From db62153e345c839648de0dcf36e5aef945698886 Mon Sep 17 00:00:00 2001
From: Frank <frank.moehle@outlook.de>
Date: Thu, 13 Apr 2023 23:20:57 +0200
Subject: [PATCH] fix for a potential array overrun

unguarded sprintf / strcpy are always a risk.
---
 wled00/xml.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wled00/xml.cpp b/wled00/xml.cpp
index 35802fe5..3f352324 100644
--- a/wled00/xml.cpp
+++ b/wled00/xml.cpp
@@ -630,7 +630,7 @@ void getSettingsJS(AsyncWebServerRequest* request, byte subPage, char* dest) //W
     sappend('c',SET_F("CF"),!useAMPM);
     sappend('i',SET_F("TZ"),currentTimezone);
     sappend('v',SET_F("UO"),utcOffsetSecs);
-    char tm[32];
+    char tm[48];
     dtostrf(longitude,4,2,tm);
     sappends('s',SET_F("LN"),tm);
     dtostrf(latitude,4,2,tm);
@@ -638,7 +638,7 @@ void getSettingsJS(AsyncWebServerRequest* request, byte subPage, char* dest) //W
     getTimeString(tm);
     sappends('m',SET_F("(\"times\")[0]"),tm);
     if ((int)(longitude*10.) || (int)(latitude*10.)) {
-      sprintf_P(tm, PSTR("Sunrise: %02d:%02d Sunset: %02d:%02d"), hour(sunrise), minute(sunrise), hour(sunset), minute(sunset));
+      snprintf_P(tm, sizeof(tm), PSTR("Sunrise: %02d:%02d Sunset: %02d:%02d"), hour(sunrise), minute(sunrise), hour(sunset), minute(sunset));
       sappends('m',SET_F("(\"times\")[1]"),tm);
     }
     sappend('c',SET_F("OL"),overlayCurrent);