From 81cd344beb27339ce21b4caafcad9c8cf65978c5 Mon Sep 17 00:00:00 2001
From: Theo Arends <11044339+arendst@users.noreply.github.com>
Date: Sat, 10 Oct 2020 15:42:27 +0200
Subject: [PATCH] Fix possible buffer overwrites

---
 tasmota/xdrv_07_domoticz.ino | 4 +++-
 tasmota/xdrv_13_display.ino  | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tasmota/xdrv_07_domoticz.ino b/tasmota/xdrv_07_domoticz.ino
index 0f4dafeb9..411d8894d 100644
--- a/tasmota/xdrv_07_domoticz.ino
+++ b/tasmota/xdrv_07_domoticz.ino
@@ -206,7 +206,9 @@ bool DomoticzMqttData(void) {
   if (XdrvMailbox.data_len < 20) {
     return true;  // No valid data
   }
-  JsonParser parser(XdrvMailbox.data);
+
+  String domoticz_data = XdrvMailbox.data;  // Copy the string into a new buffer that will be modified
+  JsonParser parser((char*)domoticz_data.c_str());
   JsonParserObject domoticz = parser.getRootObject();
   if (!domoticz) {
     return true;  // To much or invalid data
diff --git a/tasmota/xdrv_13_display.ino b/tasmota/xdrv_13_display.ino
index 1042cc463..68e190f1c 100644
--- a/tasmota/xdrv_13_display.ino
+++ b/tasmota/xdrv_13_display.ino
@@ -1166,7 +1166,6 @@ void DisplayAnalyzeJson(char *topic, char *json)
 // tele/th1/SENSOR    {"Time":"2017-09-20T11:54:48","DS18B20":{"Temperature":49.7},"TempUnit":"C"}
 
   String jsonStr = json;  // Move from stack to heap to fix watchdogs (20180626)
-
   JsonParser parser((char*)jsonStr.c_str());
   JsonParserObject root = parser.getRootObject();
   if (root) {   // did JSON parsing went ok?