From 9acf555de5238396079d99b166abb028864d2204 Mon Sep 17 00:00:00 2001
From: forntoh <thomasforntoh@gmail.com>
Date: Mon, 21 Oct 2024 22:17:13 +0200
Subject: [PATCH] Update draw method to prevent buffer overflow.

- Adjusted buffer size calculation in the draw method of BaseWidgetValue and WidgetBool classes to avoid potential buffer overflow issues.
---
 src/widget/BaseWidgetValue.h | 2 +-
 src/widget/WidgetBool.h      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/widget/BaseWidgetValue.h b/src/widget/BaseWidgetValue.h
index 9d4b2019..e2e07e1c 100644
--- a/src/widget/BaseWidgetValue.h
+++ b/src/widget/BaseWidgetValue.h
@@ -47,7 +47,7 @@ class BaseWidgetValue : public BaseWidget {
      */
     uint8_t draw(char* buffer, const uint8_t start) override {
         if (start >= ITEM_DRAW_BUFFER_SIZE) return 0;
-        return snprintf(buffer + start, ITEM_DRAW_BUFFER_SIZE, format, value);
+        return snprintf(buffer + start, ITEM_DRAW_BUFFER_SIZE - start, format, value);
     }
 
     bool process(LcdMenu* menu, unsigned char command) override = 0;
diff --git a/src/widget/WidgetBool.h b/src/widget/WidgetBool.h
index 52e74384..95e773ee 100644
--- a/src/widget/WidgetBool.h
+++ b/src/widget/WidgetBool.h
@@ -31,7 +31,7 @@ class WidgetBool : public BaseWidgetValue<bool> {
   protected:
     uint8_t draw(char* buffer, const uint8_t start) override {
         if (start >= ITEM_DRAW_BUFFER_SIZE) return 0;
-        return snprintf(buffer + start, ITEM_DRAW_BUFFER_SIZE, format, value ? textOn : textOff);
+        return snprintf(buffer + start, ITEM_DRAW_BUFFER_SIZE - start, format, value ? textOn : textOff);
     }
     /**
      * @brief Process command.