From fa30c39a3804eddbf85759a94bb6157753a14c40 Mon Sep 17 00:00:00 2001
From: Frank <91616163+softhack007@users.noreply.github.com>
Date: Sun, 1 Mar 2026 22:30:04 +0100
Subject: [PATCH] bugfix: prevent array bounds violations due to short WS
 payload data

Guard against zero-length binary payloads before dereferencing data[0] or data[1]
---
 wled00/ws.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wled00/ws.cpp b/wled00/ws.cpp
index e92ffa69..8bdd7faa 100644
--- a/wled00/ws.cpp
+++ b/wled00/ws.cpp
@@ -87,7 +87,8 @@ void wsEvent(AsyncWebSocket * server, AsyncWebSocketClient * client, AwsEventTyp
       } else if (info->opcode == WS_BINARY) {
         // first byte determines protocol. Note: since e131_packet_t is "packed", the compiler handles alignment issues
         //DEBUG_PRINTF_P(PSTR("WS binary message: len %u, byte0: %u\n"), len, data[0]);
-        int offset = 1; // offset to skip protocol byte
+        constexpr int offset = 1; // offset to skip protocol byte
+        if (!data || len < offset+1) return; // catch invalid / single-byte payload
         switch (data[0]) {
           case BINARY_PROTOCOL_E131:
             handleE131Packet((e131_packet_t*)&data[offset], client->remoteIP(), P_E131);