From 0b00589a16b15c4ac4e95acdcc123183bccde246 Mon Sep 17 00:00:00 2001 From: Tristan Matthews <tristan.matthews@savoirfairelinux.com> Date: Fri, 12 Jul 2013 10:17:14 -0400 Subject: [PATCH] * #27201: libiax: don't pass out of bounds pointer to memmove (minbuf) --- daemon/libs/iax2/jitterbuf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/daemon/libs/iax2/jitterbuf.c b/daemon/libs/iax2/jitterbuf.c index 0c78e9a26e..4465740e5b 100644 --- a/daemon/libs/iax2/jitterbuf.c +++ b/daemon/libs/iax2/jitterbuf.c @@ -256,8 +256,10 @@ static void history_calc_maxbuf(jitterbuf *jb) for (j=0;j<JB_HISTORY_MAXBUF_SZ;j++) { /* found where it fits */ if (toins < jb->hist_minbuf[j]) { - /* move over */ - memmove(jb->hist_minbuf + j + 1, jb->hist_minbuf + j, (JB_HISTORY_MAXBUF_SZ - (j + 1)) * sizeof(jb->hist_minbuf[0])); + /* move over if there's space */ + const size_t slide = (JB_HISTORY_MAXBUF_SZ - (j + 1)) * sizeof(jb->hist_minbuf[0]); + if (slide > 0) + memmove(jb->hist_minbuf + j + 1, jb->hist_minbuf + j, slide); /* insert */ jb->hist_minbuf[j] = toins; -- GitLab