Merge pull request #13308 from esphome/bump-2025.12.7

2025.12.7
Bump version to 2025.12.7
2026-01-16 23:14:52 -07:00 · 2026-01-16 22:49:26 -05:00 · 2026-01-16 22:24:05 -05:00 · 2026-01-16 22:24:05 -05:00 · 2026-01-16 22:24:05 -05:00
4 changed files with 7 additions and 7 deletions
--- a/2
+++ b/2
@@ -48,7 +48,7 @@ PROJECT_NAME           = ESPHome
 # could be handy for archiving the generated documentation or if some version
 # control system is used.

-PROJECT_NUMBER         = 2025.12.6
+PROJECT_NUMBER         = 2025.12.7

 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
--- a/esphome/components/api/proto.cpp
+++ b/esphome/components/api/proto.cpp
@@ -48,14 +48,14 @@ uint32_t ProtoDecodableMessage::count_repeated_field(const uint8_t *buffer, size
        }
        uint32_t field_length = res->as_uint32();
        ptr += consumed;
-        if (ptr + field_length > end) {
+        if (field_length > static_cast<size_t>(end - ptr)) {
          return count;  // Out of bounds
        }
        ptr += field_length;
        break;
      }
      case WIRE_TYPE_FIXED32: {  // 32-bit - skip 4 bytes
-        if (ptr + 4 > end) {
+        if (end - ptr < 4) {
          return count;
        }
        ptr += 4;
@@ -110,7 +110,7 @@ void ProtoDecodableMessage::decode(const uint8_t *buffer, size_t length) {
        }
        uint32_t field_length = res->as_uint32();
        ptr += consumed;
-        if (ptr + field_length > end) {
+        if (field_length > static_cast<size_t>(end - ptr)) {
          ESP_LOGV(TAG, "Out-of-bounds Length Delimited at offset %ld", (long) (ptr - buffer));
          return;
        }
@@ -121,7 +121,7 @@ void ProtoDecodableMessage::decode(const uint8_t *buffer, size_t length) {
        break;
      }
      case WIRE_TYPE_FIXED32: {  // 32-bit
-        if (ptr + 4 > end) {
+        if (end - ptr < 4) {
          ESP_LOGV(TAG, "Out-of-bounds Fixed32-bit at offset %ld", (long) (ptr - buffer));
          return;
        }
--- a/esphome/components/i2s_audio/speaker/i2s_audio_speaker.cpp
+++ b/esphome/components/i2s_audio/speaker/i2s_audio_speaker.cpp
@@ -340,8 +340,8 @@ void I2SAudioSpeaker::speaker_task(void *params) {
      const uint32_t read_delay =
          (this_speaker->current_stream_info_.frames_to_microseconds(frames_written) / 1000) / 2;

-      uint8_t *new_data = transfer_buffer->get_buffer_end();  // track start of any newly copied bytes
      size_t bytes_read = transfer_buffer->transfer_data_from_source(pdMS_TO_TICKS(read_delay));
+      uint8_t *new_data = transfer_buffer->get_buffer_end() - bytes_read;

      if (bytes_read > 0) {
        if (this_speaker->q15_volume_factor_ < INT16_MAX) {
--- a/esphome/const.py
+++ b/esphome/const.py
@@ -4,7 +4,7 @@ from enum import Enum

 from esphome.enum import StrEnum

-__version__ = "2025.12.6"
+__version__ = "2025.12.7"

 ALLOWED_NAME_CHARS = "abcdefghijklmnopqrstuvwxyz0123456789-_"
 VALID_SUBSTITUTIONS_CHARACTERS = (
Author	SHA1	Message	Date
Jonathan Swoboda	e6790f0042	Merge pull request #13308 from esphome/bump-2025.12.7 2025.12.7	2026-01-16 22:49:26 -05:00
Jonathan Swoboda	ec7f72e280	Bump version to 2025.12.7	2026-01-16 22:24:05 -05:00
J. Nick Koston	6f29dbd6f1	[api] Use subtraction for protobuf bounds checking (#13306 )	2026-01-16 22:24:05 -05:00
Kevin Ahrendt	9caf78aa7e	[i2s_audio] Bugfix: Buffer overflow in software volume control (#13190 )	2026-01-16 22:24:05 -05:00