From 0b00589a16b15c4ac4e95acdcc123183bccde246 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tristan.matthews@savoirfairelinux.com>
Date: Fri, 12 Jul 2013 10:17:14 -0400
Subject: [PATCH] * #27201: libiax: don't pass out of bounds pointer to memmove
 (minbuf)

---
 daemon/libs/iax2/jitterbuf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/daemon/libs/iax2/jitterbuf.c b/daemon/libs/iax2/jitterbuf.c
index 0c78e9a26e..4465740e5b 100644
--- a/daemon/libs/iax2/jitterbuf.c
+++ b/daemon/libs/iax2/jitterbuf.c
@@ -256,8 +256,10 @@ static void history_calc_maxbuf(jitterbuf *jb)
 			for (j=0;j<JB_HISTORY_MAXBUF_SZ;j++) {
 				/* found where it fits */
 				if (toins < jb->hist_minbuf[j]) {
-					/* move over */
-					memmove(jb->hist_minbuf + j + 1, jb->hist_minbuf + j, (JB_HISTORY_MAXBUF_SZ - (j + 1)) * sizeof(jb->hist_minbuf[0]));
+					/* move over if there's space */
+					const size_t slide = (JB_HISTORY_MAXBUF_SZ - (j + 1)) * sizeof(jb->hist_minbuf[0]);
+					if (slide > 0)
+						memmove(jb->hist_minbuf + j + 1, jb->hist_minbuf + j, slide);
 					/* insert */
 					jb->hist_minbuf[j] = toins;
 
-- 
GitLab