Fix uint8_t underflow in FragmentedXmlPullParser lookahead loop

[Copilot]

In next(), laIndex is uint8_t (unsigned). The original do-while (laIndex-- != 0) post-decrements as part of condition evaluation — when laIndex is 0, the loop exits correctly but laIndex wraps to 255.

Changes

• esp/bindings/SOAP/xpp/fxpp/FragmentedXmlPullParser.cpp — Replace post-decrement loop condition with an explicit zero-guard and manual decrement:

// Before
do {
    la = peekDataFrame(laIndex);
    if (la)
        la->state = DataFrame::FrameIgnored;
} while (laIndex-- != 0);  // underflow: laIndex wraps 0 → 255

// After — laIndex is uint8_t (unsigned); post-decrementing past 0 would wrap
// to 255. Use an explicit break at 0 to safely iterate down to index 0.
do {
    la = peekDataFrame(laIndex);
    if (la)
        la->state = DataFrame::FrameIgnored;
    if (laIndex == 0) break;
    laIndex--;
} while (true);

• testzone/brain/h00001_lookahead_loop_overflow.md — KB entry documenting the underflow, the fix, and the safe countdown idiom for unsigned integer loop indices.

Original prompt

Update the next() function in FragmentedXmlPullParser.cpp (around line 225) to ensure laIndex, which is uint8_t initialized to zero, is decremented safely without risk of underflow/overflow. The loop should not decrement laIndex below zero. Use the safest and clearest C++ idiom for this situation. Preserve all intended loop logic. Add a comment to clarify why this change is necessary due to uint8_t being unsigned. Add a concise summary in the KB (testzone/brain/hXXXXX_lookahead_loop_overflow.md) describing the fix, the reason for it, and the new safe code idiom used.

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.