esp32/WLED
1
0
Fork 0
mirror of https://github.com/wled/WLED.git synced 2026-03-13 08:29:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

bugfix: prevent array bounds violations due to short WS payload data

Browse Source 
Guard against zero-length binary payloads before dereferencing data[0] or data[1]
This commit is contained in:
Frank
2026-03-01 22:30:04 +01:00
parent 35d267109f
commit 7fa15761ae
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wled00/ws.cpp
View File

@@ -80,10 +80,11 @@ void wsEvent(AsyncWebSocket * server, AsyncWebSocketClient * client, AwsEventTyp
// force broadcast in 500ms after updating client
//lastInterfaceUpdate = millis() - (INTERFACE_UPDATE_COOLDOWN -500); // ESP8266 does not like this
}
}else if (info->opcode == WS_BINARY) {
} else if (info->opcode == WS_BINARY) {
// first byte determines protocol. Note: since e131_packet_t is "packed", the compiler handles alignment issues
//DEBUG_PRINTF_P(PSTR("WS binary message: len %u, byte0: %u\n"), len, data[0]);
int offset = 1; // offset to skip protocol byte
constexpr int offset = 1; // offset to skip protocol byte
if (!data || len < offset+1) return; // catch invalid / single-byte payload
switch (data[0]) {
case BINARY_PROTOCOL_E131:
handleE131Packet((e131_packet_t*)&data[offset], client->remoteIP(), P_E131);