[Freeswitch-svn] [commit] r8486 - freeswitch/trunk/src/mod/codecs/mod_ilbc
Freeswitch SVN
mikej at freeswitch.org
Mon May 19 20:54:43 EDT 2008
Author: mikej
Date: Mon May 19 20:54:43 2008
New Revision: 8486
Modified:
freeswitch/trunk/src/mod/codecs/mod_ilbc/mod_ilbc.c
Log:
bounds checks to avoid buffer overflow. Found by Klockwork (www.klocwork.com)
Modified: freeswitch/trunk/src/mod/codecs/mod_ilbc/mod_ilbc.c
==============================================================================
--- freeswitch/trunk/src/mod/codecs/mod_ilbc/mod_ilbc.c (original)
+++ freeswitch/trunk/src/mod/codecs/mod_ilbc/mod_ilbc.c Mon May 19 20:54:43 2008
@@ -115,7 +115,7 @@
float buf[240];
for (x = 0; x < loops && new_len < *encoded_data_len; x++) {
- for (y = 0; y < context->dbytes / sizeof(short); y++) {
+ for (y = 0; y < context->dbytes / sizeof(short) && y < 240; y++) {
buf[y] = ddp[y];
}
iLBC_encode(edp, buf, &context->encoder);
@@ -157,7 +157,7 @@
for (x = 0; x < loops && new_len < *decoded_data_len; x++) {
iLBC_decode(buf, edp, &context->decoder, 1);
- for (y = 0; y < context->dbytes / sizeof(short); y++) {
+ for (y = 0; y < context->dbytes / sizeof(short) && y < 240; y++) {
ddp[y] = (short) buf[y];
}
ddp += context->dbytes / sizeof(short);
More information about the Freeswitch-svn
mailing list