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wled00/image_loader.cpp
View File

@@ -111,9 +111,10 @@ byte renderImageToSegment(Segment &seg) {
if (strncmp(lastFilename +1, seg.name, 32) != 0) { // segment name changed, load new image
strncpy(lastFilename +1, seg.name, 32);
gifDecodeFailed = false;
if (strcmp(lastFilename + strlen(lastFilename) - 4, ".gif") != 0) {
size_t fnameLen = strlen(lastFilename);
if ((fnameLen < 4) || strcmp(lastFilename + strlen(lastFilename) - 4, ".gif") != 0) { // empty segment name, name too short, or name not ending in .gif
gifDecodeFailed = true;
USER_PRINTF("Unsupported format: %s\n", lastFilename);
USER_PRINTF("GIF decoder unsupported file: %s\n", lastFilename);
return IMAGE_ERROR_UNSUPPORTED_FORMAT;
}
if (file) file.close();