Length calculation wrong; buffer overrun ?

[dirkx]

After fighting with some odd topic-corruption (in a const char* no less) -- I think that the calculation in this line:

pubsubclient/src/PubSubClient.cpp

Line 460 in 2d228f2

for (i=0;i<plength;i++) {

the length is a bit overoptimistic; as at that point up to length has already been used by the topic; while plength is either capped by buffSize; e.g. here:

pubsubclient/src/PubSubClient.cpp

Line 437 in 2d228f2

return publish(topic,(const uint8_t*)payload, payload ? strnlen(payload, this->bufferSize) : 0,false);

or when called in full not at all: e.g. here:

pubsubclient/src/PubSubClient.cpp

Line 448 in 2d228f2

boolean PubSubClient::publish(const char* topic, const uint8_t* payload, unsigned int plength, boolean retained) {

So it should perhaps read i < plength && length < buffSize