Fix array overflow in exploding_fireworks

Attempt to allocate enough room for the "minimum" sparks; and ensure that we never overrun the allocated array size. Fixes Aircoookie#4120
MoonModules · Nov 17, 2024 · 3e44b78 · 3e44b78
1 parent e4902b8
commit 3e44b78
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/wled00/FX.cpp b/wled00/FX.cpp
@@ -3600,8 +3600,8 @@ uint16_t mode_exploding_fireworks(void)
   if (segs <= (strip.getMaxSegments() /4)) maxData *= 2; //ESP8266: 1024 if <= 4 segs ESP32: 2560 if <= 8 segs
   int maxSparks = maxData / sizeof(spark); //ESP8266: max. 21/42/85 sparks/seg, ESP32: max. 53/106/213 sparks/seg
 
-  uint16_t numSparks = min(2 + ((rows*cols) >> 1), maxSparks);
-  uint16_t dataSize = sizeof(spark) * numSparks;
+  unsigned numSparks = min(5 + ((rows*cols) >> 1), maxSparks);
+  unsigned dataSize = sizeof(spark) * numSparks;
   if (!SEGENV.allocateData(dataSize + sizeof(float))) return mode_static(); //allocation failed
   float *dying_gravity = reinterpret_cast<float*>(SEGENV.data + dataSize);
 
@@ -3652,8 +3652,9 @@ uint16_t mode_exploding_fireworks(void)
      * Explosion happens where the flare ended.
      * Size is proportional to the height.
      */
-    int nSparks = flare->pos + random8(4);
-    nSparks = constrain(nSparks, 4, numSparks);
+    unsigned nSparks = flare->pos + random8(4);
+    nSparks = std::max(nSparks, 4U);  // This is not a standard constrain; numSparks is not guaranteed to be at least 4
+    nSparks = std::min(nSparks, numSparks);
 
     // initialize sparks
     if (SEGENV.aux0 == 2) {